peter van der Stok
2017-08-03 09:03:13 UTC
Hi all,
Possibly there has been already a discussion on the relation between the
drafts
selander-ace-cose-edhce (EDHOC) and ietf-core-object-security (OSCOAP).
In that case my apologies.
If I understand correctly, EDHOC together with OSCOAP provide security
at the application layer, using COSE, the same way as DTLS and TLS do at
the transport layer by creating a common secret and using that for the
communication.
OSCOAP draft describes that an alternative to EDHOC can be provided by
using the proposed oauth-authz protocol.
That alternative to EDHOC, in my understanding, motivates the separation
of the two drafts: EDHOC and OSCOAP.
However, I assume that a browser that supports coaps by using OSCOAP
instead of DTLS, will also use EDHOC.
For 6tisch the EALS protocol, described in selander-ace-eals, also uses
both protocols EDHOC and OSCOAP.
In OSCOAP the importance of EDHOC to OSCOAP is described, but the EDHOC
draft summarily refers to OSCOAP and then uses it for the
implementation.
Unless my understanding is completely wrong, may I suggest that both
drafts provide normative references to each other and explain this tight
coupling. A logic consequence is then that both drafts form a package to
be brought to RFC together.
Looking forward to being corrected,
Peter
Possibly there has been already a discussion on the relation between the
drafts
selander-ace-cose-edhce (EDHOC) and ietf-core-object-security (OSCOAP).
In that case my apologies.
If I understand correctly, EDHOC together with OSCOAP provide security
at the application layer, using COSE, the same way as DTLS and TLS do at
the transport layer by creating a common secret and using that for the
communication.
OSCOAP draft describes that an alternative to EDHOC can be provided by
using the proposed oauth-authz protocol.
That alternative to EDHOC, in my understanding, motivates the separation
of the two drafts: EDHOC and OSCOAP.
However, I assume that a browser that supports coaps by using OSCOAP
instead of DTLS, will also use EDHOC.
For 6tisch the EALS protocol, described in selander-ace-eals, also uses
both protocols EDHOC and OSCOAP.
In OSCOAP the importance of EDHOC to OSCOAP is described, but the EDHOC
draft summarily refers to OSCOAP and then uses it for the
implementation.
Unless my understanding is completely wrong, may I suggest that both
drafts provide normative references to each other and explain this tight
coupling. A logic consequence is then that both drafts form a package to
be brought to RFC together.
Looking forward to being corrected,
Peter
--
Peter van der Stok
Peter van der Stok