Owen Friel (ofriel) <ofr...@cisco.com> wrote: > I think its more accurate to state:
> “What a CUSTOMER wants to avoid is a pledge joining a network where > the MASA just does the logging and does no validation, without any > other means to determine that the device is on the correct network.” > E.g. I plug in a wi-fi device and it connects to the SSID of the > company on the floor below me. Ah! This I can comprehend. > The MASA cannot help with this unless there is complex sales channel > integration and the MASA explicitly knows in advance exactly what > network each pledge will be connecting to. A potential option is to > also require the registrar to provide some proof of ownership to the > MASA in the VoucherRequest. Max, Kent and I discussed the possibility that there would be a QR code in the packaging that would act as proof of ownership. What we concluded was that this would be a protocol on-top-of BRSKI. Instead of trying to integrate that into BRSKI, what the QR code would do is permit the Registrar to set up *sales channel integration* with the MASA. This would be a new extension to the BRSKI-MASA channel. This requires the MASA to cooperate. If the vendor doesn't support that, then the answer is that you bought the wrong product :-) I hope to start a document on this this summer as part of work I'm doing to build a secure home gateway for IoT use. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima