Dear Tuomas,
First of all, I would like to say that EAP-NOOB draft is very complete
and understandable. Also, with regard to the rest of the solutions I
have found, I think it is a great solution so far and I like the way to
approach the problems.
I am working on implementing EAP-NOOB on resource-constrained devices
for our use case. But I have the following 2 questions:
1. Regarding the key derivation section. There, it is explained the use
of ECDHE for the key exchange. Do you have in mind to accept any
alternatives besides the one explained in the draft? Maybe weaker
methods or stronger but not so constrained.
2. I have a concrete use case. Specifically, I am interested in knowing
how the Reconnect State works.
In the scenario there are some devices that are going to be installed
and then they will be inaccessible to be able to repeat the OOB step.
These devices already have the corresponding security associations with
a specific RealM. For example, a device from the University of Murcia is
managed by a company called Odins.
Now we assume that Odins stops managing those devices and Ericsson
becomes the new manager with his own AAA Infrastructure. To establish
the new RealM, I understand that the device should be restarted and the
entire process done. Is there a mechanism to allow migration without
having to repeat the OOB step?
Regards,
Eduardo Inglés.
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
