EST-coaps as application over COAP (Klaus WGLC review 2/12/2019)

[csosto-pk]

2. "Therefore, this specification utilizes DTLS [RFC6347], CoAP [RFC7252] and UDP instead of TLS [RFC8446], HTTP [RFC7230] and TCP." -- Is there a technical reason why EST could not be done over CoAP over TCP, TLS, WebSockets, or SMS? I understand that it was fashionable at some point to fork a protocol like HTTP, layer some stuff on top of it and call it a new protocol. However, I would strongly recommend that EST-coaps is presented as an application that is strictly layered on top of CoAP and doesn't define its own custom protocol stack.

[csosto-pk]

However, I would strongly recommend that EST-coaps is presented as an application that is strictly layered on top of CoAP and doesn't define its own custom protocol stack.

The goal was to run EST over COAP over a secure transport which by definition is DTLS.

We will make sure we update the text (Figure 1, Section 2, 4 and 5) to make sure that it does not look like EST-coaps defines its own custom protocol stack.

[mcr]

If someone wants to write a document that says, "RFCXXXX is ace-coap-dtls, using CoAP over TCP with TLS", then they can do that. That's not our goal. And we aren't trying to be so general that nobody knows what to implement.

[csosto-pk]

We made some changes to reflect that EST-coaps does not define its own transport or protocol stack. We changed Figure 1 to

+------------------------------------------------+ | EST request/response messages | +------------------------------------------------+ | CoAP for message transfer and signaling | +------------------------------------------------+ | Secure Transport | +------------------------------------------------+

We also updated text to

Therefore, this specification utilizes DTLS [RFC6347] and CoAP [RFC7252] and UDP instead of TLS [RFC8446] and HTTP [RFC7230].

We also updated text to say

EST-coaps depends on a secure transport mechanism that secures the exchanged CoAP messages. DTLS is one such secure protocol.