Scorp
Theoretically, I believe, you are correct. Practically, I believe that machine authentication doesn't actually WORK until the enterprise servers etc. are in place and that is required for Phase II. As I'm reading it, and perhaps I phrased it incorrectly, remote authentication of machines (and CAC cards) is required in Phase II.
So I guess your response has helped me clarify the distinction between machine authentication and remote authentication as opposed to regards to identity of individual v. identity of machine locally and remotely..... a four cell grid.