Hi Michael,

> Owen, do we have a need to recognize that a device needs to perform
> onboarding again after a movement?
> i.e. device A enrolls on network 1, gets an LDevID usable on network 1,
> uses that with EAP-FOOBAR.
> device A then is moved to network 2, it tries to use same LDevID,
> receives an error and then recognizes that it needs to perform another
> enrollment.

I think that is up to the device manufacturer and relates to a number of 
factors, such as whether the device is mobile, whether it has a reset button, 
the nature of the device, privacy considerations, whether there are federated 
capabilities on the device, etc.

> What is that error, and is it recognizeable?  Do we need a new error
> code to distinguish from "I reject you" from "I reject you but, you
> could try enrolling with BRSKI-TEAP"

I think that can already be detected in the draft based on the action request 

> (hoping re-installed laptop works)
> <pEpkey.asc>_______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu

Emu mailing list

Reply via email to