Hi Hannes, We have looked at it a while ago. Unless something is added in near past, LWM2M, in relation to the UDP channel security, discusses certificate provisioning in high-end IoT devices. Also. LWM2M demands the keys to be generated on server side. In any case, our work should complement than compete LwM2M.
Soon leaving for summer vacations and will look into it when back. Regards, Shahid > On 20 Jun 2016, at 09:39, Hannes Tschofenig <[email protected]> wrote: > > Hi Shahid, > > have you had a chance to look at the work done by the OMA with LWM2M > since it provides this support as well? > > Ciao > Hannes > > > On 06/04/2016 01:01 AM, Shahid Raza wrote: >> We (SICS and neXus) have been working on this since September last year >> and designed and implemented an enrollment protocol over secure CoAP. >> Both the specifications and the Contiki source code will be available >> soon. This is done under the umbrella of a Swedish project called >> CEBOT: Certificate Enrollment in Billions of Things. >> >> Regards, >> Shahid >> >>> On 03 Jun 2016, at 17:08, Samuel Erdtman <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> The company I previously worked for where looking into adopting EST >>> for this purpose, the benefit of EST compared to cmp or scep was that >>> it defined the process for server side generated keys, which could be >>> beneficial if key generation would be to cumbersome for the device or >>> if you don't trust the device to generate a "good" key. >>> >>> Maybe Shahid could give sold more updates since he was helping us with >>> this project >>> >>> On Thursday, 2 June 2016, Julien Vermillard <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hi, >>> In industrial or enterprise M2M/IoT application we often use PSK >>> for authentication, but more and more user want to enroll the >>> device on their public key infrastructure like they does with some >>> routers using SCEP/CMP. >>> >>> I wonder if it was explored to enroll devices, and renew >>> certificates on PKI only using CoAP and not HTTP? >>> >>> -- >>> Julien Vermillard >>> >>> _______________________________________________ >>> Ace mailing list >>> [email protected] <mailto:[email protected]> >>> https://www.ietf.org/mailman/listinfo/ace >> >> >> >> _______________________________________________ >> Ace mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ace >> > _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
