Brian E Carpenter <[email protected]> wrote: >> Confused about this last comment. MichaelR pointed out the case of a >> legacy network management platform, where you can easily add GRASP, >> but not ACP support. I concur with this view: We saw this a lot in >> customer deployment discussions. >> >> When you say "during initialization of nodes", Brian, do you mean of >> management stations or of nodes out there in the network?
> It's supposed to mean *before* the node has a valid certificate,
> i.e. no kind of security can be made to work. So we're talking about
> milliseconds to seconds of exposure, I hope, while BRSKI does its job.
This is not at all what I'm talking about.
>> In my understanding I would have written something like "until network
>> management systems can be upgraded to full ACP support ..."
> Right, that's a different type of transition... but there wouldn't we
> want to insist on (D)TLS or something like that? (Which again assumes
> certificates are available.)
That's what I'm talking about.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
