Eliot Lear <l...@cisco.com> wrote:
>> This lets you use nonced vouchers, potentially with expiry dates.
>> Maybe very long expiry dates. Or maybe your personnel-safety-critical
>> equipment has a best-before date, and so it's acceptable for you to
>> have vouchers only until that date.
> One approach I would like would be to get the voucher size down to the
> point where it could reasonably fit into a QR code. Then it's a scan.
> I see that as future work.
current constrained voucher:
dooku-[projects/pandora/highway](2.4.1) mcr 10028 %ls -l
tmp/voucher_00-D0-E5-F2-10-03.vch
-rw-r--r-- 1 mcr mcr 800 Oct 2 23:06 tmp/voucher_00-D0-E5-F2-10-03.vch
Note that this does not include the key that did the signing (the MASA key),
and I think that this pins a certificate rather than a Raw Public Key,
so it could be smaller. (I have to check what I put in that one)
It's okay not to include the signing key inside, as the pledge already
has it. The Registrar ("owner's trust controller") would like to have that
key to audit the signature, but that can be done outside of the voucher.
It converts to QR code just fine:
http://www.sandelman.ca/tmp/qr1.png
Probably needs to have some URI or some such to tell things what is inside.
However, not many devices we care about (whether routers or lightbulbs)
have cameras. If there is some smartphone interaction, then that's a
different thing, and DPP could work, provided we get the APIs that we need to
make it deployable.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
