> On Dec 11, 2018, at 3:23 PM, Michael Richardson <[email protected]> wrote: > > > Panos Kampanakis (pkampana) <[email protected]> wrote: >> I was assuming it was mandatory in the current draft, but I was wrong. As >> you suggest it is not clear in the -17 version. I do think that an unsigned >> voucher should make it to the MASA, like a signed one would, for >> consistency. > > okay, I'm glad that we agree that it should be consistent. > > I'm not convinced it's worth having unsigned pledge requests at all.
Sadly I think we still have to respect folks that are worried about the extra crypto operations on the pledge. Particularly given the size/complexity of a CMS signature. IF we’d gone with a jwt/cwt signature I’d be more open to “just sign everything”. I respect the desire to forward the unsigned request “for consistency” but disagree. My reasoning is that the unsigned request is *not signed* and therefore can NOT provide any value to the MASA. As such including it in the messages is simply additional overhead and opportunity for a MASA to mess up and, for example, use the nonce from it even if the Registrar doesn’t want a nonce (or other weird bugs that would be difficult to notice until they were a pain). - max > > -- > Michael Richardson <[email protected]>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
