replying to three of your messages, and trying to repoint the thread at 6tisch-security.
peter van der Stok <stokc...@xs4all.nl> wrote: > all in favor of one approach to merge the push/pull aspects. (I have to > understand the protocol exchange below, but it looks feasibale) > I am not sure about understanding EDHOC, but may be that is not important. I think it is. > I still see all the mime formats. is that phase 1? They are HTTP content-types really. That's part of of the phase 2. > Is phase 2 then switching to OSCOAP with a single format containing binary > encoding? No, we would use EDHOC to create a secure session, and then we would run our EST-CoAP-variant over that. No DTLS at all. peter van der Stok <stokc...@xs4all.nl> wrote: > I don't think EDHOC is meant to replace EST or the anima work. EDHOC doesn't replace EST, it replaces DTLS. peter van der Stok <stokc...@xs4all.nl> wrote: > As discussed earlier, having a push/pull agnostic protocol would be > nice. (and probably feasible) > As stated earlier, I think that discovery and which node starts the bootstrap > protocol (BRSKI) is very much installation/technology dependent, and should > be done in another document. I feel very much like I am the holdout for having the JCE initiate the join protocol. > My intention was to reduce the coding effort of the registrar by making 1) > and 2) as similar as can be hoped for; > while payload considerations are of secondary importance. > My hope being that a manufacturer will deliver a registrar box supporting > both coap and http versions. > When the consensus is that adding coap is already such an extra effort that > code sharing between http and coap versions does not alleviate the effort, > then any solution for coap that concentrates on payload reduction is fine by > me. I can see an implementation where a front-end requests/processes the PKCS format messages in traditional EST and the CoAP push/pull variants, and then feeds it into the same engine. I think that the biggest interoperability problem that we are going to have is in the step where the Registrar/JCE tells the Pledge what to put in it's CSR. This is because this part probably involves doing real ASN.1 work, and pledges will want none of that. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ 6tisch mailing list 6tisch@ietf.org https://www.ietf.org/mailman/listinfo/6tisch