randy/draft-l3dl-signing
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

another ref to 5280 per russ

Browse source
This commit is contained in:
Randy Bush 2020-05-07 14:32:21 -07:00
parent 9bf53fe2c8
commit cabe3f1447
1 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
draft-ymbk-lsvr-l3dl-signing.txt
View file

@ -234,11 +234,11 @@ Internet-Draft Layer 3 Discovery and Liveness Signing May 2020
3. Public Key Infrastructure Method 3. Public Key Infrastructure Method
Using a PKI is almost the same as using TOFU, but with one additional Using a PKI, [RFC5280], is almost the same as using TOFU, but with
step: during verification of an OPEN PDU, after extracting the Key one additional step: during verification of an OPEN PDU, after
field from the PDU but before attempting to use it to verify the extracting the Key field from the PDU but before attempting to use it
PDU's signature, the receiver MUST verify the received key against to verify the PDU's signature, the receiver MUST verify the received
the PKI to confirm that it's an authorized key. key against the PKI to confirm that it's an authorized key.
Generating an OPEN PDU using the PKI method requires a certificate, Generating an OPEN PDU using the PKI method requires a certificate,
which must be supplied via out of band configuration. The which must be supplied via out of band configuration. The