Yaron Sheffer wrote: > Hi Alan, > > Initial provisioning by shipping the device with the trust anchor > pre-installed is fine, if you're Verizon. But in many cases you don't control > the device, and don't have a trusted path through which to transport the CA > cert (I am thinking enterprise CA here, not a public CA).
Enterprises usually have areas which are physically secure, and that can be used to bootstrap the system. Anonymous provisioning is more useful for ISPs and telcos, who need to provision users in random places. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
