> If the MASA goes away or is compromised, then all the devices
>  from that manufacturer can not be proved to not be counterfeit.

If each Device has a manufacturer issued Certificate with the private key in 
secure storage like a TPM then the verification of a Device can happen as long 
as the Operator has a copy of the Manufacturer CA.
This was our original model until someone raised BRSKI.

 > That would lead to the conclusion that it is okay for the operator in the
 > next suite (or next cabinet in a DC, or adjacent distillation tower in a
 > refiner), to use the device in my suite/cabinet/tower.

The Operator decides what Devices go on the networks the Operator controls.
As long as a system is in place to allow the Operator (not the Manufacturer or 
MASA) to block access to a network then the network is secure.
The one risk which exists is theft. i.e. a thief can't be prevented from using 
a stolen device.
I can see this being a high priority requirement for mobile phones but not for 
PLCs.

-----Original Message-----
From: Iot-onboarding <iot-onboarding-boun...@ietf.org> On Behalf Of Michael 
Richardson
Sent: August 7, 2019 2:15 PM
To: iot-onboard...@ietf.org; anima@ietf.org
Subject: Re: [Iot-onboarding] OPC and BRSKI


Randy Armstrong (OPC) <randy.armstr...@opcfoundation.org> wrote:
    > Counterfeit devices are huge issue in industrial automation. We need
    > this infrastructure so the Operators can assure themselves that the
    > Devices they plug into their network are genuine.

So, just to inject some existential angst:
   If the MASA goes away or is compromised, then all the devices
   from that manufacturer can not be proved to not be counterfeit.

Note that the MASA going away is not the same as the Manufacturer going away.

    > OTOH, Operators don’t need to prove their right to use a Device. If an
    > Operator has a Device they are entitled to use it (i.e. Devices can be
    > sold/transferred without approval from the manufacturer).

I'm not sure you really mean to say it this way :-)
  That would lead to the conclusion that it is okay for the operator in the
  next suite (or next cabinet in a DC, or adjacent distillation tower in a
  refiner), to use the device in my suite/cabinet/tower.

The key problem is the verb "has" needs to be made very clear.

--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works  -= IPv6 
IoT consulting =-



_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Reply via email to