Esko Dijk <[email protected]> wrote: > We have some discussion (to be continued) whether the Registrar can be > expected to be preloaded with all CAs in the chains, or a subset of > only the highest sub-CAs, or only the root CA ? The more the Registrar > already knows, the less the Pledge has to send in its PVR, given that > the MASA would know all its own CAs for sure.
I wonder if we should mandate that the MASA be willing to answer a /crts request (on the BRSKI-MASA protocol) which the complete list of all CAs and subordinate CAs. That would keep the size of the subordinate certificates out of the BRSKI-EST. That's important today for cBRSKI, but later on, in a quantum-safe world, it might also matter to (fat)BRSKI. You convinced me on Tuesday that I should ask for adoption of the operational considerations documents already. But the above proposal goes beyond operation *considerations*, right? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list -- [email protected] To unsubscribe send an email to [email protected]
