> On 11 Oct 2019, at 13:04, Michael Richardson <mcr+i...@sandelman.ca> wrote: > > > Eliot Lear <l...@cisco.com> wrote: >> Before we nail this down, it seems like we need to have a discussion >> about how best to onboard wired IoT devices in particular from an >> on-prem view. The issue here is that EAP-TLS-PSK is useful for that >> purpose, as we discussed. Now there is nothing particularly special >> about PSK and we could run with a naked public key pair as well in 1.3, >> but we have to choose something. > > okay, so why do you prefer PSK?
I do not. But we need to have *a* flow for on prem onboarding. TLS-PSK is one approach, but there are others. I just want a discussion before we nail this down, as I wrote. > >> The fundamental question is what does >> a manufacturer stamp into the device and what is placed on a label. We >> have a running example of DPP doing this for wireless with public key >> code, but that doesn’t get us to proper onboarding for wired – the >> signaling just isn’t there. > > I don't understand this. > Are you saying that because it's wired, people do not expect to scan > anything? No quite the opposite- I’m saying that there is at least one way to do this with Wifi, but no way to do this for wired right now, an we need one. Eliot > > -- > ] Never tell me the odds! | ipv6 mesh networks [ > ] Michael Richardson, Sandelman Software Works | network architect [ > ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails > [ >
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu