peter van der Stok <[email protected]> wrote: >> >> DTLS connection is going to be required to act as an RA. RAs >> are required >> >> to have the entire request for adding authentication as necessary. >> >> > This is visible in the figure of section 6, but needs elaboration in >> the >> > text. >> >> I don't understand why we have that paragraph. >> An end point that terminates the Pledge (D)TLS connection and acts as >> an RA *IS* a Join Registrar, not a Proxy. >>
> Thus is outside the BRSKI context, and thus a proxy with RA (separate or
not)
Let me delete "Join" from above sentence.
A device that terminates the DTLS security (CoAPS) and then talks to the CA
is a Registration Authority according to EST and RFC5280. It's not a proxy.
(And it doesn't matter if it speaks HTTPS or CMS or CMP or
super-pigeon-telepathy
to the CA)
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
