Re: [Ace] draft-ietf-ace-coap-est-00

peter van der Stok <stokcons@xs4all.nl> Wed, 14 March 2018 08:18 UTC

Return-Path: <stokcons@xs4all.nl>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 593151204DA; Wed, 14 Mar 2018 01:18:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nN4lSJGndERr; Wed, 14 Mar 2018 01:18:45 -0700 (PDT)
Received: from lb2-smtp-cloud9.xs4all.net (lb2-smtp-cloud9.xs4all.net [194.109.24.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB4101200C5; Wed, 14 Mar 2018 01:18:44 -0700 (PDT)
Received: from webmail.xs4all.nl ([IPv6:2001:888:0:22:194:109:20:212]) by smtp-cloud9.xs4all.net with ESMTPA id w1cQeyKuZAB0ww1cQeX1NY; Wed, 14 Mar 2018 09:18:43 +0100
Received: from 2001:983:a264:1:15d9:bea4:1c5b:2143 by webmail.xs4all.nl with HTTP (HTTP/1.1 POST); Wed, 14 Mar 2018 09:18:42 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
Date: Wed, 14 Mar 2018 09:18:42 +0100
From: peter van der Stok <stokcons@xs4all.nl>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: draft-ietf-ace-coap-est@ietf.org, ace@ietf.org
Organization: vanderstok consultancy
Reply-To: consultancy@vanderstok.org
Mail-Reply-To: consultancy@vanderstok.org
In-Reply-To: <24297.1520991636@obiwan.sandelman.ca>
References: <001d01d3b8b4$f6e71600$e4b54200$@augustcellars.com> <e426d5786082bdc863fbe6a5960c112b@xs4all.nl> <24297.1520991636@obiwan.sandelman.ca>
Message-ID: <d716e4e92bcd44b891469a7f6a92598d@xs4all.nl>
X-Sender: stokcons@xs4all.nl
User-Agent: XS4ALL Webmail
X-CMAE-Envelope: MS4wfMsg9h1faPYUX3ULpeKs2hPyxbt/dJ/YvqjqSKXdLGnvTvSercmsGqaJkNZ9P/3KX+EZYCGxPO8WsjBYtcBDQTN7CpywaI/tH+LtwoHNg2Oi8n1Olh3u z4tA1r2s7Q8al7WdzyGMpL/VPjzgccUXza5hFikdIGgYUhlZ04V8ImpeCPkweTLrRrm4kyA3eX8UL8Z6bW1M0WxutCBYrQAX7/rlmiiSjGD0uyhW39MBH1XX ZVuuPleR2UnPOgCnVxhx/A==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/yX4GD68XtoyD8GSKv636hzc9xgc>
Subject: Re: [Ace] draft-ietf-ace-coap-est-00
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Mar 2018 08:18:47 -0000

>     >> * Should probably add a note in section 6 that any proxy that 
> terminates
>     >> the
>     >> DTLS connection is going to be required to act as an RA.  RAs
> are required
>     >> to have the entire request for adding authentication as 
> necessary.
> 
>     > This is visible in the figure of section 6, but needs elaboration 
> in the
>     > text.
> 
> I don't understand why we have that paragraph.
> An end point that terminates the Pledge (D)TLS connection and acts as
> an RA *IS* a Join Registrar, not a Proxy.
> 

Thus is outside the BRSKI context, and thus a proxy with RA (separate or 
not)