I got to the point of needing to start producing and validating certificates for MQTT and started running into some questions as well as starting to pickup some odd information that this document does not point to.
1. Should probably reference the mqtt(s) URI scheme, I am however somewhat irritated that it is not a registered scheme with IANA. 2. Has OASIS done anything sort of document for certificate validation. As an example is there an OID defined for extended key usage? 3. What should be said about matching data in the response from the AS and the certificate. What should be said about matching for raw public keys. I think that later is easy as it should just match the rs_cnf returned from the AS, but I don't know what should be said for certificates. 4. With the definition of some guidance in COSE, should there be a field for doing certificates in the rs_cnf - returning a fingerprint not the entire certificate. Jim _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
