SPAKE, DTLS and passwords

Joseph Reynolds jrey at linux.ibm.com
Wed Oct 6 01:50:01 AEDT 2021



On 10/4/21 4:47 PM, Michael Richardson wrote:
> Joseph Reynolds <jrey at linux.ibm.com> wrote:
>      > The planned IPMI over DLTS function will have certificate-based
>      > authuentication.
>
> Do you mean that the server will be authenticated with a certificate, or that
> it will use mutual authentication?

I understand this means mutual-TLS.
Based on the gerrit design: 
https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/31548/4/designs/ipmi-over-dtls.md

Note that design also says the server will have an identity certificate; 
same as the HTTPS certificate described in 
https://github.com/openbmc/bmcweb/blob/master/README.md

Joseph

...snip...

> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> ]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
>
>
>
>



More information about the openbmc mailing list