Dear Rafa,
I've been reading the latest version of your draft (
draft-marin-ace-wg-coap-eap-01.txt ), and I have a couple of questions
regarding some of the payload options, which could be optimized even
further:
1) Use shorter name for the /auth resource
2) Mandate the use of zero-length CoAP token
The first, and the more simple one, is - would it be possible to change
the name of the authentication resource from /auth to a shorter one
(like /a)? Maybe it could be an option to change the name of this
resource, based on the underlaying architecture, e.g. an RFC could
mandate that in a specific network the resource could be named /a,
whereas the default value could remain /auth?
The second, which is a little bit more subtle. Tokens are used to match
responses to requests, but during the authentication/authorization phase
a single peer (endpoint) would communicate with a single authenticator.
Moreover, the communication happens in a serial fashion, and responses
are piggybacked. This falls in the case when zero-length token is also
advised by RFC7252. Do you think that it would be appropriate to make
the use of zero-length token mandatory for EAP-over-CoAP?
Best,
Alexander
_______________________________________________
6tisch mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6tisch
