On 12/14/16 1:05 AM, Brian E Carpenter wrote: > Hi, > > I support adoption of the draft, since we need it as part of Anima. > > A couple of points seem to need attention before we get to WGLC: > >> NOTE: AT THIS TIME, THE SIGNING STRATEGY HAS NOT BEEN SELECTED > I think that needs to resolved. > >> Implementations MUST ensure devices have >> an accurate clock when shipped from manufacturing facilities, and >> take steps to prevent clock tampering. > Doesn't that pose a problem for very low-end devices? That is not > a concern for devices that are in scope for Anima, but I understand the > applicability is intended to be general. As such, the MUST seems > impossible to enforce. > > Shouldn't the formulation be like this: > > Implementations SHOULD ensure devices have > an accurate clock when shipped from manufacturing facilities, and > MUST then take steps to prevent clock tampering. > > If it is not possible to ensure clock accuracy and integrity, > implementations MUST disable the aspects of the solution having clock > sensitivity.
I think the security considerations section requires some discussion. In particular, a more detailed threat analysis should be given and more specific recommendations given. I can say with some certainty that some devices do not and will not have RTCs. However, this discussion need not take place during a call for adoption. Eliot
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
