Hi Ludwig, Ludwig Seitz <[email protected]> writes:
> On 2017-06-24 02:00, Jim Schaad wrote: >> * We communicate the profile to be used to the client, however it is not >> currently being communicated to the server. If the server wants to keep the >> OSCOAP and DTLS keys separate, this needs to be done. Does it makes sense >> to put this in the 'cnf' field? >> > > My perhaps naive assumption was that the profile should be obvious to > the server, since the client will initiate the communication > accordingly e.g. send an OSCOAP message if the OSCOAP profile is to be > used, or start a DTLS handshake if the DTLS profile is to be used. > > If we where to tackle this, how would we signal the profile to the > server? Securely sending messages to the server already implies the > use of a specific profile, so it seems like a hen-and-egg problem to > me. Related to another issue, we had briefly discussed the possibility that the entity that contacts the AS is not the client that seeks to contact the RS. Where this is the case, there is no reason to assume that the security protocol used to retrieve the access token from the AS is the same that is used for the communication between C and RS. A profile might want to explicitly forbid this practice, though. Grüße Olaf _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
