randy/draft-l3dl-signing
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

another ref to 5280 per russ

Browse source
This commit is contained in:
Randy Bush 2020-05-07 14:32:21 -07:00
parent 9bf53fe2c8
commit cabe3f1447
1 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
draft-ymbk-lsvr-l3dl-signing.txt
View file

@ -234,11 +234,11 @@ Internet-Draft Layer 3 Discovery and Liveness Signing May 2020
3. Public Key Infrastructure Method
Using a PKI is almost the same as using TOFU, but with one additional
step: during verification of an OPEN PDU, after extracting the Key
field from the PDU but before attempting to use it to verify the
PDU's signature, the receiver MUST verify the received key against
the PKI to confirm that it's an authorized key.
Using a PKI, [RFC5280], is almost the same as using TOFU, but with
one additional step: during verification of an OPEN PDU, after
extracting the Key field from the PDU but before attempting to use it
to verify the PDU's signature, the receiver MUST verify the received
key against the PKI to confirm that it's an authorized key.
Generating an OPEN PDU using the PKI method requires a certificate,
which must be supplied via out of band configuration. The