Max Pritikin (pritikin) <[email protected]> wrote: > > On Dec 11, 2018, at 3:23 PM, Michael Richardson <[email protected]> > > wrote: > > > > > > Panos Kampanakis (pkampana) <[email protected]> wrote: > >> I was assuming it was mandatory in the current draft, but I was wrong. As > >> you suggest it is not clear in the -17 version. I do think that an unsigned > >> voucher should make it to the MASA, like a signed one would, for > >> consistency. > > > > okay, I'm glad that we agree that it should be consistent. > > > > I'm not convinced it's worth having unsigned pledge requests at all. > > Sadly I think we still have to respect folks that are worried about the > extra crypto operations on the pledge. Particularly given the > size/complexity of a CMS signature. IF we’d gone with a jwt/cwt signature > I’d be more open to “just sign everything”.
Okay, but constrained vouchers signed with COSE? We weren't sure we'd have that when we did the unsigned pledge request. > I respect the desire to forward the unsigned request “for consistency” but > disagree. My reasoning is that the unsigned request is *not signed* and > therefore can NOT provide any value to the MASA. As such including it in > the messages is simply additional overhead and opportunity for a MASA to > mess up and, for example, use the nonce from it even if the Registrar > doesn’t want a nonce (or other weird bugs that would be difficult to notice > until they were a pain). I definitely see your point. -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
