Hi, About certificates, keys, examples: the scripts and material used in cBRSKI may be useful as a reference - just in case of doubt. See: https://github.com/anima-wg/constrained-voucher/tree/master/examples/script-cose-examples https://github.com/anima-wg/constrained-voucher/tree/master/examples/cose-examples
> two possible formats for private keys, the PKCS8 one and the PKCS1 one. Are > there > preferences? Maybe the simplest format? (shortest) > Do people want them all expanded? We could start with not all expanded, and reviews would show if there's a need for it. Esko -----Original Message----- From: Michael Richardson <[email protected]> Sent: Tuesday, July 9, 2024 00:30 To: [email protected] Subject: [Anima] Re: I-D Action: draft-ietf-anima-rfc8366bis-12.txt I have finally returned to the ~23 issues that have been open for ~1 year. I only got three issues closed today, but I'll continue working up to the meeting. So please expect a more complete -13 on July 20th. [email protected] wrote: > Authors: Kent Watsen I'm considering resorting the author names to be alphabetical. > Abstract: > This document defines a strategy to securely assign a pledge to an > owner using an artifact signed, directly or indirectly, by the > pledge's manufacturer. This artifact is known as a "voucher". This probably deserves a rewrite, but it will get done last. > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-anima-rfc8366bis-12 I have added Appendix A with CMS examples. The JWS and COSE examples are in the [jBRSKI] and [cBRSKI] documents. https://www.ietf.org/archive/id/draft-ietf-anima-rfc8366bis-12.html#name-key-pairs-associated-with-e In the appendix, there is some space taken up with the private keys and certificates. I have to double check that I've got all the right files, as the IDevID private key says "RSA", but is an EC key. There are two possible formats for private keys, the PKCS8 one and the PKCS1 one. Are there preferences? Perhaps a picture of the relationship of all the files/keys is in order. I included one key, the CA self-signed certificate expanded. ("openssl x509 -in foo -text" vs "openssl x509 -in foo " ) Do people want them all expanded? I also notice that the certificates have expired, and I'll go back to my reference code and update things. I have asked Kent for a worked example of an SZTP key. I have a CMS signed key from Thomas Werner @ Siemens which I can include as well. -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide _______________________________________________ Anima mailing list -- [email protected] To unsubscribe send an email to [email protected]
