Kent Watsen <[email protected]> wrote: > [future threads about SZTP should CC NETCONF, the WG that > published/maintains SZTP]
Yes, and not netmod?
sf> In one use case, the pledge has no direct connection to the registrar
sf> and a registrar-agent communicates with the pledge. In that specific
sf> case we do not have a TLS connection between the pledge and the
sf> registrar-agent and protect the exchanged objects by an additional
sf> signature. This is done by embedding the necessary information into a
JOSE object.
...
sf> The question
sf> (https://github.com/anima-wg/anima-brski-async-enroll/issues/10) now
sf> is, if this construct is possible, as we are just using a subset
sf> (sztp-csr:csr) of the YANG module " ietf-sztp-bootstrap-server" from
sf> draft-ietf-netconf-sztp-csr?
kw> This is not possible.
I feel that the question might have been so specific that it didn't match.
My thought was to do CORECONF (possibly using CoAP over BTLE), to retrieve a
CSR from a device. It seems to fit right into the ietf-sztp-bootstrap-server
pattern to me.
So, I'm unclear why ietf-sztp-csr:csr-support couldn't be used.
Is it because the module augments sztp, and we don't need it all?
We really just want container csr-support, csr-generation, csr, ???
Maybe we could chat about this more.
We have a regular Thursday 9:30 EST design team.
>> The alternative would be to define an own module modeled in a similar.
> You can do this.
I think that we can have some common mindshare here.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
