Section 4 says IDevID may "not be available" in Pledge but it is required to have an IDevID

anima-wg / constrained-voucher

This is a repo for the IETF Internet Draft about constrained vouchers in CBOR

2 stars 4 forks source link

Section 4 says IDevID may "not be available" in Pledge but it is required to have an IDevID #241

Closed EskoDijk closed 1 year ago

EskoDijk commented 1 year ago

Even if the Pledge can't do X509 operations, it still identifies itself using the IDevID. Text to be updated in Section 4 to reflect this. Section 8.3 also a little bit ("not PKIX certificates" -> "not PKIX certificate operations")

EskoDijk commented 1 year ago

@mcr Just to reconfirm - we agreed I think that a simple Pledge will identify itself using an IDevID certificate in the DTLS handshake, even if the Pledge does only RPK and it cannot do X.509 chaining & verification operations.

If ok then I can do a text change to clarify this.