Hi Goran,
thanks for this low overhead and clear explanation.
If you are interested in a simple lightweight enrolment protocol, EDHOC
and OSCOAP may be used for that. For authentication of enrolment using
e.g. manufacturer certificates, you may run EDHOC and OSCOAP in
sequence
and carry the PKCS#10 in the OSCOAP request and the certificate issued
with the OSCOAP response, in total 2 round-trips (not considering
additional messages for delayed responses, CoAP response code 2.06
etc.).
For PSK authenticated enrolment it may suffice with one round-trip, the
OSCOAP request/response. These examples are JN-initiated, but similar
setup is possible for the JCE-initiated variant.
Note that this would not at all be as elaborate as the anima work, but
just as a comparison.
I don't think EDHOC is meant to replace EST or the anima work.
It is a proposal to replace the EST part of the anima bootstrap by
something targeted to the bootstrap case and use of CoAP for low
resource devices without human intervention.
Peter
_______________________________________________
6tisch mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6tisch
