f being
ship-and-forget which might actually be ship-to-holding-company.
Holding company leases to end user for period of time. End user identity
is never communicated back, and might be very much pseudonymous.
I'm thinking about car-rentals, hotel rooms (full of devices), ...
--
]
essentially
what happens in Industrial 4.0 802.15.4 deployments today.
So I'm saying, let's not invent a problem before we understand who actually
has the problem and make sure that the people who can solve the problem
are at our table.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
f I were hard-nosed, I would say that's an internal management issue,
> and not a standards issue. But I get your point, and there are ways to
> address this (see below).
It might be a lack of standard way to access logs of EAP server issue.
--
Michael Richardson , Sandelman S
EST (RFC7030).
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: P
TTLS. It's not clear that anything in the
alan> spec forbids or prevents this.
What's in it for the user?
Is this an attack?
Does it avoid an interaction with a human?
Does it enable mobility between different networks?
Does this avoid some interaction with a two-factor authenti
If there is no legit use case for TLS resumption, then it seems that EAP
servers SHOULD disable TLS resumption.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Emu mailing
t to think hard.
Entities that want 5G to succeed, should think hard about whether litigating
this patent is more important than 5G succeeding for roaming.
Finally, I want to point to: https://lwn.net/Articles/780078/
--
] Never tell me the odds! | ipv6 me
tant to 5G, then anything that gets in the way of
adoption is a problem. If it's not important enough to fix the IPR,
then it's actually that important.
- adopting AKA is very important.
--
] Never tell me the odds! | ipv6 mesh networks [
] Mi
" and "open1x" on the client side, but
> those have been dead for 10 years.
>> In particular, the use of the
> Early truncation?
lack of fragmentation :-)
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richard
oogle) allows you to even manually turn off 2G. They both allow you
> to turn off 4G for battery savings but not 2G for security reasons. Ask
> the company that made your phone ;)
Sad to know. Thanks for explaining this.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
is the right answer.
(I don't have a TEAP implementation yet)
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/|
roup shall produce the following documents:
These read like milestones rather than areas of focus.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandel
ired, people do not expect to scan
anything?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
e.
So, can wired just be a degenerate version of wifi, where there can be only
one "ESSID", and there are no beacons to consider?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman
On 2019-11-07 12:43 p.m., Alan DeKok wrote:
>> E.g. we have documented in
>> https://tools.ietf.org/html/draft-lear-eap-teap-brski-05#section-5 that:
>>
>> " A device that has not been bootstrapped at all SHOULD send an
>> identity of teap-bootstrap@TBD1. "
>>
>> If we register that "teap-boo
On 2019-11-12 7:15 a.m., Owen Friel (ofriel) wrote:
> This is also related to ongoing anima discussions about RFC 8366, and how it
> can bootstrap trust when the pinned domain cert is a public PKI CA, and not a
> private CA, and hence additional domain (or realm or FQDN) info is also
> needed
On 2019-11-12 3:53 p.m., Jan-Frederik Rieckers wrote:
> On 12.11.19 00:15, Owen Friel (ofriel) wrote:
>> One deployment consideration is if an operator wants to use a public PKI
>> (e.g. Lets Encrypt) for their AAA certs, then it could be years, if ever,
>> before these extensions could be supp
On 2019-11-13 4:07 a.m., Alan DeKok wrote:
> On Nov 12, 2019, at 11:43 AM, Russ Housley wrote:
>> Can the extended key usage for EAP over a LAN ( id-kp-eapOverLAN ) solve
>> this for you? It is defined in RFC 4334. A certificate for Web PKI should
>> not include this extended key usage.
>>
On 2019-11-13 7:40 a.m., Alan DeKok wrote:
> On Nov 12, 2019, at 3:13 PM, Cappalli, Tim (Aruba) wrote:
>> How does a public CA prove ownership of an SSID?
> Do public CAs *always* verify addresses and/or telephone numbers, which are
> normally included in certificates?
They are? I've rarely
On 2019-11-14 7:59 p.m., Alan DeKok wrote:
> On Nov 13, 2019, at 6:23 PM, Michael Richardson wrote:
>> I think that the issue isn't, can we find or define a OID that has the
>> right semantics.
>> I think that the issue whether or not any public CAs are willing
switch (public) CAs without invalidating the voucher.
There might be a (3) that I can't think of right now.
But, if these two requirements seem to contradict each other, then high-five
to you, you were paying attention :-)
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
e trusted by default for EAP.
How can anyone be using public CAs for EAP, if none are trusted for EAP, and no
public CAs issue certificates with id-kp-serverAuth?
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: P
n the action
> request frames.
To clear, it would be doing TEAP (or EAP-TLS) to connect to the network,
because it is already enrolled. If there are BRSKI-specific responses
defined in TEAP, then I'm surprised.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting
Eliot Lear (elear) wrote:
>> On 15 Jan 2020, at 16:10, Michael Richardson
wrote:
>>
>>
>> Eliot Lear (elear) wrote:
>>>> Owen, do we have a need to recognize that a device needs to perform
>>>> onboarding again after a m
, CN = DigiCert Global CA G2
CA Issuers -
URI:http://cacerts.digicert.com/DigiCertGlobalCAG2.crt
What's that quote about doctor's fixing themselves?
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
si
to Update RFC7030 /cacerts to say something about creating
an expiry/retry time in the certs-only CMC Simple PKI Repsonse.
I don't see a date in a RFC5652 Signed-Only certs-only container that
could be used to cause pledges to get the /cacerts earlier than the
expiry time of t
ving it use the same root store as Web browsers
> is the anti-pattern, because the requirements are different.
And yet, almost every single thing out there would like to be connected to by a
browser.
They can't, so we have an app-per-thing, and/or no-security.
--
Michael Richards
Michael Richardson wrote:
> 3. End User Client Certificates
> A client certificate used to authenticate an end user may be used for
> mutual authentication in TLS, ***EAP-TLS***, or messaging. The client
> (to be very very very clear: not a consensus document a
were the Wifi Alliance, you'd also have a mindshare/bootstrap
problem.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
ll as the anchor, otherwise any EE
issued by the public trust anchor could be a valid authenticator.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelma
the location while actually encrypting the ID as a privacy
enhancement.
I don't think such a thing would be desireable, and TLS 1.3 provides other
equivalent privacy enhancements, but I want to suggest you consider a new
certificate container which contains a reference. IKEv2 already has
ou to send to me.
> Hard code the ordering of requests so everyone knows what to expect.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
irst
> place?
This is a good question, and I can offer no answer for the EAP-NOOB case, and
I leave it to the authors to respond to your other comments.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Work
of all the TCP/IP/Ethernet/WiFi stuff.
Those devices do not use EAP today, and they are hard to upgrade.
(and from a security point of view, those architectures concern me greatly)
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
etf-emu-eaptlscert worse. I am sure the authors are aware of
> this fact since they are also co-authors of draft-ietf-emu-eaptlscert.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
si
Hannes Tschofenig wrote:
> Thanks for the question. I am objecting to the mandatory use of OCSP for
TLS 1.3 in EAP-TLS.
> I am fine with having it optional.
okay, so it's not about the stapling, at all for you, it's about the OCSP
itself.
--
Michael Richardson
ietf.org
>> https://www.ietf.org/mailman/listinfo/emu
>>
> ----
> Alternatives:
>
> ___
> Emu maili
her with TLS 1.3. I do not think the
> requirent should be softened, but if it is, my view is that is should
> be softened as little as possible.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Descripti
cumstances. Also, running an OCSP server is something
> that will be very new for many enterprises.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
l part of the
local
>> system.
> Again, what threat are we protecting against?
The self-contained CA might have a passphrase, so there is some accomodation
updating the signing key for new algorithms, etc. while the trust anchor
which is distributed is appropriat
the validity
periods.
But, I agree with Eliot: the OCSP responder is new.
It seems that maybe SHOULD would appropriate on OCSP.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@s
alert.“
I don't know much about the last part.
I suggest it be split as three paragraphs for readability.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
> [Joe] Thanks Michael, I think your suggestion is a better way to phrase
it
Just so that we are clear: this mandates OCSP+stapling for systems that do
revocation checks.
Systems that don't do revocation checks (current mbedtls), therefore don't
need to do OCSP or stapling.
Joseph Salowey wrote:
> On Fri, Oct 30, 2020 at 4:44 AM Michael Richardson
> wrote:
>>
>> Joseph Salowey wrote:
>> >> I suggest:
>> >>
>> >> “EAP-TLS servers supporting TLS 1.3 that use OCSP to do certificate
o use
which has gotten lost.
And I think that there is also a significant distinction between a server
supporting answering OCSP staples, vs a client being forced to ask for it.
If the CA doesn't put any OCSP data into a certificate, then it can't be
used. That's a local deci
ake the decision.
Eliot,
1) it seems that if the CA hasn't put stapling information in, then it won't be
needed.
2) if you still want stapling, then it seems to me that there are lifetimes in
the
staple which can be adjusted to deal with anticipated service
interruptions in co
Could someone point to a use case for "EAP over CoAP" please?
Is the goal to key an OSCORE context, or what?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sa
ld", as if it was an
afterthought.
Tell me what is your application? What will be impossible if we don't do
this work?
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Des
Alan DeKok wrote:
> Therefore, we need an explicit signal to the EAP-TLS layer that the
Do you mean, "to the EAP layer"?
s/EAP-TLS layer/EAP/ ??
> EAP-TLS method has finished.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works
above:
"to the EAP-TLS layer that the EAP-TLS method has finished"
so I still think that there might be a typo :-)
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_
ta discussion seems to be
basically dancing around this. TLS 1.3 is too flexible, and we can't either
constrain the TLS 1.3 state machine, nor can we depend upon it anymore the
way that one could with 1.2.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software
eally more like that we are going from perhaps 5.5 round trips to 6.5
round trips (for example).
I posit this, because I think that the increase in round trip count is
largely irrelevant on non-challenged (RFC7228 term) networks.
--
Michael Richardson. o O ( IPv6 IøT consulting )
the realm name enough
to make the imposter cert from the non-authorized CA?
I'm just trying to understand how the HTTPS cert is involved here.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
si
the client certificate is
not transmitted in the clear during the handshake. If the supplicant can
validate the server certificate, then a Mallory-in-the-Middle (onpath) attack
also does not get the identity.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Wor
Alan DeKok wrote:
> On Jun 28, 2021, at 8:50 PM, Michael Richardson
wrote:
>> To date, Enterprises with laptops and PCs have provisioned the IDevID
into
>> the TPM, themselves, at the same time the device is wiped and the golden
>> image is installed. So
ow does a device with an existing configuration
> update it? When / where / why / how?
Why is this step different than configuration?
There is a plan to unify/contrast the terminology in section 4 of:
draft-irtf-t2trg-secure-bootstrapping/
but that section hasn't h
give up on WPA-PSK for the home, because RCM (Madinas) just
can't cope with maintaining policies for different devices when the devices
all have the same PSK.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
beacons that the APs have time
for as well, but it's not a concern, AFAIK, until you get into the O(10^2)
range.
> It's 2022... why is it difficult to get onto a friends WiFi network,
> securely, and easily?
Two out of three?
--
] Never tell me the odds!
are advantages of having renewals spread across time, but there are
also disadvantages as it spreads the failure signal across time as well which
makes it harder to see that there is a real problem.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Ric
Alan DeKok wrote:
> On Mar 28, 2022, at 9:00 AM, Michael Richardson
> wrote:
>> Well, this is not something I'd do as part of onboarding, but rather
>> as part of _configuration_, and I agree that it would be better to
>> just use IP for
Topic/Title: EAP defaults for devices that need to onboard
Name of Presenter(s): Michael Richardson (with Alan DeKok)
Length of time requested: 5 minutes (new work)
Document If applicable:
https://datatracker.ietf.org/doc/draft-richardson-emu-eap-onboarding/
Alan and I have written a -00
to do more.
This is not surprising in RFC8995(BRSKI), as it typically creates a
provisional TLS connection to the Registrar, which is *later* authorized by
an RFC8366 voucher.
Can we do this with supplicants?
I imagine so, but the write-up in the document could be challenging.
--
Michael Richar
C8572), it would be good if your Security Considerations addressed some of
the same issues that those documents deal with.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
___
Emu ma
not the only one who does not know the meaning of this
> phrase, so I suggest the authors reword this so it is clear to everyone
> what is meant by that, regardless of knowing the respective saying.
--
] Never tell me the odds! | ipv6 mesh networks [
]
The document looks good to me.
Thank you for the _7.5. Post-Quantum Considerations_ section.
If the authors are using kramdown, they could consider enable aasvg
processing of their ascii art diagrams. For instance:
https://www.sandelman.ca/tmp/fig1.svg
--
Michael Richardson. o O ( IPv6 IøT
John Mattsson wrote:
> Thanks for the suggestion, Michael. Currently we are unfortunately
> using xml. The aasvg version seems nice. I make an issue on GitHub and
> see what we can do.
You can do it with XML, but it's a manual process.
The RPC might be able ot do this for you at AUT
Eliot wants to do that turn out to be
impossible because it would break deployed code (that he cares about) if done
in TEAPv1.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
right, due to
the "window" including the File/Edit menus...)
"Works best in 640x480" is still true :-)
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
__
internet-dra...@ietf.org wrote:
> A new version of I-D, draft-richardson-emu-eap-onboarding-02.txt
> has been successfully submitted by Michael Richardson and posted to the
> IETF repository.
> Name: draft-richardson-emu-eap-onboarding
> Revision:
EST RFC7030 to
> specify how to use RFC9266. EST only references tls-unique. How should
> we proceed here?
AFAIK, a TLS1.3 exporter just needs a string to be specified somewhere.
Where should we specify this?
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sande
g code is much slower than anticipated, but it is occuring.
It's not clear to me what else the document can/should say.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description:
*no* processing changes in any DNS
places. It's just a unique name that we need as a REALM)
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
Alan DeKok wrote:
> * CAs should validate (somehow) any CSR they receive, to check that the
> contents are reasonable
I guess this is the new section 3.2.8.
There are quite a number of subtlies here.
First, the CSR is not really that complex :-)
more importantly, there are not really a
greenfield for his simplified
>> view.
> I'll take a look.
It's not written up, having been discussed in detail only last Wednesday.
I'll get slides posted to LAMPS in the next week.
But, the short of it: Here is an CSR, please fill in the blanks.
--
Michael Ri
hould be EAP Failure.
> I'm unsure if this is a substantive change to the document at this
> phase. Given that no one has implemented PKCS provisioning yet, it may
> be acceptable to make this change.
This seems reasonable to me.
--
Michael Richardson.
t; impossible to send CoA to the NAS.
Point.
> I'll see if I can put some wording around "authorize based on
> _provisioned_ credentials, and not _connecting_ credentials"
> Alan DeKok.
> ___ Emu mailing
#x27;s seems like the time for
> the WGLC to go forward. Please post your comments to the mailing list
> by August 28th. Even a "good to go" is genuinely helpful input.
If you have, or plan to implement, the document shepherd would like to know.
--
Michael Richards
ot;, BCP 106, RFC 4086,
DOI 10.17487/RFC4086, June 2005,
<https://www.rfc-editor.org/info/rfc4086>.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006,
&l
xpect to put out an 07 by
next week with some ASN.1 editorial fixes]
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
Emu mailing list
Em
Alan DeKok wrote:
Alan> On Aug 17, 2023, at 5:34 PM, Michael Richardson
Alan> wrote:
>>
https://www.ietf.org/archive/id/draft-ietf-lamps-rfc7030-csrattrs-06.html#name-alternative-use-of-csr-temp
>> ( https://youtu.be/biGtfqj7zgM?t=1640 )
>>
>
27;t put certain things together, but can
>> we split them out more? What if we care more about loss due to lost
>> fragments, vs round-trips?
> RADIUS defines retransmission rules. I don't think we need to worry
> here about lost fragments.
Sure, but the question i
Heikki Vatiainen wrote:
>> On Aug 17, 2023, at 5:02 PM, Michael Richardson
>> wrote:
>> > section 3.9.: what is "server unauthenticated provisioning" >
>> (sounds like TEAP-BRSKI?)
>>
>> Yes.
> Should it be not
Eliot Lear wrote:
>> We don't need or want anonymous ciphersuites here.
> We should keep the TLS-POK work in mind.
I didn't find an obvious draft about that in the TLS WG.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Wo
s removed, and why.
That's a good idea.
TLV number 11 was the PAC. It is documented in {{RFC7170}}, but is
considered deprecated.
In the IANA considerations, the other TLVs can be updated to "THIS DOCUMENT",
leaving 11 pointing at 7170.
--
Michael Richardson. o O (
Alan DeKok wrote:
> This draft addresses the final open issues. I've updated the github
> repository to verify and close the open issues.
I have updated the shepherd write-up.
I don't see any issues at that level now. The document is ready for AD
review I thi
Heikki Vatiainen wrote:
> Test with Windows 11 and eapol_test - EAP-TLS followed by EAP-MSCHAPv2
Are you saying that Windows 11 also has implemented (accessible via "insider
program" only)?
Bernard could you confirm?
--
Michael Richardson. o O ( IPv6 IøT consulting )
Alan DeKok wrote:
> On Aug 26, 2023, at 2:13 PM, Michael Richardson
> wrote:
>> Are you saying that Windows 11 also has implemented (accessible via
>> "insider program" only)?
> I believe that TEAP is generally available in Windows 1
be so specific.
I don't think the supplicant should know/care, at this point, what kind of
access it is going to get. I liked what we we had done with eap-onboarding
where you get limited network, and then if DHCP says, via the DHCP option
(or the RA option) that there is a captive portal, then it
exactly what I think we are
trying to avoid.
> In contrast, if there's only one kind of on-boarding access,
> authorization has to be done through DHCP which has much more limited
> capabilities for that.
There are possibly many different ways depending upon where you
the initial
> FIDO credentials.
> In practice, this means WebPKI most of the time. :)
Actually, that's a stronger statement anyway.
It means that the choice of CA has essentially been pinned, so you'd not be
vulnerable to attacks like ComonoGate.
--
Michael Richardson
ht and only re-surface -- in
> the best case a short time before, in the worst case at the time -- things
> break and now the admins need to act quickly. And this reaction also
involves
> the end-users, that need to reconfigure their devices and that's never a
good
&g
t; a great step, because the FIDO Passkey that is already provisioned for
> logging into the account in the web can now simply be used for network
> access as well.
I hope this turns out to be true.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
ind of
> dead-in-the-water.
I didn't know that WPA3 supported a password identifier (I guess: a
"username" concept). That's pretty significant I think.
Do you know why "largest mobile company" thinks it is a bad idea?
--
Michael Richardson , Sandelman Software
an implementation during the hackathon to have
> a better understanding and can identify possible missing spec and the
> different error conditions that we need to signal.
:-)
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and
l me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
signature.asc
Description: PGP signature
__
a CBOR
Protocol user, you would be justified if you just said, "no packed CBOR"
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
___
I've read draft-dekok-emu-eap-arpa, I think it important step in getting
a number of other efforts underway. Please adopt.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP sign
cantly better than either unencrypted wifi (w/portal),
or encrypted WPA-PSK wifi.
So yes, we always want to run EAP-TLS to generate keys.
This document is related to
https://datatracker.ietf.org/doc/draft-richardson-emu-eap-onboarding/, (which
I'll repost on Saturday), but modularizes the work in
Expert Reviewers that would decide, I guess.
It's late in the week to pigeon hole someone, but ... maybe we can find
someone.
Is a sub-domain the only technical solution?
I'm sure we will need to answer that.
--
Michael Richardson , Sandelman Software Works
-= IPv6 IoT consulting =-
d not characterize it this way at all.
I suspect we can have what we want, we just need to explain it to the IAB
well enough. Unfortunately too late in the week for a hallway conversation.
I found some IESG to talk to at the last break, but no IAB.
--
Michael Richardson , Sandelman Software Works
1 - 100 of 118 matches
Mail list logo
