From: TEEP <teep-bounces@xxxxxxxx> on behalf of Mingliang Pei <mingliang.pei=40broadcom.com@xxxxxxxxxxxxxx>
Date: Thursday, April 7, 2022 at 8:40 PM
To: Russ Housley <housley@xxxxxxxxxxxx>
Cc: Mingliang Pei <mingliang.pei=40broadcom.com@xxxxxxxxxxxxxx>, "art@xxxxxxxx" <art@xxxxxxxx>, "last-call@xxxxxxxx" <last-call@xxxxxxxx>, "teep@xxxxxxxx" <teep@xxxxxxxx>, "draft-ietf-teep-architecture.all@xxxxxxxx" <draft-ietf-teep-architecture.all@xxxxxxxx>, Hannes Tschofenig <Hannes.Tschofenig@xxxxxxx>
Subject: Re: [Teep] [Last-Call] Artart last call review of draft-ietf-teep-architecture-16
See PR: https://github.com/ietf-teep/architecture/pull/236, thanks, Ming
[CW] Is it a certainty that constraints will not be needed for trust anchors? The trust anchor definition references “associated data”, which would be used constrain use of the trust anchor. An option other than certificate or public key may would be needed if constraints may be defined (because constraints can’t be added to the certificate without breaking the signature and a raw public key has no means to express constraints). Perhaps, "The Trust Anchor may be a certificate, a raw public key or other structure, as appropriate." might be better to leave open the possibility of constraining a trust anchor. RFC5914 defines syntax that allows for associated data to be packaged alongside a public key or a certificate, as an example of an alternative.
<snip>
This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
<<attachment: smime.p7s>>
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call