> On 15 Jan 2020, at 16:10, Michael Richardson <mcr+i...@sandelman.ca> wrote: > > > Eliot Lear (elear) <el...@cisco.com> wrote: >>> Owen, do we have a need to recognize that a device needs to perform >>> onboarding again after a movement? >>> >>> i.e. device A enrolls on network 1, gets an LDevID usable on network >>> 1, uses that with EAP-FOOBAR. >>> >>> device A then is moved to network 2, it tries to use same LDevID, >>> receives an error and then recognizes that it needs to perform another >>> enrollment. > >> I think that is up to the device manufacturer and relates to a number >> of factors, such as whether the device is mobile, whether it has a >> reset button, the nature of the device, privacy considerations, whether >> there are federated capabilities on the device, etc. > > I can see that some of these are important to the device. > The device may have reasons why it would like to enroll again, but I think > the question is more about when the network recognizes that it does not need > to enroll again. > An example would be a device which was originally enrolled with BRSKI-TEAP, > but is then provided with roaming credentials (EDU-ROAM). > > How would it know it was on network 2?
Ah. I misread your note the first time. The example of 2 is precisely eduroam, and this becomes a matter of configuration. We were talking about this at one point, and there is a need to configure a realm as part of all of this. That is something that could be easily be included in TEAP but isn’t there today. It could also be included in DPP in the configuration frame. > >>> What is that error, and is it recognizeable? Do we need a new error >>> code to distinguish from "I reject you" from "I reject you but, you >>> could try enrolling with BRSKI-TEAP" > >> I think that can already be detected in the draft based on the action >> request frames. > > To clear, it would be doing TEAP (or EAP-TLS) to connect to the network, > because it is already enrolled. If there are BRSKI-specific responses > defined in TEAP, then I'm surprised. That is what draft-lear-eap-teap-brski is really about. Eliot > > -- > Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
