Hi Peter, Thanks, I think we've reached closure. Please review the diffs to the latest.
https://www.ietf.org/rfcdiff?url2=draft-ietf-anima-voucher-05 Thanks again, Kent -- Hi Kent, >>> Can a discussion section about "manufacturer additions" be >>> added. Pointing out the consequences for interoperability >>> when using "Augment" to add manufacturer specifics can be >>> helpful. >> >> I'm confused, which section does this comment regard? > > It refers to the document as a whole and especially section 7. > Usually, manufacturers want manufacturer-specific additions to > documents. > They may consider to use Augment for that purpose. > My suggestion is to discuss ways to add manufacturer additions to the > voucher and the consequences. > That may turn out to be a big NO-NO to manufacturer additions. > I think it would be worthwhile to point that out. > > <KENT> Are you asking for the voucher to contain a node > called something like 'opaque' having YANG type 'anyData'? > A sanctioned place where the MASA can stash some extra > stuff not defined by this document? Recall that some of > the motivation for this work being standardized is to > enable inspection by intermediates, and while the opaque > data could be presented to a human, it might be base64 > data. Any concerns bout that? <pvds> My suggestion is a discussion not a standardization. So, no additions to the voucher in this document. However, pointing out the base64 format would be helpful for those thinking about an addition with opaque. </pvds> > >> page 4, Voucher: add: that "acknowledges ownership of the pledge and" >> indicates... >> >> <KENT> what does "acknowledges ownership of the pledge" mean? how >> is it different than "indicates to a Pledge the cryptographic identity >> of the Domain it should trust"? > > Now I am confused. I thought it was 2 ways. Pledge trusts domain, and > domain partners trust pledge. > > <KENT> The pledge trusts the MASA (which signs the voucher) and then > the pledge trusts the domain (whose cert is inside the voucher). > Perhaps you're conflating signing the voucher with acknowledging > ownership? <pvds> I am afraid, that I made the voucher responsible for all keyinfra protocol objectives. Sorry, for the confusion. </pvds> > > _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
