Added trust anchor rfc #9

vedangj044 · 2021-05-25T07:01:41Z

Added RFC for Trust Anchor feature in DRG.

active/005-trust-anchor-management.md

jbtrystram · 2021-05-25T12:53:15Z

There a couple of points that needs some more design before starting to implement things :

Spec out the payload for the cert in the app spec section.
Same as above but for the device spec section
If we allow pushing device private key and cert to the cloud it MUST be encrypted, so there are some metadata going along, the payload needs specification as well

jbtrystram · 2021-05-25T12:53:34Z

active/005-trust-anchor-management.md

+
+The specification of each device needs to contain a unique mapping to its physical counterpart, this can be accomplished by storing the MAC Address + Service number of every device or storing the MAC address as a JWT token provided by the server.
+
+The generation of the private keys and certificates would be done using rust-openssl.


This one is a pain to cross compile. Is there a pure rust crate that could do it ? Maybe look into ring and webpki
https://github.com/briansmith/webpki

Added trust anchor rfc

6d85f66

lulf reviewed May 25, 2021

View reviewed changes

active/005-trust-anchor-management.md Show resolved Hide resolved