> On 11 Jul 2019, at 23:48, Benjamin Kaduk <ka...@mit.edu> wrote: > > On Thu, Jul 11, 2019 at 11:44:55PM +0200, Eliot Lear wrote: >> One thought: >> >> I think the simplest way to address the bulk of both Adam’s and Warren’s >> concern is to require the device to emit via whatever management interface >> exists, upon request, a voucher that it has signed with its own iDevID. It >> would have to be nonceless with perhaps a long expiry, and that would cover >> a number of other use cases as well. That way if the manufacturer goes out >> of business, or if the owner wants to transfer the device without >> manufacturer consent, there is a way forward. > > An interesting thought. Would there be a way (or a need) to usefully audit > such voucher issuance? >
Now you’re asking tough questions ;-) “Usefully audit” is a bit loaded, but let me posit the following functions: Produce a voucher with an expiry of X pinned to domain Y Show a record of vouchers you’ve produced Add (the hash of) voucher X to a revocation list. Again, I would be hesitant to mandate a particular protocol for this sort of thing, but simply require the functions. In some cases it could be CIP (Common Industrial Protocol) while in others it might be Profinet, and perhaps it could be something we could shove into the TEAP draft (draft-lear-eap-teap-brski), though I am not a big fan of that approach. In other cases, it could be as simple as “Alexa [do one of the above]” ;-) The key point here is that at least the first buyer should be able to enjoy a seamless zero-touch onboarding experience. Eliot
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
