-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
certificate revocation checks in long lasting connections #8
Comments
This excerpt from Magnus' TSV-ART review of RFC7525bis is also relevant:
|
To repeat a suggestion that I made at the mic ini Philadelphia: it might be sufficient - at least for verifying liveness of certification information - to use an exported authenticator. |
Martin, thanks for the (good) suggestion. |
I'm not super clear on what the action is for this issue. Is it to add a reference to 9261 and expand on considerations for long lived static keys? |
The text is available now but the only problem is that there is no specification in standardized IoT protocols to carry the payloads. |
Now that renegotiation is gone, what recommendation can we make to deal with semi-permanent, mutually authenticated connections that need to rekey and check the associated certificate credentials?
This is a common use case in Industrial IoT.
See this long thread on the TLS mailing list: https://mailarchive.ietf.org/arch/msg/tls/vTxwj2iShME6c7AHg_Ub-_eS_fM/
The text was updated successfully, but these errors were encountered: