Owen Friel (ofriel) <ofr...@cisco.com> wrote:
> I think its more accurate to state:
> “What a CUSTOMER wants to avoid is a pledge joining a network where
> the MASA just does the logging and does no validation, without any
> other means to determine that the device is on the correct network.”
> E.g. I plug in a wi-fi device and it connects to the SSID of the
> company on the floor below me.
Ah! This I can comprehend.
> The MASA cannot help with this unless there is complex sales channel
> integration and the MASA explicitly knows in advance exactly what
> network each pledge will be connecting to. A potential option is to
> also require the registrar to provide some proof of ownership to the
> MASA in the VoucherRequest.
Max, Kent and I discussed the possibility that there would be a QR code in
the packaging that would act as proof of ownership. What we concluded was
that this would be a protocol on-top-of BRSKI.
Instead of trying to integrate that into BRSKI, what the QR code would do is
permit the Registrar to set up *sales channel integration* with the MASA.
This would be a new extension to the BRSKI-MASA channel.
This requires the MASA to cooperate. If the vendor doesn't support that,
then the answer is that you bought the wrong product :-)
I hope to start a document on this this summer as part of work I'm
doing to build a secure home gateway for IoT use.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
