Russ Housley <[email protected]> wrote: > I suspect that many IoT devices will need to be able to connect to > existing infrastructure, and if the requirements get too tight, then > people will put proxies in place to avoid changing the certificates on > existing infrastructure. That thinking leads me to a view that we can > get great compression when the reasonable subset is followed, but we > need to accommodate things outside the subset, even if it means less > compression.
I agree, and I would say this differently:
Devices connecting over challenged networks will need to be part of larger
security infrastructure, not all of which will be trivially upgradable.
(often for non-technical reasons involving regulation)
So, while it might be reasonable to not try to optimize SubjectDN containing
DC=tuna,DC=sandelman,DC=ca, I think that including RSA is easy enough.
{It's not the devices necessarily that are constrained, it's the networks}
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
