I *really* don't understand this stuff, but how long could the rollover take, for a reasonably large IoT network (presumably thousands of devices)? Are we talking about a few seconds when no new sessions could start, or what?
That said, I don't see that you have much choice. Regards Brian On 03-Oct-21 13:36, Michael Richardson wrote: > > In: > https://github.com/anima-wg/constrained-voucher/pull/177/files > > We make a compromise on the CA rollover protocol defined RFC4210. > > Specifically, during the period when devices are renewing their certificates, > we do not support communication between devices with different certificates. > For instance two devices creating a new DTLS session between them, or even > IKEv2 or EDHOC using certificates. > > Existing connections could continue, including rekeying, but new ones would > not be possible to create if the devices are in different states. > > It's not clear to the design team how RFC7030 would have supported this > anyway: when would the OldWithNew and NewWithOld certificates have been > transfered, and at what point would devices learn that they no longer need to > include those in the certificate chains that are exchanged inband. > > Given IoT networks that are primarily M2MP, we think that it *is* reasonable > that a non-constrained data collection system could have all the right > certificates (OldWithNew, NewWithOld) to operate. But, we don't know how > that system got them. > > {You might argue that this is really ace-est-coaps^WRFC9148 matter, and > probably you'd be right. But that document is past AUTH48, waiting for DTLS13} > > -- > Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > > > _______________________________________________ > Anima mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/anima > _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
