Hi, Julian I am still confused. I don't think the user/node certificate is contained in configuration file because configuration file is redistributed by peers. The configuration file in Section 10.1 contains the enrollment server's URL. However, Section 10.2 suggests using DNS to locate enrollment server and downloading configuration file from enrollment server.
BR Lichun jc <[email protected]> 2010-12-17 17:44 收件人 "[email protected]" <[email protected]> 抄送 P2PSIP WG <[email protected]> 主题 Re: [P2PSIP] Where to get configuration file and certificate? Sent from my iPhone On Dec 17, 2010, at 4:08 AM, [email protected] wrote: According to Section 3.6, configuration file and certificate are obtained from configuration server and enrollment server respectively. But according to Section 10.2, configuration file is obtained from enrollment server. The enrollment server IS the configuration server. The certificates are stored in the configuration file on the enrollment server. So this lingo about "configuration server" should be removed or reworded. BR Lichun jc <[email protected]> 2010-12-17 16:54 收件人 "[email protected]" <[email protected]> 抄送 P2PSIP WG <[email protected]> 主题 Re: [P2PSIP] Where to get configuration file and certificate? What are your questions exactly? dns_srv->connect->get->parse_xml is the flow. Julian On Dec 17, 2010, at 1:51 AM, [email protected] wrote: I am confused about the enrollment in RELOAD base draft. Section 3.6.1. of RELOAD base draft says: " The node does a DNS SRV lookup on the overlay name to get the address of a configuration server. It can then connect to this server with HTTPS to download a configuration document which contains the basic overlay configuration parameters as well as a set of bootstrap nodes which can be used to join the overlay." Section 3.6.2. of RELOAD base draft says: "In that case, the configuration document will contain the address of an enrollment server which can be used to obtain such a certificate." Section 10.2. of RELOAD base draft says: "Once an address and URL for the enrollment server is determined, the peer forms an HTTPS connection to that IP address. The certificate MUST match the overlay name as described in [RFC2818]. Then the node MUST fetch a new copy of the configuration file. To do this, the peer performs a GET to the URL. " BR Lichun -------------------------------------------------------- ZTE Information Security Notice: The information contained in this mail is solely property of the sender's organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. Any views expressed in this message are those of the individual sender. This message has been scanned for viruses and Spam by ZTE Anti-Spam system. _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip -------------------------------------------------------- ZTE Information Security Notice: The information contained in this mail is solely property of the sender's organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. Any views expressed in this message are those of the individual sender. This message has been scanned for viruses and Spam by ZTE Anti-Spam system. -------------------------------------------------------- ZTE Information Security Notice: The information contained in this mail is solely property of the sender's organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. Any views expressed in this message are those of the individual sender. This message has been scanned for viruses and Spam by ZTE Anti-Spam system.
_______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
