John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org> wrote: > - That RS shares the AS address with anybody that asks can be a severe > privacy problem. If RS is a medical device, the AS address can reveal > sensitive information. If RS is a blood pressure sensor it could > e.g. be “AS address = > coaps://as.hopkinsmedicine.org/kimmel_cancer_center/”
> The requirement "the client MUST be able to determine whether an AS has > the authority to issue access tokens for a certain RS. This can for > example be done through pre-configured lists, or through an online > lookup mechanism that in turn also must be secured." indicates that C > is required to have another mechanism to determine the AS for a > specific RS and that the unauthorized AS address is completely > redundant. This is a hard problem. Q: "Who are you?" A: "Depends upon who is asking! Who are you?" A: "Depends upon who is asking! Who are you?" ... The DNS-SD WG produced rfc8882, but as I understand it, https://datatracker.ietf.org/doc/html/draft-ietf-dnssd-privacy-05 was abandonned because the WG did not see implementation/energy. I can't seem to find the thread discussing that state. -- Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace