Russ Housley <[email protected]> wrote: >>> Is that identity now an LDevID (even though it has a completely >>> different shape than the IDevID), or is a certificate based LDevID >>> still created as part of the process, or can the device happily >>> complete the ANIMA processes without an LDevID? >> >> I wouldn't call it an LDevID. >> You don't need to do EST and ask for an LDevID.
> I do not see this being prohibited. It would require:
> - CA recognizes the trust anchor associated with the IDevID,
> - CA can issue the LDevID,
> - Client can authenticate the EST server based on something configured at
the factory.
I think you are speaking at cross-purposes.
Christian wants to know if ANIMA/BRSKI can "complete" without asking for an
LDevID. (yes)
Alternatively, if some OSCORE context with a symmetric key can count.
You have latched onto getting an LDevID without using EST.
Agreed: you don't need EST, you can use any other enrollment protocol you
want, and the BRSKI-AE document is about using CMP, for instance.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
