randy/draft-l3dl-signing
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

another ref to 5280 per russ

Browse source
This commit is contained in:
Randy Bush 2020-05-07 14:31:58 -07:00
parent f6b7f750dd
commit 9bf53fe2c8
1 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
draft-ymbk-lsvr-l3dl-signing.xml
View file

@ -281,12 +281,12 @@
<section anchor="pki" title="Public Key Infrastructure Method">
<t>
Using a PKI is almost the same as using TOFU, but with one
additional step: during verification of an OPEN PDU, after
extracting the Key field from the PDU but before attempting to
use it to verify the PDU's signature, the receiver MUST verify
the received key against the PKI to confirm that it's an
authorized key.
Using a PKI, <xref target="RFC5280"/>, is almost the same as using
TOFU, but with one additional step: during verification of an OPEN
PDU, after extracting the Key field from the PDU but before
attempting to use it to verify the PDU's signature, the receiver
MUST verify the received key against the PKI to confirm that it's
an authorized key.
</t>
<t>