I don't want to wade into this thread much, as I think it's mostly an
irrelevant conversation.
The ANIMA WG has a document, draft-ietf-anima-brski-async-enroll-00 where we
are trying to adapt an online use of TLS (with RFC7030 + RFC8366), to be an
an offline mode with CMP rather than EST for enrollment.
This is a variation of delay tolerant networking (and we currently lack a
deep understanding of what DTNRG has done), where round trips are implemented
by an installer walking up/down (basement) stairs.
Freshness and proof-of-possession of provite key, and proximity are the
challenges.
--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
Attachment:
signature.asc
Description: PGP signature
