On Mon, Apr 4, 2016 at 7:39 AM, Peter Gutmann <[email protected]> wrote: > Watson Ladd <[email protected]> writes: > >>Why can't embedded devices use certificates? > > Because they have neither a DNS name nor a fixed IP address. I ran into this > just last week with a customer, they couldn't use certs for their embedded > devices and couldn't use PSK because the browser vendors have chosen not to > support it. As a result, they abandoned the use of TLS altogether and went > with SSH.
Actually, PKI certs are not required. There is an extension to support use of bare keys for authentication. And if you can provision with a shared secret, you can provision with a private key. > > Peter. -- "Man is born free, but everywhere he is in chains". --Rousseau. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
