malishav
commented
2 weeks ago OLD:
During initial enrollment, the EST-oscore client and server run EDHOC [RFC9528] to authenticate and establish the OSCORE Security Context used to protect the messages carrying EST payloads.
NEW:
The enrollment using EST-oscore is based on the existence of an OSCORE Security Context protecting the EST payloads. This Security Context is typically established through an EDHOC session preceding the initial enrollment. Re-enrollment does not require a new EDHOC session.
Based on @EskoDijk 's review in https://mailarchive.ietf.org/arch/msg/ace/I70MHcCzSfPIy28lDqxEOcllgJw/:
Is EDHOC only run during the initial / first enrollment – and then never again? Or does it in some cases need to be “refreshed” before doing a re-enrollment?