How would the backend servers know which secret key to use for decryption, when they cannot tell which device the packet belongs to?
As an aside, a DevAddr is not unique: How does a network know a received packet is for them?
2 Likes