Secure configuration of a headless networking device

What is claimed is: 1. A non-transitory computer-readable medium comprising instructions which, when executed by one or more hardware processors, cause the one or more hardware processors to: determine a public key associated with a networking device using an external label associated with the networking device; authenticate the networking device based upon a determination as to whether the networking device possesses a private key analog to the public key associated with the networking device; and initiate a configuration process for the networking device after the networking device is authenticated, wherein the configuration process facilitates access by the networking device to a secure network, and wherein the configuration process includes sending a domain parameter to provide configuration information for the configuration process and an address for a domain name server to the networking device. 2. The non-transitory computer-readable medium of claim 1 , wherein to authenticate the networking device, the instructions are further to cause the one or more hardware processors to: generate a shared secret using the public key associated with the networking device and send the shared secret to the networking device; encrypt a first information with the shared secret and send the encrypted first information to the networking device; and receive a second information from the networking device that indicates that the networking device possesses the private key analog to the public key associated with the networking device. 3. The non-transitory computer-readable medium of claim 2 , wherein to authenticate the networking device, the instructions are further to cause the one or more hardware processors to integrity protect the encrypted first information prior to sending the encrypted first information to the networking device. 4. The non-transitory computer-readable medium of claim 2 , wherein the instructions are further to cause the one or more hardware processors to send assurance to the networking device before initiating the configuration process by encrypting a third information with the shared secret and sending the encrypted third information to the networking device. 5. The non-transitory computer-readable medium of claim 2 , wherein to authenticate the networking device, the instructions are further to cause the one or more hardware processors to receive an indication from the networking device possessing the shared secret that the networking device possesses the private key analog to the public key associated with the network device. 6. The non-transitory computer-readable medium of claim 2 , wherein to generate the shared secret, the instructions are further to cause the one or more hardware processors to perform a static ephemeral Diffie-Hellman key exchange. 7. The non-transitory computer-readable medium of claim 2 , wherein to encrypt the first information, the instructions are further to cause the one or more hardware processors to wrap a first nonce in the shared secret. 8. The non-transitory computer-readable medium of claim 7 , wherein to receive the second information, the instructions are further to cause the one or more hardware processors to receive two encrypted nonces and wherein to determine that the networking device possesses the shared secret, the instructions are further to cause the one or more hardware processors to determine whether the encryption of the two nonces is valid. 9. The non-transitory computer-readable medium of claim 8 , wherein to receive the second information, the instructions are further to cause the one or more hardware processors to receive two nonces encrypted with the shared secret from the networking device, and decrypt and verify the two nonces. 10. An apparatus comprising: one or more hardware processors; a memory on which is stored instructions that are to cause the one or more hardware processors to: determine a public key associated with a networking device using an external label associated with the networking device; authenticate the networking device based upon a determination as to whether the networking device possesses a private key analog to the public key associated with the networking device; and initiate a configuration process for the networking device after the networking device has been authenticated, wherein the configuration process facilitates access by the networking device to a secure network, and wherein the configuration process includes sending a domain parameter to provide configuration information for the configuration process and an address for a domain name server to the networking device. 11. The apparatus of claim 10 , wherein to authenticate the networking device, the instructions are further to cause the one or more hardware processors to: generate a shared secret using the public key associated with the networking device and send the shared secret to the networking device; encrypt a first information with the shared secret and send the encrypted first information to the networking device; and receive a second information from the networking device that indicates that the networking device possesses the private key analog to the public key associated with the networking device. 12. The apparatus of claim 11 , wherein to authenticate the networking device, the instructions are further to cause the one or more hardware processors to integrity protect the encrypted first information prior to sending the encrypted first information to the networking device. 13. The apparatus of claim 11 , wherein the instructions are further to cause the one or more hardware processors to send assurance to the networking device before initiating the configuration process by encrypting a third information with the shared secret and sending the encrypted third information to the networking device wherein the networking device does not accept configuration unless the networking device can decrypt the third information using the shared secret. 14. The apparatus of claim 11 , wherein to authenticate the networking device, the instructions are further to cause the one or more hardware processors to receive an indication from the networking device possessing the shared secret that the networking device possesses the private key analog to the public key determined associated with the networking device. 15. The apparatus of claim 11 , wherein to generate the a shared secret, the instructions are further to cause the one or more hardware processors to perform a static ephemeral Diffie-Hellman key exchange. 16. The apparatus of claim 11 , wherein to encrypt the first information, the instructions are further to cause the one or more hardware processors to wrap a first nonce in the shared secret. 17. The apparatus of claim 16 , wherein to receive the second information, the instructions are further to cause the one or more hardware processors to receive two encrypted nonces and wherein to determine that the networking device possesses the shared secret, the instructions are further to cause the one or more hardware processors to determine whether the encryption of the two nonces is valid. 18. The apparatus of claim 17 , wherein to receive the second information, the instructions are further to cause the one or more hardware processors to receive two nonces encrypted with the shared secret from the networking device, and decrypt and verify the two nonces. 19. An apparatus comprising: an external key label associated with a public key; an internal secure key storage to store a pri