Hi Adam > On 12 Jul 2019, at 00:25, Adam Roach <[email protected]> wrote: > > > The smallest change that would satisfy my concern would be a statement that > says that devices conformant to this specification MUST contain a local means > of bootstrapping that does not rely on any specific server being available. > As with the security requirements we write into our specs, we'll have no > means of enforcement. But as with the security requirements we write into our > specs, we'll give interested parties just that little bit more leverage that > might tip the scales towards the correct behavior.
I think this is easily possible within the paradigm of the document after the device has first been onboarded. At this stage, I would also suggest that the MUST be a SHOULD for another reason: there may be cases where it is in the customer best interest to prevent onboarding of a device just through proof of possession. I am thinking of anti-theft mechanisms. Having a discussion of this and the risks of not having any on-prem method ever seems like a reasonable add. Eliot
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
