William Atwood <[email protected]> wrote: > I have been reading the BRSKI I-D. While the I-D is pretty clear as to > what happens when everything goes as planned, I am finding it very > difficult to understand what will happen when a Pledge contacts a > Registrar for a different domain.
By definition, the pledge hasn't joined a domain yet, so question doesn't
make sense actually. There isn't a "different domain" yet.
> Consider the following scenario:
> Domain A Domain B
> .............................. ...............................
> . --------- . . --------- .
> . | Reg A | . . | Reg B | .
> . --------- . . --------- .
> . . . .
> . . . .
> . ----------- . . ----------- .
> . | Proxy A | . . | Proxy B | .
> . ----------- . . ----------- .
> .............................. ...............................
> ----------
> | Pledge |
> ----------
> A Pledge is at the edge of Domain A (which it should join) and has
> discovered Proxy A. It is also at the edge of Domain B, and has
> discovered Proxy B. It then begins the steps outlined in Figure 2, and
> by chance chooses to contact the Registrar offered by Proxy B.
> While I understand that this attempt to register will fail, it is not
> clear at what point the Pledge will realize that this is the wrong
> Registrar, and move on to the next discovered Proxy. Clearly the Proxy
> does not know; it is only a conduit. Does the Registrar have enough
> information, or is it only after the voucher is issued (or not issued)
> by the MASA that the decision can be made?
It is only after the voucher has been issued that the pledge knows if it can
join a particular domain. In the case of nonce-ful logged proximity (no
sales channel integration), the MASA will assign the pledge to whichever
domain the pledge talks to.
If there is a "correct" domain, and the MASA knows about it, then it will
only issue a voucher that way. An attempt by the "wrong" domain to register
the pledge will result in no voucher.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
