Hi Julien, The first one that comes to mind would be where Pre-Shared-keys are used i.e. symmetric keys. These keys could be factory keys used only to setup the PKI-keys.
If you look at EST the server generated keys is also recommended to be wrapped in an extra layer of encryption in addition to the transport layer security (DTLS/TLS). So if the transport layer security is not absolute no keys should be leaked. //Samuel On Mon, Jun 6, 2016 at 3:18 PM, Julien Vermillard <[email protected]> wrote: > Hi Samuel, > I wonder in which scenario a RNG is safe enough for running a DTLS stack > but not good enough for generating a ECDSA key couple? > > -- > Julien Vermillard > > On Fri, Jun 3, 2016 at 5:08 PM, Samuel Erdtman <[email protected]> wrote: > >> The company I previously worked for where looking into adopting EST for >> this purpose, the benefit of EST compared to cmp or scep was that it >> defined the process for server side generated keys, which could be >> beneficial if key generation would be to cumbersome for the device or if >> you don't trust the device to generate a "good" key. >> >> Maybe Shahid could give sold more updates since he was helping us with >> this project >> >> >> On Thursday, 2 June 2016, Julien Vermillard <[email protected]> >> wrote: >> >>> Hi, >>> In industrial or enterprise M2M/IoT application we often use PSK for >>> authentication, but more and more user want to enroll the device on their >>> public key infrastructure like they does with some routers using SCEP/CMP. >>> >>> I wonder if it was explored to enroll devices, and renew certificates on >>> PKI only using CoAP and not HTTP? >>> >>> -- >>> Julien Vermillard >>> >> >
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
