Hi Samuel, I wonder in which scenario a RNG is safe enough for running a DTLS stack but not good enough for generating a ECDSA key couple?
-- Julien Vermillard On Fri, Jun 3, 2016 at 5:08 PM, Samuel Erdtman <[email protected]> wrote: > The company I previously worked for where looking into adopting EST for > this purpose, the benefit of EST compared to cmp or scep was that it > defined the process for server side generated keys, which could be > beneficial if key generation would be to cumbersome for the device or if > you don't trust the device to generate a "good" key. > > Maybe Shahid could give sold more updates since he was helping us with > this project > > > On Thursday, 2 June 2016, Julien Vermillard <[email protected]> wrote: > >> Hi, >> In industrial or enterprise M2M/IoT application we often use PSK for >> authentication, but more and more user want to enroll the device on their >> public key infrastructure like they does with some routers using SCEP/CMP. >> >> I wonder if it was explored to enroll devices, and renew certificates on >> PKI only using CoAP and not HTTP? >> >> -- >> Julien Vermillard >> >
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
