Dan Garcia Carrillo <garcia...@uniovi.es> wrote:
> I hope the last email answered your questions.
Are you talking about this answer:
> - Well known protocol thas provides flexible authentication with diffrent
> methods and counting.
> - It integrates well with AAA.
> - It has a standard and very well known Key Management Framework.
because it continues to not be answer.
These are all features of EAP.
How does EAP-over-CoAP benefit?
EAP can be used inside (D)TLS (and maybe even cTLS) without CoAP having to
carry EAP.
I guess you want to be able to key OSCORE.
So, I would guess that this must involve not using EAP-TLS* (or TEAP, or
TTLS, etc.), so I think that reduces to some kind of EAP-PAKE situation,
or EAP-SIM/AKA.
Do both peer talk to the same AAA server?
In that case, then they must have already established a secure relationship
with the AAA server. (Because, radius demands it).
If you have that, then you can just use the ACE framework to get OSCORE keys,
treating the AAA server as the AS or RS.
If they don't talk to the same AAA server, then how are the AAA servers related?
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
