+ the URL to the prepared (and idempotent, therefore cachable) audit
+ response in the Location: header.
Does this fix things for you?
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
eems a tad generic.
Renamed already.
Ben, I'm posting the -25, and then moving on back to the responses to
my responses, including Adam's concerns.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works
onceless vouchers, then they could issue vouchers for devices which
are not yet in service. This attack may be very hard to verify and
as it would involve doing firmware updates on every device in
warehouses (a potentially ruinously expensive process), a
manufacturer might be reluctant t
turer's trust anchor for the first time, and then
doc> the trust anchor would be installed to the trusted store. There are
doc> risks with this; even if the key to name is validated using something
doc> like the WebPKI, there remains the possibility
> nit
Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP signature
___
step. Subsequent sales just extend the chain. We didn't go this
way because:
1) it mandates sales channel integration, and we think that this will be
rare at the beginning.
2) any party in the chain can issue a new sale certificate, effectively
stealing the device from the current
was once owned by Registrar A (but sold), then there is a hole
that would permit Registrar A to ask for history. But this is legitimate,
because perhaps it wasn't actually sold, but in fact stolen, and when
they can't get the device to respond, the operator could ask if the device
into a regular
contributor.
As he was also the document shepherd, we had a conversation with
our AD about the appropriateness of this change, and got approval.
The WG, of course, may have other opinions, as it is the WG's document,
and people should not feel shy this.
--
Michael Richardson
LS or extend our own model
> with something like BRSKI but not BRSKI?
> While I cannot predict how the various participants in the OPC WGs will
> respond to question 3), I do know it would make collaboration a lot
> easier if the answer to 2) was yes.
I think yes
r in August.
Awesome.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails[
--
Michael Richardson ,
de by the
> certificate must be validated, and that the received certificate and
> chain must be retained for later validation.
Added:
The signatures in the certificate MUST be validated even if a
signing key can not (yet) be validated. The certifi
Michael Richardson wrote:
> I hoping for some discussion about this comment that I previously
> responded to, but it probably got buried.
Actually, you did respond on July 20, in an email that I thought to re-read
after pushing send.
In it you said:
mcr> I would n
3 useful.
(I try never to use "X509", because the ITU left us with an unuseable
mess, and I don't think they deserve any credit)
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
__
RSKI document has been dealing with
in its IESG review. If we can't change the trust anchors used to verify
the voucher, then how can the device be onboarded after the MASA
has gone away?
I don't understand how RFC8572 slipped through the IESG without resolving this.
--
Michael Richardson , Sandel
draft-ietf-netconf-trust-anchors) can be used
> by a controller/NMS application to configure/set/push trust-anchor
> certs used, e.g., to verify a remote server's end-entity certificate.
But, more interestingly, it can be used to update the trust anchors, to
enable a resale/transfer of ownership!
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
Device proves it has possession of the Device
> private key.
> That said, the KeyPair used for communication does not need to be the
> same as the KeyPair used to authenticate.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.
I totally see how it gets initial configuration though.
I also see how that initial configuration can be caused to do an enrollment,
by leveraging some specific, vendor-specific, configuration command.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
De
ft-ietf-netconf-keystore
is that it would provided for Registrar initiated (PUSH) updating of device
certificates, but would not provide a way for a device to initiate (PULL) to
a securely identified EST server.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signat
a DC, or adjacent distillation tower in a
refiner), to use the device in my suite/cabinet/tower.
The key problem is the verb "has" needs to be made very clear.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.as
to be profiled.
RFC8572 uses CMS signed JSON for vouchers, and for some configuration
assertions, and while RESTCONF is an option, it's not the only option.
I have downloaded the OPC documents, and I'll skim them tomorrow.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consult
Brian E Carpenter wrote:
> On 07-Aug-19 05:24, Michael Richardson wrote:
>>
>> I read draft-ietf-anima-grasp-api from the expired drafts list.
> Right, the -03 draft expired while we were in Montreal. Our plan is to
> make the next update after the
ent.
nits:
2.3.1.3: s/neg/negotiate/
I found the "NEG" term in GRASP confusing, because it seems like
NEGative, rather then NEGotiate. I'd prefer it was spelt out in
the API.
s/dry/dryrun/
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
Kent Watsen wrote:
> Skimming quickly, I see now the direction to go to a cloud registrar to
> be redirected to a local registrar. I feel compelled to point out that
> this is exactly what SZTP (RFC 8572) does, or at least, supports.
> Actually, as a more general statement, it
Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP signature
___
t; routing protocol and aliveness parameters of ACP/data-plane.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
;> for the mega range that you have mentioned). That being said, I want
>> to be sure that the SID draft will not be delayed in case that draft
>> is delayed for any reason, so maybe we will need to discuss.
Michael Richardson wrote:
> I have opened a github issue against th
this is where i have not tried to validate),
> that MacSec should equally be able to utilize multiple keypairs,
> probably mapped by VLAN or ethertype. But the question of course is
> whether you want/can expect that MACsec MIC chips have that feature.
The people in the line behind
h networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf
/rfcdiff?url2=draft-ietf-anima-bootstrapping-keyinfra-24
There are still two significant bits of DISCUSS that I have yet to deal with.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect
Carsten Bormann wrote:
> On Jul 17, 2019, at 19:10, Michael Richardson
> wrote:
>>
>> always base64 the payloads
> Which means that the content-type headers lie. Backwards
> combyativbility [actual autocorrect result :-)] can be nasty. But
rsonally
> prefer a new registry, but I understand that it might be a bit more
> work in the document.
I prefer Updates: 7030.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
can also be
- used for matching purposes. As noted in that document this is not
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/
s applied.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP
Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP signature
___
ssed in the
> doc. However, this is a usual safety measure we are building in all
> protocols (expect there is a good reason to do otherwise), e.g. also
> for routing protocols, because you never know for sure how future
> deployment scenarios will look like.
I have
quot;ietf-mud-extens...@2018-02-14.yang"
> is, but it seems a tad generic.
I changed ietf-mud-extension to ietf-mud-brski-masaurl-extension.
> Appendix D
> [Just checking that Michael wants sandelman.ca embedded in the final
> RFC]
I don't have a problem with it. There
a process that can be
outsourced, and that customers will insist that it is escowed. 25 years ago,
when I worked in one of the first firewall companies, dead 20 years now, I
regularly provided escrow tapes. It's almost never worth the customers'
money to use them, but I'm sure someone has used them.
-
it has to work. And putting the onus for that
> on the original vendor does NOT seem an effective solution.
As long as vendors support blue cables, and are willing to provide firmware
updates, I don't see any change.
--
] Never tell me the odds! | ipv6 mesh networks [
] Mich
se case is the domain of TR-069. I don't know what DSL
providers do, some have service PPPoE username/password that they use.
Let other use cases write different requirements for access.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson,
specific quality (e.g., idempotence),
> say so explicitly.
I have removed the two occurences of "RESTful", and in the place where
we use 201-Created w/Location:, I mentioned that it is the idempotency that
is probably important.
--
] Never tell me the odds!
ferences from IRI to URL, and the components from
iauthority to 'authority'.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rai
from the
point after the voucher is validated. This process SHOULD
include server certificate verification using an on-screen
fingerprint.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works
that this belongs at the end of 1.0, just prior to 1.1?
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
trust anchor since serial numbers are not globally
unique.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
y of sending MUST be such
that the aggregate amount of periodic M_FLOODs from all flooding
sources cause only negligible traffic across the ACP.
I will copy this text.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works
TCP, 80]
]
Figure 3: GRASP SRV.est example
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailma
is being sold is because the
sellor went into bankruptcy. There is no sellor Registrar to invoke this
API.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing l
r had a record of all previous ones,
going back to the original MASA issue voucher.
I had originally considered this to be the right way to do resale, but many
others thought it too complex.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.
define such an artifact in a
timely fashion, nor do I know which WG we'd do it in.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/|
from the various DISCUSSes:
https://tinyurl.com/y2qhjwh8
This does not suffer from being very very wide.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman
to scroll.
I may post a -23 version with a fix for ONLY the wide JSON, so that
a diff against -24 is more understandable. I can't do that until
22nd, but perhaps I'll stage it elsewhere until then.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting
> I think you want to use lower case "should" here.
Agreed.
> In 5.7 (and a similar issue elsewhere):
>{ "version":"1", "Status":FALSE /* TRUE=Success, FALSE=Fail"
> This is not valid JSON, this is not even valid pseudo-JSON. Please move
> the comment:
Already fixed, please see changes at:
https://tinyurl.com/y2ex324x
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
6 that has been obsolete by RFC 7230 and
> companions. I do note that there are no normative reference for that
> part in this document.
Fixed to 7230.
Yes, that wasn't even a real reference, just a literal [RFC2616].
--
] Never tell me the odds! | ipv6 mesh networks [
]
> You almost certainly don't want the service name to contain a leading
> underscore. That is added as part of the DNS-SD resolution process, but
> not part of the service name itself.
fixed.
>
---
> Appendix B:
>> For example, if the first
>> Multicast DNS _bootstrapks._tcp.local response doesn't work then the
>> second and third responses are tried.
> I got a little lost here. Where is the "bootstrapks" service defined?
> I don't see it defined in this document or registered at
>
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=bootstrapks
Toerless, can you help here?
I think that we renamed this.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
was, and we then agreed that there were
sometimes reasons to include the the entire URL, but that less is better.
We then looked for what the term for the "hostname:port" part was, and
found 3986 and 3987.
--
] Never tell me the odds! | ipv6 mesh networks [
] M
should solve, and for having not solved the problem that the WG
charter said was out-of-scope.
I'm curious if anyone has read Verner Vinge's Rainbow's End.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
represent some kind of change in business plans.
Would a PC vendor be interested if some Enterprise customer suddenly bought
only tablets?
The BRSKI-MASA connection does not reveal what is bought, but it does reveal
who is doing business with whom, and it may also reveal volume. This is
just tra
rg/doc/review-ietf-anima-bootstrapping-keyinfra-20-secdir-lc-huitema-2019-06-04/),
> please respond to the last two issues – random number generation and the
> missing assertion leaf.
I had not seen this second review, thank you.
I will read this on Thursday and post additional
. I suspect that the
first draft will mostly be a list of things not to do. ("Doctor it hurts when
I move my harm like this...")
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect
ong thread from concerned operators,
this move towards a secure-onboarding-by-default scares people who
are used to improvising things in an emergency.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
arer without over-engineering this, remembering that
this is a PS, not IS, and the proof will be in the running-code.
Would you prefer to used CDDL or something like that to describe it?
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: P
Additional standard JSON fields in this POST MAY be added, see
- .
+ . A server that
+ sees unknown fields should log them, but otherwise ignore them.
--
Michael Richardson , Sandelman Software Works
-= IPv
o so."
> lower case for pledge and what is the purpose of the comma in this
> sentence?
we had a mania at some point that argued that Pledge was a proper noun.
We recovered from it.
I think that comma belongs; maybe it SHOULD be a semi-colon.
I'm happy to let the copy-editor argue
fix
before monday and repost. I don't expect to make any other substantive
changes other than a few grammar typos I noticed.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
An
e with Rifaat how we could
> potentially integrate both approaches.
I'll read this.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
internet-dra...@ietf.org wrote:
> A new version of I-D, draft-richardson-lamps-rfc7030est-clarify-02.txt
> has been successfully submitted by Michael Richardson and posted to the
> IETF repository.
> Diff:
>
https://www.ietf.org/rfcdiff?url2=draft-richardson-l
ed to included.
I have not made an informative reference to ietf-lamps-rfc7030est-clarify yet.
I will stop now for awhile, to wait for consensus to catch up :-)
I think that this change needs a WG Consensus Call, and some discussion with
area director.
--
Michael Richardson , Sandelman Software Work
and
payload response of all endpoints in to be [RFC4648] section 4 Base64
encoded DER. This format is to be used regardless of whether there
is any Content-Transfer-Encoding header, and any value in that header
is to be ignored.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT
at we can't patch RFC7030.
We can drop the Content-Transfer-Encoding headers (and it seems that many
have done that anyway), but we are stuck with a base64 encoded payload for
the four end-points that 7030 describes.
We could create new end-points that are not base64 encoded, but that does not
seem
figured
to ignore or fail requests of this form, either via run-time
configuration, or via a compile-time option. A main reason to do
this is to avoid a permutation that requires testing in the future
when no legacy EST clients are expected to connect.
--
Michael Richardson , Sand
t is sitting in state "reported" since 2017.
I'd like to get this unstuck.
I think that LAMPS is the place to do this, but I could be wrong.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| networ
7030 end-points.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
the job that I desired, with some
excess BEGIN CMS lines, and some lines not wrapped at all.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
http
ing a multipart *reply* in HTTP for
draft-ietf-anima-constrained-voucher, and I really found it hard to determine
what the MIME rules for *HTTP* were...
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
Brian E Carpenter wrote:
>> Eric Rescorla wrote:
>> >> You're right that in theory subdomains are unrealistic examples, but
does
>> >> that
>> >> matter for an illustrative example?
>>
>> > Why not instead use two domain names that end in .example? E.g.,
>> >
Eric Rescorla wrote:
>> You're right that in theory subdomains are unrealistic examples, but does
>> that
>> matter for an illustrative example?
> Why not instead use two domain names that end in .example? E.g.,
> demo.example and dem0.example
w
it's not an example domain.
Brian suggested the example null vs nu11.
This is not about super-cookies, etc. and it doesn't suggest any kind of
process involving the list of publicsuffixes.
I've opened issue:
https://github.com/anima-wg/anima-bootstrap/issues/131
--
Michael Richardson , Sandelman S
would find this acceptable, but perhaps some
would not.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails
Fries, Steffen wrote:
> Yes, definitely. This would help. Thanks.
https://github.com/anima-wg/anima-bootstrap/blob/master/component-diagram.txt
edited, will be in -21.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description:
On 2019-05-26 11:54 p.m., Jim Schaad wrote:
Couldn't we send a hash of identity in (2) and (3), and to do this we need
a
new element in the constrained voucher. This I've given the mouthful name
of: proximity-registrar-sha256-of-subject-public-key-info
and:
op testing that is already ongoing.
Can this go to an early allocation?
Thank you.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.o
te the strengh required here.
It's a CBOR value, so it has a length, and I suppose we could define a way to
truncate the value in a standard direction, and then decide later.
I think that a non-truncated hash ought to be as strong as sending the key
itself, and having two cod
PKI
encoding, but I suppose an attacker might find a way to prepad with nonsense
DER.
Please help me decide if this is a useful thing to do.
If it's useful, is it useful enough to drop the pinned-domain-subject-key-info?
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consult
ng of the registrar's DER encoded
certificate, rather than the DER encoding itself. This is clearly wrong, but
I do it consistently and tolerantly so I don't notice. I will be fixing
this. However, the signature on the resulting object should be correct, even
if the contents are semantically wrong
to
the MASA that the voucher was accepted by asking for the audit log.
That's fine in a success situation, but not as useful in a fail situation.
I feel that we are missing something here.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP
UTH48)
better formatting for these.
The document is ready for a second WGLC.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/
, but I think they are probably acceptable given
that vouchers can be re-issued easily.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https
6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP signature
___
Anima mailing list
Anima
Other than that, I'm very happy with the charter.
I put those edits into the wiki, and I also fixed a few spelling mistakes.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima
eed to be converted into a serial-number of "type
string". The following methods are used depending on the first
available IDevID certificate field (attempted in this order):
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consultin
er Artifacts for Bootstrapping
> Protocols Authors : Michael Richardson Peter van der Stok Panos
> Kampanakis Filename : draft-ietf-anima-constrained-voucher-03.txt Pages
I have slightly rushed to post this -03.
The examples are not updated as much as I'd like, and I have three more
issues
down) ANIMA rather than recharter it. I recognize
that such an action might have negative consequences to how various
people are able to participate.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_
co-chairs
Perhaps we could subdivide this item into three sub-items so that we can
be sure to get through it? Could Toerless post his slides sooner?
Is the intent for it to be mostly mic line?
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.as
will need some additional real-world experience.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
; different component than a local domain registrar. In that aspect it
> has a different scope than draft-richardson-anima-smarkaklink.
I think this discussion should be interesting!
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael
ver-discovery
--> some details are still TBD.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
e $transport-proto above indicates the method...
> Otherwise, fwiw I'm happy with bootstrapping-keyinfra-19.
I noticed that extra $ when reading the diff, and removed it.
I will put them all it back: I found another location where it belongs.
--
Michael Richardson , Sandelman Software Wor
echnology like:
https://en.wikipedia.org/wiki/Physical_unclonable_function
but ultimately, that's just another way to do TPM, so
skirts the question.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consultin
know why we have a $ on transport-proto.
Maybe it's a typo.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails
replacing IPsec with MACsec or another
encrypted L2VPN protocol which is already in silicon, right?
> As for emulating classic Ethernet, yes, that is how the world works
> today in many places.
Yes.
--
] Never tell me the odds! | ipv6 mesh networks [
701 - 800 of 1078 matches
Mail list logo
