{as an anchor, I support adopting...}
Brian E Carpenter <[email protected]> wrote:
> A couple of points seem to need attention before we get to WGLC:
>> NOTE: AT THIS TIME, THE SIGNING STRATEGY HAS NOT BEEN SELECTED
> I think that needs to resolved.
I STRONGLY agree.
I have been suggesting that we should use CWT:
https://datatracker.ietf.org/doc/draft-ietf-ace-cbor-web-token/
Reading this is short and sweet, because really all the crypto is in:
I-D.ietf-cose-msg
and the concepts are from RFC7515.
>> Implementations MUST ensure devices have an accurate clock when
>> shipped from manufacturing facilities, and take steps to prevent clock
>> tampering.
> Doesn't that pose a problem for very low-end devices? That is not a
> concern for devices that are in scope for Anima, but I understand the
> applicability is intended to be general. As such, the MUST seems
> impossible to enforce.
I think that much of this will be dealt with in the audit vs ownership token
discussion which is currently in the bootstrap document, but will get moved
to this document.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
