Eliot Lear <l...@cisco.com> wrote:
>> On 13 Jul 2019, at 17:10, Michael Richardson <mcr+i...@sandelman.ca>
>> wrote:
>>
>> Signed PGP part
>>
>> Eliot Lear <l...@cisco.com> wrote:
>>> I think the simplest way to address the bulk of both Adam’s and
>>> Warren’s concern is to require the device to emit via whatever
>>> management interface exists, upon request, a voucher that it has
>>> signed with its own iDevID. It would have to be nonceless with
>>> perhaps a long expiry, and that would cover a number of other use
>>> cases as well. That way if the manufacturer goes out of business, or
>>> if the owner wants to transfer the device without manufacturer
>>> consent, there is a way forward.
>>
>> 1) would it have a pinned-domain-cert for the new owner, or would it
>> be some kind of wildcard/bearer voucher?
> Again, I think this is a matter for the seller, and also a matter for
> the seller as to when the voucher is generated, so that it doesn’t need
> to lie around. I was also thinking that this would be the sort of
> thing that could be printed out, either in a QR or OCR form, if
> necessary.
But, the pledge has to be programmed to do the validation we describe.
>> 2) what would the management interface be, specifically, how would it
>> be secured?
> The reason I mentioned CIP and Profinet in a previous message is that
> once the device is bootstrapped, if it has a management interface, that
> is what should be used. Adding new services on a device is
> undesirable. This covers the case when the manufacturer becomes
> unavailable. However, it should be viewed as a backstop. See below.
I am completely unfamiliar with those protocols.
I would very much like to define a way to update voucher validation trust
anchors in that.
> Another way to look at this would be to for the manufacturer to ping
> the owner periodically to reconfirm ownership. If the owner fails to
> respond, allow another owner to transfer the device. Or… simply ping
> the owner when a transfer request is made. But these require that the
> MASA be present.
This is a good sales channel integration point, and might be a win-win for
many manufacturers and operators.
Why pay for support on devices that are no longer used?
Why generate security patches for devices no longer used?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
