Closed malishav closed 4 months ago
Section 5 of RFC9148 indeed discusses the HTTPS-CoAPs "Registrar" which acts as a HTTP-CoAP proxy and enables the EST-server to talk only HTTP/TLS. While RFC9148 mentions a possibility of encrypting server-generated keys end-to-end using CMS object security, it does not mandate it. RFC9148 does not mention recommendations on this architecture.
@mcr: Do you have an opinion on this issue?
I agree that server generated keys MUST NOT be visible to a proxy. I don't think that this should make outlaw server generated keys, if they can be secured end-to-end. That RFC9148 is allowed to rely upon transport security is acceptable, because there is transport security. If EST-OSCORE can not provide end to end transport security, then I agree, it must mandate CMS object security, or it must forbid server generated keys.
Agree with what (I think) the IETF 118 WG consensus was: to not update RFC 9148 on this aspect.
Although it may not be advisable to use this "proxy" architecture i.e. "Registrar" of section 5, the underlying idea of it was that the "Registrar" is a trusted component of the PKI infrastructure just like a BRSKI Registrar (RA) is or an EST Server (RA) is. So it's not like a generic CoAP-to-HTTP proxy that would suddenly learn the deepest secrets of the network.
In some deployments, the Registrar may be co-located on the EST server even. This is handy to add CoAP to the EST server without needing to mess with the original codebase of the EST server.
IETF 118 consensus on this issue was not to update RFC 9148 on recommendations regarding the "proxy" architecture. Closing.
From John Mattsson's review (https://mailarchive.ietf.org/arch/msg/ace/h85KdNLkMxqzCZjJlY-fGlPEyVw/):