Hi Daniel, On 2021-03-02, Daniel Migault <mglt.i...@gmail.com> wrote:
> This is just a follow-up. I would like to be able to close this issue > by the end of the week, and so far I have not heard any issues for > profile mandating a protocol. On the other hand, not mandating a > specific protocol comes with interoperability issues. So unless more > feed back is provided, I am currently leaning toward ensuring > interoperability. > > It would be good for me to hear from the WG and understand what concrete > deployment > issues the two statements below would raise: > * OSCORE profile mandating the AS to support OSCORE and have the C <-> AS > using > OSCORE. > * DTLS profile mandating the AS to support DTLS and have the C <-> AS > using DTLS. I think the major issue is that a client that implements both OSCORE and DTLS cannot just switch from one mechanism to the other because it must stick to either one or the other. This also raises the question what happens if an AS is contacted by the client via OSCORE but the RS only supports DTLS: Is the client allowed to switch from OSCORE to DTLS if the AS says so? Another aspect is that we would need to add another specification if a client implementing the DTLS profile wants to contact the AS via TLS. As CoAP over TLS is well-defined, this would not make any difference regarding the security or the handling in the application, but mandating DTLS in the profile would currently preclude the use of TLS. Grüße Olaf _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
