Mark Nottingham wrote:
>> On 5 Apr 2024, at 07:21, Michael Richardson
>> wrote:
>>
>> We in ANIMA have been struggling because we have an artifact, a
>> voucher (YANG defined in RFC8366, being revised/extended in 8366bis),
>> whi
ods. They are not JSON.
Neither is image/svg+xml+gzip actually XML, until you decode the GZIP.
> application/voucher+jwt would make sense.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwi
uot;this is a signed object, and if you look in the
payload slot, you might find something you might know how to decode" (or not)
But, for many formats they only appear in a signed form in the wild, so maybe
this just doesn't matter.
--
] Never tell me the odds! | i
HHOibvigq2rY4ImU/
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
get date.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP
I will need to update the WG on RFC8366bis (which I will repost today!)
and the plan to finish this work. I will need 7 minutes.
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
pression
of the IP address.
As you say, it won't work, so the Registrar, being defensive, needs to just
ignore any SNI.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Descript
A to be hosted in
a modern multi-tenant TLS infrastructure.
This way, you can use the github "Suggest" text.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_
lace it. But i don't think/hope
> that that is the case.
WHen someone shows up with hardware that can't be used, we should have this
discussion.
I will attempt to put together some slides for 119 that address the ULA
addressing on the ACP DULL side that I am attempting to implement.
--
Mic
for
> the Errata that we both agree on so he can update the Errata with it.
All of the text you have proposed is fine with me in the end.
Short of it: all parties always send SNI.
(Registrar must often ignore SNI upon receipt)
--
Michael Richardson. o O ( IPv6 IøT consulting )
address. See e.g.: AWS cost for IPv4 > address.
On Mon, Feb 12, 2024 at 09:01:50AM -0500, Michael Richardson wrote:
>> Right, but it's self-righting. A manufacturer that uses an SNI-only
>> cloud registrar and does not do SNI will fail immediately: they won't
>> ge
| ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@i
0.
I have updated the write-up.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.o
Sheng JIANG wrote:
> This email starts a two-week adoption call on
> draft-eckert-anima-brski-discovery-01. It ends by 2024/2/23rd.
Yes, we need this document to complement the other mentioned documents and
avoid repeating ourseles.
--
Michael Richardson. o O ( IPv6 IøT cons
fine.
But, for BRSKI-EST link, we can assume enough modern TLS to allow for SNI
based virtual hosting.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
esses are really cheap, and one can even use ULA inside of an
Enterprise, or inside the ACP.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
s
> actually require SNI support by the TLS stack. So the proposed text
> could be read as contradicting TLS 1.3. Therefore suggested rewrite
> does not mention TLS versions.
uhm. okay. I don't think that this is confusing.
--
Michael Richardson. o O ( IPv6 IøT consulti
bout. But, it's not an SNI issue. It's a Implicit Trust Anchor or not issue.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
Anima mai
e knew, a year ago, that it would become a cluster of dependancy cycles.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
Anima mailing list
An
Thank you Rob.
I've made three new issues in github for your three levels of comments, and
the authors will attempt to finish this up by week of Jan.31ish.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
ings, and probably my
draft-richardson-anima-registrar-considerations.
**The SNI comment is really the Technical update part**
I'd like the XML to be patched, so whatever gets that done.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and W
o the ASN.1 module.
> The correct section number is 6.2.2.1.
works for me.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
Ani
ically, I don’t think that the
> existing text is wrong, but consistently using RFC 2119 keywords may
> add clarity.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
re: https://www.rfc-editor.org/errata/eid7263
I agree that the correct text is:
idevid-issuer: The Issuer value from the pledge IDevID certificate
MUST BE included to ensure unique interpretation of the serial-
number.
--
Michael Richardson. o O ( IPv6 IøT consulting
cher-request+cose? Did we settle on anything there?
I think that I used .vrq, but I don't know if we should standardize that.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: P
erations seem wrong.
What is the TLS hop by hop security?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/|
The design team will not meet on Dec.26 or Jan.2.
It will resume on Jan. 9 at it's usual time of 11am EST or 1600UTC.
There are calendar invites in the WG archives, or you can unicast me for
details.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc
n't work for me last time I tried, but that was many months
ago.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
Anima mailin
ose into MASA and
> manufacturing databases - instead of also having to bother about a
> CA. It might be useful to add a paragraph about this benefit, although
> it is AFAIK not really BRSKI Cloud specific - but it seems like this
> could be even a more common case as peldges
gistrar that supports
> a particular (deviating) certificate type X may then be needed. This
> could be viewed as just a different type of Voucher that needs to be
> supported.
I was hoping (my head in the sand) you wouldn't bring this up :-)
--
Michael Richardson.
it's
wired into the network stack slightly differently.
Why didn't we say this?
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
Anima ma
there is still relevant.
okay, thank for this.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https:/
> In the IANA registry, should this errata report be listed as a second
> reference for "AN_join_registrar"?
I suppose it doesn't hurt.
Seciton 8.7 links to section 4.3 already.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
for us.
Yes, I think so.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
ncludes a mechanism to rekey the network that is push.
The problem/reason we have no push mechanism is that we (the IETF) don't
really have a standard datamodel/interface-to-device, while other SDO
verticals do. So adding a new push mechanism is not a big deal.
--
Michael Richardson , Sandelman
scovery now in Section 14. Some content has
Thank you for all the work on this document.
I think that where it says that it updates RFC8366bis, it probably should
just recap what 8366bis says (and that document should say it).
I guess that requires further document coordination work.
--
Michael
o we ever need renewal to go through a proxy ?
It's probably wrong.
If the node has lost so much network that it's no longer on the ACP (or the
IoT network), then it probably should go through onboarding again. It might
have moved, or something happened.
--
Michael Richardson , Sandelman Software Work
Toerless Eckert wrote:
> Check the GRASP text in both drafts, i think the text in
> constrained-join-proxy is more harmfull to move forward than the one in
> constrained-voucher. So i would definitely like to see it removed, or i
> would want to raise concerns about it (which i
Toerless Eckert wrote:
> I don't see a reason why GRASP should not work well on even further
> constrained devices.
I personally found GRASP way easier to implement in a constrained fashion than
mDNS.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT cons
ribe
> a scenario where constrained nodes participate in a full ANIMA ACP.
I'm fine with that, but then let's get it done already.
Code is waiting.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*
ocols: "EST-TLS" for RFC 7030.
> It should say:
>objective-value = text ; name of the supported protocol, ; e.g.,
> "EST-TLS" for RFC 7030.
> Regards, Rob
> -Original Message- From: Michael Richardson
> Sent: Thursday, N
>> You may review the report below and at:
>> https://www.rfc-editor.org/errata/eid7576
>>
>> --
>> Type: Editorial Reported by: Michael Richardson
>>
>>
>> S
internet-dra...@ietf.org wrote:
>Title: Join Proxy for Bootstrapping of Constrained Network Elements
> Authors: Michael Richardson Peter van der Stok Panos Kampanakis Name:
> draft-ietf-anima-constrained-join-proxy-15.txt Pages: 26 Dates:
> 2023-11-06
...
&
]
Just email i...@iana.org, and ask them.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
ssed. So if readers come to the linked issues and find them
closed/merged, they should just know that we are making progress.
Or they should protest/disagree.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Descrip
will this get
integrated into supply processes. Definitely a topic for discussion at
IETF118.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
__
I am not aware of any IPR against this document.
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
Brian E Carpenter wrote:
> On 25-Sep-23 07:10, Michael Richardson wrote:
>> Brian E Carpenter wrote:
>> > Certainly, but that depends on humans. We also need filters for github
>> > messages, because if you are subscribed to a repo, you tend to g
of activity on a repo.
yes, Mark Nottingham has a script that sends a weekly summary.
For instance:
https://mailarchive.ietf.org/arch/msg/cellar/26oBDDCLnEXOP4y1r8iUpLje9Hc/
github.com/ietf-github-services/activity-summary
I can enable this for ANIMA if desired.
--
Michael Richardson. o
e to the
list. Do this *before* you reach some conclusion, in order to avoid getting
exhausted.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
NN. Aka: automated reactions must be possible by
> only examining the ErrorNameNNN.
agreed.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
https://github.com/anima-wg/constrained-join-proxy/pull/57
Fries, Steffen wrote:
> A further alternative may be _Join Proxy for Bootstrapping of
> Constrained Network Elements_
This seemed like the best choice, so I've used it.
--
Michael Richardson. o O ( IPv6 IøT cons
onstrained Bootstrapping Protocols
Or even s/Bootstrapping/Onboarding/
but, actually we document both State and Stateless mechanisms.
Please help me fix the title and from that, the abstract.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and
edits for consistency.
Is the WGLC finished then?
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
(artifact is USA spelling)
voucher data: the raw (serialized) representation in whatever format
(JSON, CBOR), without any signature. Maybe be preceeded by
"JSON" or "CBOR"
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software
cifically, we have changes in the $transport-proto
for both, which can vary from IPPROTO_TCP in RFC8995, to IPPROTO_UDP for the
coap methods. Should that be in the table too?
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.
there's still many typos and word omissions that
> could be fixed before moving this document forward to IESG. Not sure if
> that's needed (we can apply the lazy-fix policy and let IESG find them
hah. Let's not.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandel
The Tuesday August 15 meeting has been cancelled because it's a german public
holiday.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
--html
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
tives, each containing exactly one supported protocol.
This one.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
Anima mailing lis
Carsten Bormann wrote:
> Do you want:
>>> objective-value = text ; name of the supported protocol. ; e.g.,
>>> "EST-TLS" for RFC 7030.
Yes, without trailing s, thank you.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sande
Michael Richardson wrote:
> I think it should now say:
> objective-value = text ; name of the supported protocols. ; e.g.,
> "EST-TLS" for RFC 7030.
https://www.rfc-editor.org/errata/eid7576
--
Michael Richardson. o O ( IPv6 IøT consulting )
Toerless Eckert wrote:
> Want to throw a different proposal in the room.
But, here we are trying to clarify a confusion in 8995.
You are trying to propose something new, which wouldn't be in errata.
___
Anima mailing list
Anima@ietf.org
post a new revision and ask IANA
to validate our text.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
On 26-Jul-23 09:06, Michael Richardson wrote:
> Brian E Carpenter wrote:
> > That makes sense, but it probably needs to be normatively specified,
> > which would avoid any need to change RFC 8995, except perhaps an
> > erratum to delete that "(list
document that goes with the value.
> Yes, makes sense.
okay, where do we register it?
constrained-voucher?
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
for Owen to review.
So, I would ask the chairs to consider a WGLC for brski-cloud in August.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
ind the document that goes with the value.
If we do want a registry, it needs to go into one of the two above documents,
I think. I don't want to drag this on longer than it needs to be, because
these documents have taken too long already.
--
Michael Richardson. o O ( IPv6 IøT consult
assurance protocol, but
OTH, it would be nice to do this before the device is accepting onto the
network.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_
Christian =?iso-8859-1?Q?Ams=FCss?= wrote:
> On Thu, Jul 20, 2023 at 02:35:09PM -0400, Michael Richardson wrote:
>> So draft-ietf-anima-constrained-voucher, has some optimizations that
>> can sometimes let the pledge skip the /crts, but why is that
>> int
> As a cose WG “member”, I feel it is slightly weird for anima to
> register that. But you don’t need a draft, I think; a (correctly!)
> filled in registration template sent to IANA should trigger the expert
I agree: it is weird.
--
Michael Richardson. o O ( IPv6 IøT consulti
Christian Amsüss wrote:
> On Wed, Jul 12, 2023 at 05:52:30PM -0400, Michael Richardson wrote:
>> IN section 1.1, without having given a picture of what you are doing
>> you start to say: "The alternative to this constraint is to declare
>> this
versial,
and at this point, I think you hold the lead pen, so I'd encourage you to
just do them.
This document is now like 6+ years old, and it would be nice to get it done
already.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandel
ll us about the math, that the
presentation should explain to us the use case for this work.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_
ad": BASE64URL(ietf-voucher:voucher),
"signatures": [
{
"protected": "BASE64URL(UTF8(JWS Protected Header))",
"signature": "base64encodedvalue=="
}
]
}
--
Michael Richardson.
ost
> worth an errata, since I wouldn't know what to write in a program to
> implement it.
:-)
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
__
send the keys in message 4, or you want to do a new FETCH
on some some new resource to get them.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_
es can not hold
certificates. Yet, they are being installed into devices by the billions today.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP sig
status and edit the report, if necessary.
Sure, it's an improvement.
It seems entirely editorial, so "Hold for Document Update"
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP
for
> Github issue created for this. I could create a PR to show how it may
> look like.
> Any opinions on this?
I prefer to get it done sooner than done better, but not everyone will agree
with that.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT con
Esko Dijk wrote:
> Because there's new text being added; I've reviewed this as well. Below
> my findings. I would prefer if the WG could fix this as part of the
> WGLC work.
okay!
https://github.com/anima-wg/brski-cloud/issues/40
--
Michael Richardson , Sandelman Softw
Brian E Carpenter wrote:
> Now draft-ietf-lamps-rfc7030-csrattrs is a downref, which needs to be
> mentioned in the shepherd's write-up.
It's unstuck as of yesterday.
I think it could be WGLC by the end of the summer.
--
Michael Richardson , Sandelman Software Works
-= IP
rom Registrar to MASA which you have to design and
document. And you mention SZTP, and it doesn't have that link.
I think that there are better ways to do accomplish the configuration, such
as extending the BRSKI-EST link with new actions.
--
Michael Richardson , Sandelman Software Works
-
bits. Using bits is probably a failure.
Probably you need an IANA registry of posture definitions, and it probably
needs to have an integer per item. There is probably need to have vendor
extensions, probably by PEN.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT
o be wrapped up into onboarding, but
I don't think it can be done WITHIN the voucher, which is what I'm guessing
you have done.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@san
SCORE context with a symmetric key can count.
You have latched onto getting an LDevID without using EST.
Agreed: you don't need EST, you can use any other enrollment protocol you
want, and the BRSKI-AE document is about using CMP, for instance.
--
Michael Richardson. o O ( IPv6 IøT consulting )
ithout an LDevID?
I wouldn't call it an LDevID.
You don't need to do EST and ask for an LDevID.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_
understand properly, but I think yes, ANIMA expects LDevID for
> onboarded devices, so if you're building ACP using ACE crypto it should
> be fine.
I see no reason the (provisional)[D}TLS connection between Pledge and Registrar
can't be used to initialize a symmetric key for
discussion to share some lessons and recommend some best
practices. A number of IETF models are interdependent across WGs and benefit
from some coordination/consultation. Consider further tools and approaches to
benefit the entire community.
--
Michael Richardson. o O ( IPv6 IøT consulting
able to do signatures for mechanisms running on
the system containing the southbound interface. It could be embedded in a
secure element, as long as it can satisfy the needs of the southbound AKE
(whether that's (D)TLS or EDHOC).
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelm
ate 2022.
I think that the comments were part of the WGLC, so I suspect that the
document is now done WGLC.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Descript
internet-dra...@ietf.org wrote:
> Diff:
>
https://author-tools.ietf.org/iddiff?url2=draft-richardson-anima-registrar-considerations-07
The document was due for renewal, and I tried to add some text about how a
composite architecture may make PoP on the U_w/W (BRSKI-MASA) side difficult
Esko Dijk wrote:
> It could also be named +josejson or +jose-json then ? Not as nice as
> +jws but at least more relatable to the original media type name.
It seems like less of a good idea, but I'm not opposed to it.
--
Michael Richardson. o O ( IPv6 IøT cons
advise. While we have lots of running code (since 2018) for
voucher-jws, it's a
change we could probably make via Postel Principal.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
s://www.rfc-editor.org/info/std96 (RFC9052)
Encoding considerations: COSE is always encoded as CBOR, which is binary
Interoperability considerations: None
Fragment identifier considerations: N/A
Security considerations: as per RFC9052, section 12
Contact: IETF COSE WG
Author/Change controller: IESG
automatically make it
alive,
> but that does not appear to be the case.
I've asked supp...@ietf.org.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_
of ACE.
The AS == Registrar, I think.
Or, perhaps the AS uses a key that the local CA (mediated by the Registrar as
a trust anchor, /cacerts) has blessed in some way. How that works is TBD.
--
Michael Richardson. o O ( IPv6 IøT consulting )
internet-dra...@ietf.org wrote:
> directories. This Internet-Draft is a work item of the Autonomic
Networking
> Integrated Model and Approach (ANIMA) WG of the IETF.
> Title : Constrained Join Proxy for Bootstrapping Protocols
> Authors : Michae
st anchors.
For a PC, my notion is that BRSKI would not be used for the main CPU, but
rather for the BMC.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_
> EST, and EST being explicitly mentioned several times in that context..
Do people implementing the CMP-AE need to know what EST is in detail?
That doesn't jive with me. I think it can stay informative, but it's really
a quibble.
--
Michael Richardson. o O ( IPv6 IøT consulting )
1 - 100 of 1077 matches
Mail list logo
