Hi Michael,
> > Owen, do we have a need to recognize that a device needs to perform > onboarding again after a movement? > > i.e. device A enrolls on network 1, gets an LDevID usable on network 1, > uses that with EAP-FOOBAR. > > device A then is moved to network 2, it tries to use same LDevID, > receives an error and then recognizes that it needs to perform another > enrollment. > I think that is up to the device manufacturer and relates to a number of factors, such as whether the device is mobile, whether it has a reset button, the nature of the device, privacy considerations, whether there are federated capabilities on the device, etc. > What is that error, and is it recognizeable? Do we need a new error > code to distinguish from "I reject you" from "I reject you but, you > could try enrolling with BRSKI-TEAP" I think that can already be detected in the draft based on the action request frames. Eliot > > > (hoping re-installed laptop works) > > > <pEpkey.asc>_______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu