Hi, I'm slowly absorbing the contents of draft-vanderstok-ace-coap-est-02. I'm building draft-ietf-6tisch-zerotouch-join with the assumption that it might run over DTLS, use EDHOC w/OSCORE, or some DTLS-over-CoAP mechanism.
I looked through section 6, and I don't understand why COAPS would be used From the Registrar through an ESTcoaps-to-HTTPS Proxy to the MASA. The Registrar as not in the constrained networks, and can speak HTTPS just fine. That's why we proxy the COAPS traffic to the Registrar, so that the Registrar does not have to live (entirely) in the constrained network. So, in the ANIMA BRSKI context, we have the Join Proxy to connect the insecure (unencrypted) network with the JRC as we can not assume the registar (JRC) is within radio distance of all pledges. For EDHOC and DTLS-over-COAP, we can use the option as described in draft-ietf-6tisch-minimal-security section 5.1 to keep the proxy stateless. For DTLS, I thought we had a few IDs on how to relay DTLS in a stateless manner. I can't seem to find any (Yes, I did look through expired drafts too). Are there some options for DTLS? Is there a way to statelessly (on the join proxy) relay traffic? -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
