On Sep 18, 2014, at 7:38 AM, STARK, BARBARA H <bs7...@att.com> wrote: > X.509 certificates can be self-signed. That is, the device acts as its own > CA. In fact, this is the recommended approach.
Of course. But if there is never going to be a CA-signed key, there is no reason to have a cert at all. Self-signed certs are essentially a way of carrying a bare key in a cert, unless you install your signer key as a CA key, in which case you have an administratively configured CA key that is signing the cert, and it's no longer really a self-signed cert. _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet