Eric Rescorla <e...@rtfm.com> wrote:
mcr> How can they join the victim's network, if the point of the
mcr> enrollment is to provide the device with keys to be able to join the
mcr> victim's network?
> Ah, now I think we're getting somewhere. I had understood the point of
> the enrollment in this context to be to get it to join the ANIMA
> fabric, not necessarily the physical network (hence why we have ACP,
> etc.)
> Am I just totally missing the point here?
Yes, in the BRSKI context of ISP provisioned autonomic networks, it's to join
the ACP fabric.
If it's a BFR/etc. then it joined the physical network by being physically
plugging in.
The port that it is physically plugged into might have some protection.
We also imagine that there are only two devices on that piece of (dark?) fiber.
We don't think that audit-vouchers will be used for larger value equipment.
In other contexts, (6tisch, light bulbs) which are wireless, then there has
to be some "join" network on which the device connects. The details of that
are not in the voucher document, because it has to be in the specifics of the
network.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
