Michael Richardson schreef op 2018-03-15 09:00:
peter van der Stok <stokc...@xs4all.nl> wrote:
    >> >> DTLS connection is going to be required to act as an RA.  RAs
    >> are required
>> >> to have the entire request for adding authentication as necessary.
>> > This is visible in the figure of section 6, but needs elaboration in
    >> the
    >> > text.
    >> I don't understand why we have that paragraph.
>> An end point that terminates the Pledge (D)TLS connection and acts as
    >> an RA *IS* a Join Registrar, not a Proxy.

    > Thus is outside the BRSKI context, and thus a proxy with RA
(separate or not)

Let me delete "Join" from above sentence.

A device that terminates the DTLS security (CoAPS) and then talks to the CA is a Registration Authority according to EST and RFC5280. It's not a proxy.
(And it doesn't matter if it speaks HTTPS or CMS or CMP or
to the CA)

A http/coap proxy is specified in RFC8075. It explains "how an HTTP request is mapped to
   a CoAP request and how a CoAP response is mapped back to an HTTP

In the est-coap draft DTLS and TLS connections are terminated in the http/coap proxy, and the proxy is therefore connected to an RA (possibly running on the same host as the proxy).

Where is my terminology going astray?


Ace mailing list

Reply via email to