Based upon discussion last week about synchronizing the voucher document with the BRSKI MASA protocol the following clarification was made to the voucher document as part of the WGLC:
- signed using a PKCS#7 structure. The voucher artifact is generated by - the pledge's manufacture or delegate (i.e. the MASA).</t> + signed using a PKCS#7 structure. The voucher artifact is normally generated by + the pledge's manufacture or delegate (i.e. the Manufacturer Authorized Signing + Authority). A voucher artifact could be signed by a non-MASA and be compliant + to the specified artifact format described in this document. The appropriate + use and trust of such vouchers is out-of-scope of this document. + </t> <t>This document only defines the voucher artifact, leaving it to other documents to describe specialized protocols for accessing it.</t> @@ -75,7 +79,8 @@ <t>This document defines a strategy to securely assign a pledge to an owner, using an artifact signed, directly or indirectly, by the pledge's manufacturer - or delegate (i.e. the MASA). This artifact is known as the voucher.</t> + or delegate, i.e. the Manufacturer Authorized Signing + Authority (MASA). This artifact is known as the voucher.</t> <t>The voucher artifact is a JSON document, conforming to a data model described by YANG <xref target="RFC7950"/>, that has been signed using @@ -265,7 +270,7 @@ NOTE: All voucher types include a 'Pledge ID serial number' <section title="Voucher" anchor="voucher"> - <t>The voucher's purpose is to securely assign a pledge to an owner. + <t>The voucher's primary purpose is to securely assign a pledge to an owner. The voucher informs the pledge which entity it should consider to be its owner.</t> -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima