> On 11 Oct 2019, at 13:04, Michael Richardson <mcr+i...@sandelman.ca> wrote:
> Eliot Lear <l...@cisco.com> wrote:
>> Before we nail this down, it seems like we need to have a discussion
>> about how best to onboard wired IoT devices in particular from an
>> on-prem view.  The issue here is that EAP-TLS-PSK is useful for that
>> purpose, as we discussed.  Now there is nothing particularly special
>> about PSK and we could run with a naked public key pair as well in 1.3,
>> but we have to choose something.
> okay, so why do you prefer PSK?

I do not.  But we need to have *a* flow for on prem onboarding.  TLS-PSK is one 
approach, but there are others.  I just want a discussion before we nail this 
down, as I wrote.

>> The fundamental question is what does
>> a manufacturer stamp into the device and what is placed on a label.  We
>> have a running example of DPP doing this for wireless with public key
>> code, but that doesn’t get us to proper onboarding for wired – the
>> signaling just isn’t there.
> I don't understand this.
> Are you saying that because it's wired, people do not expect to scan
> anything?

No quite the opposite- I’m saying that there is at least one way to do this 
with Wifi, but no way to do this for wired right now, an we need one.


> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        | network architect  [
> ]     m...@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    
> [

Attachment: signature.asc
Description: Message signed with OpenPGP

Emu mailing list

Reply via email to