Hi Peter, On 2016-12-01 10:01, "6tisch on behalf of peter van der Stok" <[email protected] on behalf of [email protected]> wrote:
>I am not sure about understanding EDHOC, but may be that is not >important. EDHOC is a key exchange protocol, analogous to the TLS handshake, but with less features. It allows authentication based on pre-shared keys, raw public keys or X.509 certificates. The protocol messages are encoded in CBOR and using COSE, and not bound to a specific protocol layer. The EDHOC protocol messages may be carried with CoAP and this has two advantages: - EDHOC can be run between JN and JCE without the JN and JCE knowing each others IP addresses using the same construction as with OSCOAP end-to-end in the minimal security draft. - CoAP and COSE are used both by OSCOAP and EDHOC, and the additional code footprint for EDHOC will be small. If you are interested in a simple lightweight enrolment protocol, EDHOC and OSCOAP may be used for that. For authentication of enrolment using e.g. manufacturer certificates, you may run EDHOC and OSCOAP in sequence and carry the PKCS#10 in the OSCOAP request and the certificate issued with the OSCOAP response, in total 2 round-trips (not considering additional messages for delayed responses, CoAP response code 2.06 etc.). For PSK authenticated enrolment it may suffice with one round-trip, the OSCOAP request/response. These examples are JN-initiated, but similar setup is possible for the JCE-initiated variant. Note that this would not at all be as elaborate as the anima work, but just as a comparison. Have a nice week-end! Göran > _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
