Hi,

This is interesting (technically out of scope for
"professionally managed" networks, perhaps).

> 5.3.  Connect to BRSKI join network
....
> Receipt of an answer confirms that the
>    ESSID is correct and present.

Or a forged clone? If you are relying on the AR's IID
value for this, perhaps you need to specify that it must
be a pseudo-random value per RFC8064. Even so, there must
be a residual risk of a forgery.

....
>  (XXX - not using GRASP here.  Could use GRASP, but QR code is better)

You could use GRASP, but the AR is not a real registrar yet, so
IMHO it MUST NOT support the "AN_join_registrar" objective.
I think you'd need a short-lived "AN_adolescent_registrar"
objective, and you'd still need to check the link-local address,
so there would really be no advantage.

> 5.12.  Adolescent Registrar (AR) grows up
....
>    The AR is now considered a full registrar.  The AR now takes on the
>    role of Registrar.

Presumably at this point it does support GRASP "AN_join_registrar"?

Regards
   Brian Carpenter

On 12-Mar-19 06:43, [email protected] wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> 
> 
>         Title           : BRSKI enrollment of with disconnected Registrars -- 
> smarkaklink
>         Authors         : Michael Richardson
>                           Jacques Latour
>                           Faud Khan
>                           Abhishek Joshi
>       Filename        : draft-richardson-anima-smarkaklink-00.txt
>       Pages           : 22
>       Date            : 2019-03-11
> 
> Abstract:
>    This document details the mechanism used for initial enrollment using
>    a smartphone of a BRSKI Registrar system.
> 
>    There are two key differences in assumption from
>    [I-D.ietf-anima-bootstrapping-keyinfra]: that the intended registrar
>    has Internet, and that the Pledge has no user-interface.
> 
>    This variation on BRSKI is intended to be used in the situation where
>    the registrar device is new out of the box and is the intended
>    gateway to the Internet (such as a home gateway), but has not yet
>    been configured.  This work is also intended as a transition to the
>    Wi-Fi Alliance work on the Device Provisioning Protocol (DPP).
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-richardson-anima-smarkaklink/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-richardson-anima-smarkaklink-00
> https://datatracker.ietf.org/doc/html/draft-richardson-anima-smarkaklink-00
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> I-D-Announce mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> 

_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima

Reply via email to