I *really* don't understand this stuff, but how long could the rollover
take, for a reasonably large IoT network (presumably thousands of
devices)? Are we talking about a few seconds when no new sessions could
start, or what?
That said, I don't see that you have much choice.
Regards
Brian
On 03-Oct-21 13:36, Michael Richardson wrote:
>
> In:
> https://github.com/anima-wg/constrained-voucher/pull/177/files
>
> We make a compromise on the CA rollover protocol defined RFC4210.
>
> Specifically, during the period when devices are renewing their certificates,
> we do not support communication between devices with different certificates.
> For instance two devices creating a new DTLS session between them, or even
> IKEv2 or EDHOC using certificates.
>
> Existing connections could continue, including rekeying, but new ones would
> not be possible to create if the devices are in different states.
>
> It's not clear to the design team how RFC7030 would have supported this
> anyway: when would the OldWithNew and NewWithOld certificates have been
> transfered, and at what point would devices learn that they no longer need to
> include those in the certificate chains that are exchanged inband.
>
> Given IoT networks that are primarily M2MP, we think that it *is* reasonable
> that a non-constrained data collection system could have all the right
> certificates (OldWithNew, NewWithOld) to operate. But, we don't know how
> that system got them.
>
> {You might argue that this is really ace-est-coaps^WRFC9148 matter, and
> probably you'd be right. But that document is past AUTH48, waiting for DTLS13}
>
> --
> Michael Richardson. o O ( IPv6 IøT consulting )
>Sandelman Software Works Inc, Ottawa and Worldwide
>
>
>
>
>
> ___
> Anima mailing list
> an...@ietf.org
> https://www.ietf.org/mailman/listinfo/anima
>
___
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace