Eliot Lear <l...@cisco.com> wrote: >> On 13 Jul 2019, at 17:10, Michael Richardson <mcr+i...@sandelman.ca> >> wrote: >> >> Signed PGP part >> >> Eliot Lear <l...@cisco.com> wrote: >>> I think the simplest way to address the bulk of both Adam’s and >>> Warren’s concern is to require the device to emit via whatever >>> management interface exists, upon request, a voucher that it has >>> signed with its own iDevID. It would have to be nonceless with >>> perhaps a long expiry, and that would cover a number of other use >>> cases as well. That way if the manufacturer goes out of business, or >>> if the owner wants to transfer the device without manufacturer >>> consent, there is a way forward. >> >> 1) would it have a pinned-domain-cert for the new owner, or would it >> be some kind of wildcard/bearer voucher?
> Again, I think this is a matter for the seller, and also a matter for > the seller as to when the voucher is generated, so that it doesn’t need > to lie around. I was also thinking that this would be the sort of > thing that could be printed out, either in a QR or OCR form, if > necessary. But, the pledge has to be programmed to do the validation we describe. >> 2) what would the management interface be, specifically, how would it >> be secured? > The reason I mentioned CIP and Profinet in a previous message is that > once the device is bootstrapped, if it has a management interface, that > is what should be used. Adding new services on a device is > undesirable. This covers the case when the manufacturer becomes > unavailable. However, it should be viewed as a backstop. See below. I am completely unfamiliar with those protocols. I would very much like to define a way to update voucher validation trust anchors in that. > Another way to look at this would be to for the manufacturer to ping > the owner periodically to reconfirm ownership. If the owner fails to > respond, allow another owner to transfer the device. Or… simply ping > the owner when a transfer request is made. But these require that the > MASA be present. This is a good sales channel integration point, and might be a win-win for many manufacturers and operators. Why pay for support on devices that are no longer used? Why generate security patches for devices no longer used? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima