Using a query is a good solution here; I would propose a query argument as short as possible because we deal with constrained networks and we want to avoid needless parsing in this case - the server only needs to select between two format choices here, returning X.509 cert or PKCS#7 with cert. The choice of encoding of the private key format PKCS#8 or CMS-EnvelopedData is depending on the payload the client sent in the /skg request, as written in the draft.
So to request PKCS#7 format , the default: POST /est/skg And to request X.509 format, the alternative that the server MAY support: POST /est/skg?x The latter has the benefit of small Option size, and can easily scale to many more formats/parameters in the future if really needed. In light of this discussion thread we would need to update the "ct=....." link format descriptions in the draft also, e.g. OLD: </est/skg>;rt="ace.est.skg";ct="62 280 284 281 TBD287" NEW: </est/skg>;rt="ace.est.skg";ct=62 Note that this format is now CoAP-correct but has the drawback that the client can't see whether the optional TBD287 is supported or not in the /skg function. Best regards, Esko Esko Dijk IoT Consultancy | Email/Skype: esko.d...@iotconsultancy.nl -----Original Message----- From: Panos Kampanakis (pkampana) <pkamp...@cisco.com> Sent: Wednesday, February 13, 2019 18:52 To: Klaus Hartke <har...@projectcool.de> Cc: Esko Dijk <esko.d...@iotconsultancy.nl>; ace@ietf.org Subject: RE: [Ace] ace-coap-est-08: using /skg with Accept Option set to TBD287 > CoAP is not aware that the representation happens to contain embedded > representations and therefore the content negotiation mechanism cannot be > used directly to negotiate the formats of those. > The value of the Accept option in the request needs to be registered in the > IANA registry and the value of the Content-Format option in the response must > be the same as Accept value. > Of course, one possible solution is to drop the use of content format ID 62 > entirely and just register one ID for each possible combination. (But then > the client can still only include at most one Accept option in its request.) Hmm, that is a fair point. I don't think it is warranted to register four more content formats for all possible format combinations in the multipart response. It looks to me that your proposal of using Uri-Query in the request in order for the client to define the supported formats of the requested resource/response is a good one. -----Original Message----- From: Ace <ace-boun...@ietf.org> On Behalf Of Klaus Hartke Sent: Tuesday, February 12, 2019 4:36 PM To: Panos Kampanakis (pkampana) <pkamp...@cisco.com> Cc: Esko Dijk <esko.d...@iotconsultancy.nl>; ace@ietf.org Subject: Re: [Ace] ace-coap-est-08: using /skg with Accept Option set to TBD287 Panos Kampanakis wrote: > Well, RFC7252 refers to a singular content format. In our case we are talking > about a dual content format (286 or 281 and 280 or 284) returned in a 62 > multipart-content. Would it be a violation of RFC7252, since RFC7252's text > had single content format responses in mind only? >From the point of view of CoAP, there is just a representation with content-format 62. A client can indicate that it accepts a representation with content-format 62; the server then is required to return either a representation with content-format 62 or an error. CoAP is not aware that the representation happens to contain embedded representations and therefore the content negotiation mechanism cannot be used directly to negotiate the formats of those. >> Maybe the draft-ietf-core-multipart-ct should extend the semantics of >> "Accept" to cover this case? A content format is not a protocol extension and cannot override the protocol definition. > I think that is good idea. The simplest way to do that would be encode the 3 > content formats (for example 62, 286 and 280) into a single CF included in > the Accept option which tells the server what combination of content formats > to send back. Would that violate RFC7252 because the Content-Formats needs to > be actual CFs defined in the IANA registry and not a combination of them? The value of the Accept option in the request needs to be registered in the IANA registry and the value of the Content-Format option in the response must be the same as Accept value. Of course, one possible solution is to drop the use of content format ID 62 entirely and just register one ID for each possible combination. (But then the client can still only include at most one Accept option in its request.) > From a previous thread with Jim S., I was under the impression that In the > virtual CoAP WG meeting a month back we went through in some explicit detail > that both Content-Format and Max-Age have no meaning when appearing on a > request and therefore should not be there. Max-Age doesn't have a meaning in requests and therefore must not be there. I'm not sure where that about the Content-Format option comes from. If a POST request has a payload, then the format of that payload is described by a Content-Format option. (A GET request doesn't have a payload and therefore must not include a Content-Format option.) Klaus _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
