Open ounsworth opened 3 months ago
It seems that description combines the verifier and RP roles in the CA. It would be nice if both roles are described separately. For example the CA forwards evidence to an internal Verifier that returns an attestation result. Th CA then determines whether to issue a certificate based on the Attestation Results.
In a more complex use case, an RA might embed the Verifier and the Attestation Results flow to the CA...
We should add a section that describes what CA/RAs are supposed to do with this attestation data. IE we expect that any sort of evidence can be carried in a CSR, and the CA/RA is expected to apply its cert policy / CPS to decide if this evidence meets the bar for issuing this certificate.