Survey for Certificate Management Needs

Michael Richardson mcr at
Tue May 5 07:21:07 AEST 2020

Richard Hanley <rhanley at> wrote:
    > 3) Finally we need to
    > support revocations lists. AFIAK, there is no support for this today.

What are the certificates you speak of for?
If you are talking about HTTPs end-point certificates for bmcweb, then there
is nothing to do for CRLs, because CRLs aren't a function of the HTTPS
End-Entity certificate you are worried about.

They are provided by the CA, and it's a problem of the HTTP browser to

So I don't understand your CRL point.

    > Finally, I'm expecting we will need an out of band mechanism to talk
    > with hardware root of trust (e.g. OpenTitan


]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr at        |   ruby on rails    [

More information about the openbmc mailing list