Survey for Certificate Management Needs

Michael Richardson mcr at sandelman.ca
Tue May 5 07:21:07 AEST 2020


Richard Hanley <rhanley at google.com> wrote:
    > 3) Finally we need to
    > support revocations lists. AFIAK, there is no support for this today.

What are the certificates you speak of for?
If you are talking about HTTPs end-point certificates for bmcweb, then there
is nothing to do for CRLs, because CRLs aren't a function of the HTTPS
End-Entity certificate you are worried about.

They are provided by the CA, and it's a problem of the HTTP browser to
validate.

So I don't understand your CRL point.

    > Finally, I'm expecting we will need an out of band mechanism to talk
    > with hardware root of trust (e.g. OpenTitan https://opentitan.org/).

Possibly.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [




More information about the openbmc mailing list