[2024-07-10 13:54:44] Ashley Setter: Certificate Lifecycle

[2024-07-10 13:54:44] Ashley Setter: Certificate Lifecycle [2024-07-10 13:54:44] Ashley Setter: Certificate Lifecycle
nqminds · Jul 10, 2024 · 7cc8cd4 · 7cc8cd4
1 parent 83a3b36
commit 7cc8cd4
Showing 1 changed file with 12 additions and 17 deletions.
diff --git a/packages/docusaurus/docs/build5-docs/22-certificates.md b/packages/docusaurus/docs/build5-docs/22-certificates.md
@@ -109,32 +109,29 @@ Practically, for this build, the domain and registrar are co-located, so the cre
 
 1. [@ REGISTRAR] create a public private keIn a real deployment, where the registrar and domain are not in a 1:1 relationship, we need to consider how the registrars certificates are deployed. 
 
-This could end up looking very like the BRSKI provisioning process
-
-The process should be in infrequent setup process
-
-| X509 Attribute             | Description/use                |
+This could| X509 Attribute             | Description/use                |
 | -------------------------- | ------------------------------ |
 | `Subject`                  | C = IE, CN = registrar-tls-meta |
-| `Subject Key Ide| `Authority Key Identifier` | Public key of the `domain+`    |
-| (signed by)                | Private key of the `domain-`   |dentifier` | Public key of the `domain+`    |
+| `Subject Key Identifier`   | Public key of the `registrar+` |
+| `Issuer`                   | C = IE, CN = registrar-tls-ca |
+| `Authority Key Identifier` | Public key of the `domain+`    |
+| (signed by)                | Private key of the `domain-`   |entifier` | Public key of the `domain+`    |
 | (signed by)                | Private key of the `domain-`   |
 
 
 ## Radius
 
-The radius server is an implementation detail of the router.
-
-It is not needed or referenced in the  BRSKI definition; it is useful in a practical implementation.
-
-Many routers, use a RADIUS server to abstract the authentication procThe creation process for the RADIUS certificate i| X509 Attribute             | Description/use              |
+The radius server is an implementation detail of Many routers, use a RADIUS server to abstract the authentication process
+Specially the implementation of EAP-TLS on HostAPD in the Raspberry Pi  (See implementation notes )
+ **Creation**
+The creation process for the RADIUS certificate is identical to the creation process for the registrar. It just refers to a different subject (the radius public key)
+| X509 Attribute             | Description/use              |
 | -------------------------- | ---------------------------- |
 | `Subject`                  | C = IE, CN = registrar-tls-ca |
 | `Subject Key Identifier`   | Public key of the `radius+`  |
 | `Issuer`                   | C = IE, CN = registrar-tls-ca |
 | `Authority Key Identifier` | Public key of the `domain+`  |
-| (signed by)                | Private key of the `domain-` |
-Authority Key Identifier` | Public key of the `domain+`  |
+| (signed by)                | Private key of the `domain-` |uthority Key Identifier` | Public key of the `domain+`  |
 | (signed by)                | Private key of the `domain-` |
 
 
@@ -219,6 +216,4 @@ Simplified
 
 
 
-| X509 Attribute             | Description/use                                              |
-| -------------------------- | ------------------------------------------------------------ |
-| `Subject`                  | Name of connection (optional)<br />CN="SSID of 
+| X509 Attribute             | Description/use