Explain EDHOC or alternatives as OSCORE boostraps, add citations for …

…the ACE profiles
anr-bmbf-pivot · Feb 22, 2024 · e293e31 · e293e31
1 parent 3a5c489
commit e293e31
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/draft-lenders-core-dnr.md b/draft-lenders-core-dnr.md
@@ -70,6 +70,8 @@ informative:
     author:
       org: OMA SpecWorks
     target: https://omaspecworks.org/white-paper-lightweight-m2m-1-1/
+  I-D.ietf-ace-edhoc-oscore-profile: ace-edhoc
+  RFC9203: ace-oscore
 
 --- abstract
 
@@ -102,8 +104,13 @@ CoAP comes with 3 security modes that would need to be covered by the SvcParams:
   transfered over TCP {{-coap-tcp}}.
 - **Object Security:** Application-layer based object encryption within CoAP based on OSCORE
   {{-oscore}}. OSCORE can be either used as an alternative or in addition to transport security.
-  EDHOC {{-edhoc}} is used to establish the encryption context between two hosts and OSCORE-ACE
-  [citation?] can be used for authentication of a server.
+
+  OSCORE keys are not usable indefinitely and need to be set up,
+  for example through an EDHOC key exchange {{-edhoc}},
+  which may use credentials from trusted authorization server (AS)
+  as described in the ACE EDHOC profile {{-ace-edhoc}}.
+  As an alternative to EDHOC,
+  keys can be set up by such an AS as described in the ACE OSCORE profile {{-ace-oscore}}.
 
 ## Problems