Based upon private emails about interoperation attempts, I opened:
https://github.com/anima-wg/anima-bootstrap/issues/47https://tools.ietf.org/html/draft-ietf-anima-bootstrapping-keyinfra-12#section-2.3.1 explains how a serial-number voucher field is derived from the IDevID fields. It does not say which party does this. The Pledge can do it when it forms it's voucher-request. However, if the pledge does not do so, is it valid to send a voucher-request without a serial-number field, and assume that the Registrar will do the same thing to find the serial-number from the IDevID? The problem with having any entity other than the Pledge do the calculation is that it's the Pledge that will be comparing the resulting voucher, and as there are multiple ways to produce the serial-number, and they might not be identical, a voucher could be issued that the Pledge can not verify. If section 2.3.1 should be applied on the pledge, then we should perhaps say that more clearly in that section. The VOUCHER YANG says that the field is mandatory. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
