On 11-Jul-19 14:56, Michael Richardson wrote:
>
> Alissa Cooper via Datatracker <[email protected]> wrote:
> > I apologize if I'm misunderstanding how this works, but I didn't see
> much
> > discussion in the document about the implications of the manufacturer
> going out
> > of business. Specifically, it seems like if a device ships with BRSKI
> as its
> > only available mechanism for bootstrapping and the manufacturer goes
>
> Section 7 provides some detail on a number of mechanisms that a manufacturer
> could chose to include that would permit a device to be onboarded with
> reduces levels of trust.
> Section 7.2 specifically mentions onboarding via serial-console.
>
> (This situation is really no different from buying an iPhone 4 and then
> complaining that you can't make it work because Apple won't give you
> software that is secure, and since it's insecure, they won't onboard you,
> except that you get a serial-console)
Alissa, I've been concerned about this aspect since the -00 draft,
especially for the case of air-gap deployments where the MASA is in
any case inaccessible. I think it is indeed covered by section 7, which
also mentions the need for future work. But it seems better to document
the basic mechanism first.
>
> > = Section 1.3.1 =
>
> > "But this solution is not exclusive to large equipment: it is intended
> > to scale to thousands of devices located in hostile environments,
> > such as ISP provided CPE devices which are drop-shipped to the end
> > user."
>
> > I don't quite understand how this squares with the scope limitation
> described
> > in Section 1 and Section 9. If the whole network is professionally
> managed by
> > the ISP, what part would be the "hostile environment"?
>
> The thousands of CPE devices (cable modems, VDSL modems, ISP provided home
> routers) can be taken apart by the home owner. If such devices have IDevID
> in a TPM module, then enrollment can be done securely.
The same applies to equipment in street cabinets or shared premises, which
might be physically accessible to bad actors (or untrustworthy employees).
Brian
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
