Hi, sorry for spreading this out over the sub-threads[1], just to get the pointers right and everything addressed:
On Fri, Sep 03, 2021 at 08:32:59PM +0200, Rafa Marin-Lopez wrote: > 2) When the CoAP message contains the OSCORE ID that hits the OSCORE > context without any key material, we would have to assume this is > CoAP-EAP: the OSCORE implementation should not discard or give a > fail for this coap message but "pass the control" to CoAP-EAP so > that we send a altAccept to the EAP state machine so we get the MSK. It's not because the context is without key material -- it's because that context was created by EAP and that software component, rather than giving a key, gave a "callback" (however it's precisely implemented) that tells the OSCORE context to rather ask for a key with metadata from the last message. (OSCORE appendix B.2 needs something similar to implement, so this shouldn't be new to OSCORE implementations). > 3) From the MSK, we derive the OSCORE key material for the OSCORE > context with the corresponding ID and update the OSCORE context with > this key material The key IDs need to be preconfigured for this to work, see [2] -- but that's best practice anyway. BR c [1]: https://mailarchive.ietf.org/arch/msg/emu/nb8zGGDJ3d4fUaCW8QMkf6rkhVs/ [2]: https://mailarchive.ietf.org/arch/msg/core/AK8Wxy64tXofocdRHm5HNew8dpE/ -- To use raw power is to make yourself infinitely vulnerable to greater powers. -- Bene Gesserit axiom
signature.asc
Description: PGP signature
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
