John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org> wrote:
> - That RS shares the AS address with anybody that asks can be a severe
> privacy problem. If RS is a medical device, the AS address can reveal
> sensitive information. If RS is a blood pressure sensor it could
> e.g. be “AS address =
> coaps://as.hopkinsmedicine.org/kimmel_cancer_center/”
> The requirement "the client MUST be able to determine whether an AS has
> the authority to issue access tokens for a certain RS. This can for
> example be done through pre-configured lists, or through an online
> lookup mechanism that in turn also must be secured." indicates that C
> is required to have another mechanism to determine the AS for a
> specific RS and that the unauthorized AS address is completely
> redundant.
This is a hard problem.
Q: "Who are you?"
A: "Depends upon who is asking! Who are you?"
A: "Depends upon who is asking! Who are you?"
...
The DNS-SD WG produced rfc8882, but as I understand it,
https://datatracker.ietf.org/doc/html/draft-ietf-dnssd-privacy-05
was abandonned because the WG did not see implementation/energy.
I can't seem to find the thread discussing that state.
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
