Deb Cooley <[email protected]> wrote: > If there is always a TLS/DTLS session, then why is there a note in Sec > Consid about CMP messages being in the clear?
1. brski-ae also can use brski-prm [they were one document before]. PRM must use CMP, as it uses HTTP between a new thing (the "registrar-agent"), and the pledge. With the initiation reversed. 2. the connection between RA and CA might not be encrypted. In general, CMP messages are designed so that they need transport security. (vs EST) -- Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list -- [email protected] To unsubscribe send an email to [email protected]
