Joel Halpern Direct <[email protected]> wrote: > It allows someone who > controls their network, and who physically controls a new device, to > put that new device in their network without asking anyone's > permission.
Right, get your "blue cable" out, connect it to the serial console, bring up
minicom, and tell the device to enroll. Verify the registrar's certificate
when prompted, perhaps.
You can still use GRASP to find the Registrar, and all the rest of the ACP
mechanism.... or not.
That's been in section 7.2, but the complaint was that it was not normative.
So, we have added in section 9, for the ACP use case, that implementing
something is a MUST. I don't think it will work for lightbulbs, but whomever
writes that Applicability Statement will have to cope with that.
(it will be me: I have a document in 6tisch, which is that document. I would
appreciate your thoughts on what might be acceptable there)
BTW: A number of router manufacturers have BRSKI-like mechanisms already, but
they
only really work when you drink all their koolaid, and build your network
exclusively with their equipment. At one ISP that I consult for, they wound
up turning the super-duper auto-join management system off because it ate all
of a very high end VM platform, and they just couldn't afford that at the
time... Maybe cross-vendor mechanisms will result in some competition and
some better products.
> Now it may be that the particular approach I suggested won't work. But
> it seems to me that there needs to be a way for folks to keep using,
> and to keep re-selling, devices without the support of the vendor.
> That usage may not get all the zero-touch advantages that supported
> re-sale would get. But it has to work. And putting the onus for that
> on the original vendor does NOT seem an effective solution.
As long as vendors support blue cables, and are willing to provide firmware
updates, I don't see any change.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
