Heikki Vatiainen <h...@radiatorsoftware.com> wrote:
>> On Aug 17, 2023, at 5:02 PM, Michael Richardson
>> <mcr+i...@sandelman.ca> wrote:
>> > section 3.9.: what is "server unauthenticated provisioning" >
>> (sounds like TEAP-BRSKI?)
>>
>> Yes.
> Should it be noted that this provisioning method is only available with
> TLS 1.2 and earlier because the method requires anonymous ciphersuites?
> It confirms to the reader that this is the intended case.
If we are talking about an RFC8995 (BRSKI) mechanism then:
a) It requires that the Peer defer validation of the Server's certificate
until later on when another signed artifact is received (RFC8366 voucher).
b) The server still validates the Peers' client (IDevID) certificate.
We don't need or want anonymous ciphersuites here.
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
