Michael Richardson schreef op 2018-03-15 09:00:
peter van der Stok <stokc...@xs4all.nl> wrote:
>> >> DTLS connection is going to be required to act as an RA. RAs
>> are required
>> >> to have the entire request for adding authentication as
necessary.
>>
>> > This is visible in the figure of section 6, but needs
elaboration in
>> the
>> > text.
>>
>> I don't understand why we have that paragraph.
>> An end point that terminates the Pledge (D)TLS connection and
acts as
>> an RA *IS* a Join Registrar, not a Proxy.
>>
> Thus is outside the BRSKI context, and thus a proxy with RA
(separate or not)
Let me delete "Join" from above sentence.
A device that terminates the DTLS security (CoAPS) and then talks to
the CA
is a Registration Authority according to EST and RFC5280. It's not a
proxy.
(And it doesn't matter if it speaks HTTPS or CMS or CMP or
super-pigeon-telepathy
to the CA)
A http/coap proxy is specified in RFC8075. It explains "how an HTTP
request is mapped to
a CoAP request and how a CoAP response is mapped back to an HTTP
response".
In the est-coap draft DTLS and TLS connections are terminated in the
http/coap proxy, and the proxy is therefore connected to an RA (possibly
running on the same host as the proxy).
Where is my terminology going astray?
Peter
_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace