Eliot Lear <[email protected]> wrote: > I think the issue is that RFC 7030 references RFC 4210. And > enterprises may indeed roll their CAs for a myriad of reasons, not the > least of which could be mergers, mishandled private keys, and planned > changes,. So some advice may be needed here, if 4210 isn't the right > answer.
It's not that RFC4210 is wrong, it's that it's a bit abstract. In IoT deployments, there are many slightly different aspects of how things will be used that affects how one makes it unclear how to concretely do RFC4210. These differences are perhaps worth writing down somewhere. I think that one major category is outbound P2MP (IoT node -> cloud). A second one is "inbound" P2MP CollectionSystem->Node (often not cloud). The third one, which many IETF efforts assume, but industry does not commonly do, is node<-->node. A fourth one might be where two nodes connect to a cloud/server resource, and are then put in touch with other using credentials provided by the server, or perhaps even just keyed by the server. Most forms of secure multicast are basically like this. It's quite likely that some networks do a combination of these for different purposes. -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
