Does objectsecurity='edhoc' imply CA based? Probably for lack of othe…

…r indications.
anr-bmbf-pivot · Feb 23, 2024 · 5d7f56e · 5d7f56e
1 parent ab9e003
commit 5d7f56e
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/draft-lenders-core-dnr.md b/draft-lenders-core-dnr.md
@@ -248,6 +248,9 @@ svc-params:
  - port=61616
 ~~~~~~~~
 
+The use of objectsecurity="edhoc" with an authenticator-domain-name and no further ACE details indicates
+that the client can use CA based authentication of the server.
+
 ## DoC over ACE-OSCORE
 Using ACE, we require an OAuth context to authenticate the server in addition to the
 “objectsecurity” key. We propose three keys “oauth-aud” for the audience, “oauth-scope” for the