peter van der Stok <stokc...@xs4all.nl> wrote:
    >> >> DTLS connection is going to be required to act as an RA.  RAs
    >> are required
    >> >> to have the entire request for adding authentication as necessary.
    >>
    >> > This is visible in the figure of section 6, but needs elaboration in
    >> the
    >> > text.
    >>
    >> I don't understand why we have that paragraph.
    >> An end point that terminates the Pledge (D)TLS connection and acts as
    >> an RA *IS* a Join Registrar, not a Proxy.
    >>

    > Thus is outside the BRSKI context, and thus a proxy with RA (separate or 
not)

Let me delete "Join" from above sentence.

A device that terminates the DTLS security (CoAPS) and then talks to the CA
is a Registration Authority according to EST and RFC5280.  It's not a proxy.
(And it doesn't matter if it speaks HTTPS or CMS or CMP or 
super-pigeon-telepathy
to the CA)

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     m...@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [




--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-



Attachment: signature.asc
Description: PGP signature

_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace

Reply via email to