peter van der Stok <> wrote:
    >> >> DTLS connection is going to be required to act as an RA.  RAs
    >> are required
    >> >> to have the entire request for adding authentication as necessary.
    >> > This is visible in the figure of section 6, but needs elaboration in
    >> the
    >> > text.
    >> I don't understand why we have that paragraph.
    >> An end point that terminates the Pledge (D)TLS connection and acts as
    >> an RA *IS* a Join Registrar, not a Proxy.

    > Thus is outside the BRSKI context, and thus a proxy with RA (separate or 

Let me delete "Join" from above sentence.

A device that terminates the DTLS security (CoAPS) and then talks to the CA
is a Registration Authority according to EST and RFC5280.  It's not a proxy.
(And it doesn't matter if it speaks HTTPS or CMS or CMP or 
to the CA)

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]        |   ruby on rails    [

Michael Richardson <>, Sandelman Software Works
 -= IPv6 IoT consulting =-

Attachment: signature.asc
Description: PGP signature

Ace mailing list

Reply via email to