- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Thu, 13 Aug 2015 09:34:07 -0700
- To: Kent Watsen <kwatsen@juniper.net>
- Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>, "Max Pritikin (pritikin)" <pritikin@cisco.com>
On 13 August 2015 at 07:57, Kent Watsen <kwatsen@juniper.net> wrote:
> I'm good with an over-the-top solution, but do you think we can cleanly
> embed a certificate in the message body of an HTTP redirect message? -
> what would the Content-Type be? If not, then we'd have to define an
> explicit resource to get the secure redirect information (both the
> hostname and certificate) - this is definitely doable, though it seems a
> bit clumsy, what do you think?
I don't think that you want to use a redirect. How about plain old
JSON with a shiny new content-type of your own invention:
{
"gohere": "https://url.example...",
"butfirstusethese": {
"trustanchors": "a PEM-encoded certificate",
}
}
That's not generic, but it's not unreasonable for the device to
natively support a little more protocol machinery in order to avoid
having to be manually configured.
p.s., Ted pointed me at:
https://tools.ietf.org/html/draft-ietf-netconf-zerotouch, it seems
like you have most of the infrastructure there already.
Received on Thursday, 13 August 2015 16:34:37 UTC