Deb Cooley <[email protected]> wrote: > Here are my comments on this draft. There is one that has broader > implications (*). I'd like to see this addressed by the working group > (specifically, why is there a need for multiple attestation challenges).
My long-standing comment is that this document is slightly mis-named.
I'm not sure if you asking why this document permits multiple (ACME)
challenges, or why there is more than one document with the name
"Attestation" in the title.
I would have called this document something like:
"Device Hardware Identifiers"
The process described has nothing to do with RFC9334 or DICE or TCG!
To me, this is akin to recording the Vehicle Indentification Number (VIN) as
part of a bill of sale or while applying for insurance. The VIN won't tell
you who *owns* the car [or if it passed a safety/emission test], but it will
tell you if the insurance slip [or emission test results] I show the police
is really for that vehicle, or for my *other* F-150^WVolkswagon Diesel.
> Also, I recognize that I'm posting these during the holidays. I certainly
> don't expect authors to respond until after the new year.
:-)
> *Section 1, last para: I am assuming that the authors believe the rats
> work is substantially far into the future? (Or why would we publish the
> challenge device-attest-01 if the rats work would replace it?). With any
> 'SHOULD' one needs to outline when one might ignore the SHOULD.
It won't replace it, it might complement it.
> Section 7.3: What is the bullet 'Change Controller' meant to accomplish?
It tells IANA who can update this entry.
You might benefit from reading my email at:
https://mailarchive.ietf.org/arch/msg/rats/zu3Mqm-FOm2pAi1GymfDVHey-7s/
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
