registration
1、"Trusted Device Authorities" in RiHello
"The parameter is not sent if the RI already has the Device's certificate";
If the parameter is present, "the Device MUST choose a certificate chaining back to one of the recognised trust anchors".
When there is a chain of trust, usually the top entity to be trusted becomes the trust anchor, it can be for example a certificate authority (CA). (http://en.wikipedia.org/wiki/Trust_anchor)
The trust anchor for the digital certificate is the Root certificate authority (CA). (http://en.wikipedia.org/wiki/Chain_of_trust)
2、"Peer Key Identifier" in RiHello
"If the RI has stored the Device public key the RI MUST use this extension in the ROAP-RIHello."
"If the identifier matches one of the Device ID’s in the preceeding DeviceHello message, it means the RI has already stored that Device ID and the corresponding Device certificate chain".
3、"Certificate Caching" in RiHello
"this extension indicates to the Device that the RI has the capability to store information about the Device certificate".
4、"Certificate Chain" in RegistrationRequest
"This parameter MUST be present unless the preceding ROAP-RIHello message contained the Peer Key Identifier extension and its value identified the key in the Device's current certificate".
If 1 present, "the Device MUST select a Device certificate and chain which chains back to one of the trust anchors indicated by the RI".
5、"Trusted RI Authorities" in RegistrationRequest
6、"Peer Key Identifier" in RegistrationRequest
MUST send "if, and only if, it has stored the RI public key corresponding to the RI ID in the preceding RI Hello message."
7、"No OCSP Response" in RegistrationRequest
Indicates that "the Device has cached a complete set of valid OCSP responses for this RI".
MUST send "if, and only if, it has a complete set of valid OCSP responses for the RI certificate chain".
8、"OCSP Responder Key Identifier" in RegistrationRequest
MUST send "if, and only if, it has stored an OCSP Responder key for this RI".
9、"Certificate Chain" in RegistrationResponse
"This parameter MUST be present unless the preceding ROAP-RegistrationRequest message contained the Peer Key Identifier extension, the extension was not ignored by the RI, and its value identified the RI's current key."
When 5 present, "the RI SHOULD select a certificate and chain which chains back to one of the trust anchors".
10、"OCSP Response" in RegistrationResponse
"be a complete set of valid OCSP responses for the RI's certificate chain".
"This parameter will not be sent" if 7 present.