John Mattsson <[email protected]> wrote: > - That RS shares the AS address with anybody that asks can be a severe > privacy problem. If RS is a medical device, the AS address can reveal > sensitive information. If RS is a blood pressure sensor it could > e.g. be “AS address = > coaps://as.hopkinsmedicine.org/kimmel_cancer_center/”
> The requirement "the client MUST be able to determine whether an AS has
> the authority to issue access tokens for a certain RS. This can for
> example be done through pre-configured lists, or through an online
> lookup mechanism that in turn also must be secured." indicates that C
> is required to have another mechanism to determine the AS for a
> specific RS and that the unauthorized AS address is completely
> redundant.
This is a hard problem.
Q: "Who are you?"
A: "Depends upon who is asking! Who are you?"
A: "Depends upon who is asking! Who are you?"
...
The DNS-SD WG produced rfc8882, but as I understand it,
https://datatracker.ietf.org/doc/html/draft-ietf-dnssd-privacy-05
was abandonned because the WG did not see implementation/energy.
I can't seem to find the thread discussing that state.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
