When installing manufacturing certificates onto hardware devices it is especially important to block inadvertent CA config changes (resulting in incorrect certificates). Having strict profile checks in the requesting client would help prevent this.
- max On Nov 17, 2009, at 3:47 PM, Massimiliano Pala wrote:
So how do you test that the production PKI works exactly as the testPKI if they are two separate setup ? You just rely on the fact that theconfigurations are the same ? Don't you have to assert the production environment somehow ? Thanks for sharing :) Cheers, Max On 11/17/2009 04:28 PM, Ogle Ron wrote:I issue certificates for DOCSIS certified Cable Modems. I know that there are several different CA software vendors who support these certificates. The certs follow a well defined set of extensions and flag definitions. Weinteroperate fairly well.BTW, for development and testing purposes, DOCSIS defines a separate PKI.This way there is no problem with knowing what is test and what is production._______________________________________________ pkix mailing list pkix at ietf.org https://www.ietf.org/mailman/listinfo/pkix
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.