Jan-Frederik Rieckers <rieck...@dfn.de> wrote:
> Firstly: deleting the EAP-specific configuration (as in: "Dear client,
> I don't know you, please stop asking"). This can be as simple as
> sending a simple message, but has the problem that faulty
> configurations in the beginning can't be debugged, because the moment
> the client connects it gets the delete request and deletes the profile.
:-)
> But actually I don't know if **provisioning** the credentials in-band
> is such a good idea. Because, in order to provision the credentials,
> the user needs to prove that they are authorized, and how would they do
> that?
Is the user provisioning a new device, or is the network provisioning a new
user?
> I admit that with the current idea of the protocol flow the
> OOB-registration adds a small layer of complexity for the
> administrators, but I gather that it will be much more easy for the
> users. And the additional workload for the provisioning is well
> invested
Agreed.
> With the current movement the FIDO alliance is pushing this is actually
> a great step, because the FIDO Passkey that is already provisioned for
> logging into the account in the web can now simply be used for network
> access as well.
I hope this turns out to be true.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
