Eliot Lear <l...@cisco.com> wrote: >> Eliot Lear <l...@cisco.com> wrote: >>> Before we nail this down, it seems like we need to have a discussion >>> about how best to onboard wired IoT devices in particular from an >>> on-prem view. The issue here is that EAP-TLS-PSK is useful for that >>> purpose, as we discussed. Now there is nothing particularly special >>> about PSK and we could run with a naked public key pair as well in >>> 1.3, but we have to choose something. >> >> okay, so why do you prefer PSK?
> I do not. But we need to have *a* flow for on prem onboarding. > TLS-PSK is one approach, but there are others. I just want a > discussion before we nail this down, as I wrote. >> >>> The fundamental question is what does a manufacturer stamp into the >>> device and what is placed on a label. We have a running example of >>> DPP doing this for wireless with public key code, but that doesn’t >>> get us to proper onboarding for wired – the signaling just isn’t >>> there. >> >> I don't understand this. Are you saying that because it's wired, >> people do not expect to scan anything? > No quite the opposite- I’m saying that there is at least one way to do > this with Wifi, but no way to do this for wired right now, an we need > one. So, can wired just be a degenerate version of wifi, where there can be only one "ESSID", and there are no beacons to consider? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
Description: PGP signature
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu