Survey for Certificate Management Needs
Michael Richardson
mcr at sandelman.ca
Tue May 5 07:21:07 AEST 2020
Richard Hanley <rhanley at google.com> wrote:
> 3) Finally we need to
> support revocations lists. AFIAK, there is no support for this today.
What are the certificates you speak of for?
If you are talking about HTTPs end-point certificates for bmcweb, then there
is nothing to do for CRLs, because CRLs aren't a function of the HTTPS
End-Entity certificate you are worried about.
They are provided by the CA, and it's a problem of the HTTP browser to
validate.
So I don't understand your CRL point.
> Finally, I'm expecting we will need an out of band mechanism to talk
> with hardware root of trust (e.g. OpenTitan https://opentitan.org/).
Possibly.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
More information about the openbmc
mailing list