Re: [Anima-bootstrap] Can the proxy add information during bootstrap?

peter van der Stok <> Thu, 14 April 2016 07:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 717A812D0AF for <>; Thu, 14 Apr 2016 00:33:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.621
X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id AIoRD_9vJpRe for <>; Thu, 14 Apr 2016 00:33:43 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A84BC12D546 for <>; Thu, 14 Apr 2016 00:33:41 -0700 (PDT)
Received: from ([]) by with ESMTP id i7Ze1s00F4CYHle017Ze2y; Thu, 14 Apr 2016 09:33:38 +0200
Received: from 2001:983:a264:1:4485:aa13:582f:cefd by with HTTP (HTTP/1.1 POST); Thu, 14 Apr 2016 09:33:38 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
Date: Thu, 14 Apr 2016 09:33:38 +0200
From: peter van der Stok <>
To: Toerless Eckert <>
Organization: vanderstok consultancy
In-Reply-To: <>
References: <> <> <> <> <> <>
Message-ID: <>
X-Sender: (u9YczWxFcmDH+toQLko5VaFJgocG5F4A)
User-Agent: XS4ALL Webmail
Archived-At: <>
Cc: Michael Richardson <>,
Subject: Re: [Anima-bootstrap] Can the proxy add information during bootstrap?
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 14 Apr 2016 07:33:45 -0000

> Consider the operator in the NOC sits on a console with a GUI saying
> "Device XXX (destined for location X) has connected in location Y". 
> Enroll ?
> Yes, he could always enrol, but then there is more work afterwards in 
> for
> example quarantining or changing target configs for the device.
Yes, this is possible,
but many questions pop up:
what is the granularity of the location: room, exact coordinate.
and why burden the manufacturer, it seems more an operational 
What about moving these things around?

why not a installer attribute to the certificate, or an end-user, or 
anything else?

Personally I am not too happy about such specifics.
I can imagine that additional customer/installation related attributes 
can be added, but Being too specific about their use is IMO one step too