Eliot Lear <l...@cisco.com> wrote:
    > Whether such a voucher would be pinned is something we do not have to
    > specify, with the risks of it not being pinned being born by the owner.

I beg to differ!
I think that the security properties are vastly different.
It's why we decided when creating RFC8366 not to do bearer tokens.  
We simply didn't think we were competent enough to specify it tightly enough
to not become a security disaster.

An unpinned voucher is some kind of bearer token, and if disclosed has
significant operational risk.  As such, keeping it around/online is a serious
issue.

A voucher pinned to the public part of a keypair whose private key is
kept offline (to be turned over to a new owner) is different because there
are potentially far fewer things to keep private.  Worse case, it's perhaps
the same, I would agree.

The bigger problem is that I don't see a way to define such an artifact in a
timely fashion, nor do I know which WG we'd do it in.

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     m...@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [ 
        

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Reply via email to