Eliot Lear <l...@cisco.com> wrote: > Whether such a voucher would be pinned is something we do not have to > specify, with the risks of it not being pinned being born by the owner.
I beg to differ! I think that the security properties are vastly different. It's why we decided when creating RFC8366 not to do bearer tokens. We simply didn't think we were competent enough to specify it tightly enough to not become a security disaster. An unpinned voucher is some kind of bearer token, and if disclosed has significant operational risk. As such, keeping it around/online is a serious issue. A voucher pinned to the public part of a keypair whose private key is kept offline (to be turned over to a new owner) is different because there are potentially far fewer things to keep private. Worse case, it's perhaps the same, I would agree. The bigger problem is that I don't see a way to define such an artifact in a timely fashion, nor do I know which WG we'd do it in. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima