IETF Logo Mail Archive

Re: [Emu] review of draft-ietf-emu-eaptunnel-req-04

Alan DeKok <aland@deployingradius.com> Thu, 04 March 2010 07:57 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: emu@core3.amsl.com
Delivered-To: emu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0761D3A8C39 for <emu@core3.amsl.com>; Wed, 3 Mar 2010 23:57:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V5uOZpQWC--9 for <emu@core3.amsl.com>; Wed, 3 Mar 2010 23:57:04 -0800 (PST)
Received: from liberty.deployingradius.com (liberty.deployingradius.com [88.191.76.128]) by core3.amsl.com (Postfix) with ESMTP id 4504B3A8B0A for <emu@ietf.org>; Wed, 3 Mar 2010 23:57:04 -0800 (PST)
Message-ID: <4B8F67D1.5080205@deployingradius.com>
Date: Thu, 04 Mar 2010 08:57:05 +0100
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Yaron Sheffer <yaronf@checkpoint.com>
References: <mailman.918.1267675512.4805.emu@ietf.org> <7F9A6D26EB51614FBF9F81C0DA4CFEC801BE05CB5865@il-ex01.ad.checkpoint.com> <4B8F577A.2030002@deployingradius.com> <7F9A6D26EB51614FBF9F81C0DA4CFEC801BE05CB586A@il-ex01.ad.checkpoint.com>
In-Reply-To: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BE05CB586A@il-ex01.ad.checkpoint.com>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "emu@ietf.org" <emu@ietf.org>
Subject: Re: [Emu] review of draft-ietf-emu-eaptunnel-req-04
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Mar 2010 07:57:05 -0000

Yaron Sheffer wrote:
> Hi Alan,
> 
> Initial provisioning by shipping the device with the trust anchor pre-installed is fine, if you're Verizon. But in many cases you don't control the device, and don't have a trusted path through which to transport the CA cert (I am thinking enterprise CA here, not a public CA).

  Enterprises usually have areas which are physically secure, and that
can be used to bootstrap the system.

  Anonymous provisioning is more useful for ISPs and telcos, who need to
provision users in random places.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email