On Thu, Sep 10, 2020 at 02:46:43PM -0400, Michael Richardson wrote: > > John Mattsson <[email protected]> wrote: > > - That RS shares the AS address with anybody that asks can be a severe > > privacy problem. If RS is a medical device, the AS address can reveal > > sensitive information. If RS is a blood pressure sensor it could > > e.g. be “AS address = > > coaps://as.hopkinsmedicine.org/kimmel_cancer_center/” > > > The requirement "the client MUST be able to determine whether an AS has > > the authority to issue access tokens for a certain RS. This can for > > example be done through pre-configured lists, or through an online > > lookup mechanism that in turn also must be secured." indicates that C > > is required to have another mechanism to determine the AS for a > > specific RS and that the unauthorized AS address is completely > > redundant. > > This is a hard problem. > Q: "Who are you?" > A: "Depends upon who is asking! Who are you?" > A: "Depends upon who is asking! Who are you?" > ... > > The DNS-SD WG produced rfc8882, but as I understand it, > https://datatracker.ietf.org/doc/html/draft-ietf-dnssd-privacy-05 > was abandonned because the WG did not see implementation/energy. > I can't seem to find the thread discussing that state.
Interestingly, the corresponding requirements document was just published recently as RFC 8882. "A problem with no solution is a hard problem"... -Ben _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
