Open csosto-pk opened 4 years ago
csosto-pk
commented
4 years ago From Peter:
Suggestion" "The actionswith respect to the Trust Anchor database, cited below, reduce the chance of a third-party CA with poor certification practices to jeopardize authentication."
csosto-pk
commented
4 years ago "It is also RECOMMENDED that the Implicit Trust Anchor database used for EST server authentication is carefully managed to reduce the chance of a third-party CA with poor certification practices jeopardizing authentication."
This strikes me as a slightly odd use of normative language (what are the exception cases when the trust anchor database should not be carefully managed?).
The blurb
It is also RECOMMENDED that the Implicit Trust Anchor database used
for EST server authentication is carefully managed to reduce the
chance of a third-party CA with poor certification practices
jeopardizing authentication. Disabling the Implicit Trust Anchor
database after successfully receiving the Distribution of CA
certificates response (Section 4.1.3 of [RFC7030]) limits any risk to
the first DTLS exchange.is directly from RFC7030. We reiterate it here to point it out as a best practice and then we present a potential deviation from it for constrained environments.
To avoid this confusion we can rephrase it as
As discussed in Section 6 of [RFC7030], it is
"RECOMMENDED that the Implicit Trust Anchor database used
for EST server authentication is carefully managed to reduce the
chance of a third-party CA with poor certification practices
jeopardizing authentication. Disabling the Implicit Trust Anchor
database after successfully receiving the Distribution of CA
certificates response (Section 4.1.3 of [RFC7030]) limits any risk to
the first DTLS exchange." [...]Text now reads
As discussed in Section 6 of [RFC7030], it is "RECOMMENDED that the
Implicit Trust Anchor database used for EST server authentication is
carefully managed to reduce the chance of a third-party CA with poor
certification practices jeopardizing authentication. Disabling the
Implicit Trust Anchor database after successfuly receiving the
Distribution of CA certificates response (Section 4.1.3) limits any
risk to the first TLS exchange". Alternatively, in a case where a [...]Uploaded in v-18
COMMENT:
Section 10.1:
"It is also RECOMMENDED that the Implicit Trust Anchor database used for EST server authentication is carefully managed to reduce the chance of a third-party CA with poor certification practices jeopardizing authentication."
This strikes me as a slightly odd use of normative language (what are the exception cases when the trust anchor database should not be carefully managed?).