Eric Rescorla <e...@rtfm.com> wrote: mcr> How can they join the victim's network, if the point of the mcr> enrollment is to provide the device with keys to be able to join the mcr> victim's network?
> Ah, now I think we're getting somewhere. I had understood the point of > the enrollment in this context to be to get it to join the ANIMA > fabric, not necessarily the physical network (hence why we have ACP, > etc.) > Am I just totally missing the point here? Yes, in the BRSKI context of ISP provisioned autonomic networks, it's to join the ACP fabric. If it's a BFR/etc. then it joined the physical network by being physically plugging in. The port that it is physically plugged into might have some protection. We also imagine that there are only two devices on that piece of (dark?) fiber. We don't think that audit-vouchers will be used for larger value equipment. In other contexts, (6tisch, light bulbs) which are wireless, then there has to be some "join" network on which the device connects. The details of that are not in the voucher document, because it has to be in the specifics of the network. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima