The private keys from the Southbound interfaces SHOULD NOT be made available on the Northbound interfaces.
This new sentence reads slightly strangely, since private keys must never be available anywhere! Sow what exactly SHOULD NOT be available to the North? Regards Brian On 15-May-23 07:36, Michael Richardson wrote:
internet-dra...@ietf.org wrote: > Diff: > https://author-tools.ietf.org/iddiff?url2=draft-richardson-anima-registrar-considerations-07 The document was due for renewal, and I tried to add some text about how a composite architecture may make PoP on the U_w/W (BRSKI-MASA) side difficult if the private key is associated only with the U_v interface(s). This relates the design team discussion we had around draft-selander-lake-authz. I wonder if some more diagrams would help, as I sensed a lot of confusion during the call. _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima