OSCORE over coap at server side

[sbernard31]

Here we discuss about how integrate OSCORE over coap at server side.

Some ideas I have in mind :
A Leshan server user want to say that a device with the endpoint "mydevice" should communicate in OSCORE. So he creates a new SecurityInfo("mydevice", oscore indentifier ....) and I add it to the security store.

When a device use OSCORE, we could image that this is visible in endpoint context. From this we create the corresponding identity, then the authorizer is responsible to check if this device should connect itself using oscore and if it use the right oscore parameter (looking in security store).

For sending request we should also put pertinent data in endpointcontext like we do here

The idea is to make pretty much the same as we did for DTLS with PSK.

(@rikard-sics tell me if it makes senses)

[rikard-sics]

The idea is to make pretty much the same as we did for DTLS with PSK.

Yes I think the points you outline make a lot of sense. Especially trying to make the OSCORE functionality mirror how things are done for DTLS PSK.

[rikard-sics]

I have now created a PR for setting an identity and matching the identity when using OSCORE here #766

One thought I had was that long-term we could have something like the PskStore but for OSCORE contexts, rather than the OscoreHandler used now.

[rikard-sics]

I have now created a PR to add support for OSCORE communication to the bootstrap server also. See #857

[rikard-sics]

I have now created a PR #919 to enable the client bootstrapping to receive OSCORE security material.

[sbernard31]

With #1277 integrated in master and missing work listed at #725 (comment).

Maybe we can close this one too ?
@rikard-sics WDYT ?

[rikard-sics]

Maybe we can close this one too ?
@rikard-sics WDYT ?

Yeah, I think so. There are other issues like #725 we can continue the discussions in.