SPAKE, DTLS and passwords
Michael Richardson
mcr at sandelman.ca
Wed Oct 6 02:09:21 AEDT 2021
Joseph Reynolds <jrey at linux.ibm.com> wrote:
> On 10/4/21 4:47 PM, Michael Richardson wrote:
>> Joseph Reynolds <jrey at linux.ibm.com> wrote:
>> > The planned IPMI over DLTS function will have certificate-based
>> > authuentication.
>>
>> Do you mean that the server will be authenticated with a certificate, or that
>> it will use mutual authentication?
> I understand this means mutual-TLS.
> Based on the gerrit design:
> https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/31548/4/designs/ipmi-over-dtls.md
So, why is a password needed?
> Note that design also says the server will have an identity certificate; same
> as the HTTPS certificate described in
> https://github.com/openbmc/bmcweb/blob/master/README.md
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20211005/3c7697fe/attachment.sig>
More information about the openbmc
mailing list