Hi All, To run EST over DTLS and CoAP to address more constrained devices is not new to me, this was part of conversations that neXus (my previous employer) and SICS had about one and a half year ago.
I would support this work. I think certificates makes sense for ACE because of the connection to existing security infrastructure. At neXus we did SCEP and CMP enrollment but when moving to more constrained devices it would make sense to move to use EST over CoAP and DTLS. In addition to being quite simple compared to SCEP and CMP, EST also support server side generated keys which could be a benefit for constrained devices. Not because the devices could not generate the key but in some case keys needs to be generated in trusted and certified hardware (FIPS, CC etc.) to "know" that keys are of good quality. //Samuel On Mon, Nov 21, 2016 at 3:00 PM, Kumar, Sandeep <[email protected]> wrote: > Dear ACE members > > > > Peter van Stok gave a short overview during the ACE f2f meeting on the > work related to EST (RFC 7030) over DTLS secured CoAP ( > draft-vanderstok-core-coap-est-00 > <https://tools.ietf.org/html/draft-vanderstok-core-coap-est-00>). In the > meeting there was general interest among the audience for the work and ACE > as the preferred WG for this item. There are additional drafts and work on > the same topic like the draft-pritikin-coap-bootstrap-01 > <https://tools.ietf.org/html/draft-pritikin-coap-bootstrap-01> and the > email from Shahid https://www.ietf.org/mail-archive/web/ace/current/ > msg02029.html > > The idea is to merge these into a single draft (already discussed among > us). > > > > We would like to get feedback on the mailing list if indeed ACE would be a > right place to continue this work as was perceived during the f2f meeting. > Please respond if you support (or not) the activity going forward in ACE wg. > > > > Kind Regards > > Sandeep > > > > > > ------------------------------ > The information contained in this message may be confidential and legally > protected under applicable law. The message is intended solely for the > addressee(s). If you are not the intended recipient, you are hereby > notified that any use, forwarding, dissemination, or reproduction of this > message is strictly prohibited and may be unlawful. If you are not the > intended recipient, please contact the sender by return e-mail and destroy > all copies of the original message. > > _______________________________________________ > Ace mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ace > >
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
