Eliot> I think the simplest way to address the bulk of both Adam’s and Eliot> Warren’s concern is to require the device to emit via whatever Eliot> management interface exists, upon request, a voucher that it has Eliot> signed with its own iDevID. It would have to be nonceless with Eliot> perhaps a long expiry, and that would cover a number of other use Eliot> cases as well. That way if the manufacturer goes out of business, or Eliot> if the owner wants to transfer the device without manufacturer Eliot> consent, there is a way forward.
Benjamin Kaduk <ka...@mit.edu> wrote:
> An interesting thought. Would there be a way (or a need) to usefully
> audit such voucher issuance?
The vendor would be unable to provide any record of them being issued.
The device could provide an audit log. Perhaps we could use some kind of
merkle tree such that every such voucher had a record of all previous ones,
going back to the original MASA issue voucher.
I had originally considered this to be the right way to do resale, but many
others thought it too complex.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
