Hi all, within the context of a centralized enrollement, I have some questions abut rules and functionalities:
Section 3.6.1. figures out that for first time setup, the user queries DNS on the overlay name and gets the address of a configuration server. The configuration server in then contacted and a configuration document is provided to the user, having the content of a bootstrap node and an enrollment server. The configuration document is described in section 10.1. Correct so far ? But the user needs a certificate first. So Section 3.6.2 says that the user performs a connection to the enrollment server (with username/pw) to obtain a certificate (with node-id, etc.). Correct so far ? In conflict to that, section 10.2. states that the adress of the enrollment server is found with a DNS query, not with the content of a configuration document and, furthermore, the configuration document is downloaded from enrollment server and the certificate, according to section 10.3, is assigned by an credential-server. Please help me clarifying this conflict. >From my understanding by now, there is: 1. initially one server providing a configuration document, including the bootstrap-nodes (and some other things for joining the overlay). The address is resolved by querying the overlay name. 2. The user then queries the service name p2psip_enroll and get the address of an Enrollment server. The user performs a connection to get a certificate (with node-id etc.). This certificate is assigned by the enrollment server. 3. The user then joins the overlay with the given certificate. But this lacks some understanding of a credential-server and/or Rules on the other elements/servers/functionalities. Regards, frederic _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
