Hi Michael, Thanks for the feedback.
Why do you think it takes so long to get this document finished? In the end, you are just carrying EST over CoAP instead of conveying it over HTTP. Ciao Hannes PS: Regarding the use of DTLS/TLS for the proxy. There are obviously ways to get this accomplished but the question for me is whether this functionality should go into this version of the spec or rather a companion document. -----Original Message----- From: Michael Richardson [mailto:[email protected]] Sent: 14 May 2018 12:39 To: Hannes Tschofenig Cc: [email protected] Subject: Re: [Ace] EST over CoAP Hannes Tschofenig <[email protected]> wrote: > At IETF#101 Peter presented a list of open issues with the EST over CoAP draft, see > https://datatracker.ietf.org/meeting/101/materials/slides-101-ace-est-over-secure-coap-00 > - Operational parameter values > - Server side key generation using simple multipart encoding > - Explain trust relations for http/coap proxying > I have challenged the usefulness of the server-side key generation > during the meeting but in general I am curious where we are with the > document. It would be great to get it finalized. It appears that we are > adding new features and therefore will not be able to complete the work > in any reasonable timeframe. Server side key generation is not the only way to use this, and I'm not interested in it myself. I don't think we can do http/coap proxying in any meaningful way if we are using TLS/DTLS for the secure transport. I have encouraged my co-authors to either take it out, or realize that they are confusing the EST link (over DTLS) with the Registration Authority<->Certificate Authority link (over HTTPS). > So, do we have a plan for how to complete the document? I am implementing at this time, with CoAP over DTLS using OpenSSL today, and mbedTLS for the pledge side in a week or two. I believe that we can finish this document by the end of the summer. I don't think we'd get to WGLC before IETF102, and as August is a dead zone for IETF work, having a WGLC before September 1 would seem pointless. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] [email protected] http://www.sandelman.ca/ | ruby on rails [ IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
