>> It's true that EST isn't used, but there is a mutually-authenticated >> TLS connection to the SZTP bootstrap server, which is effectively the >> same as BRSKI's Registrar. > > It's not clear to me that this always occurs in the USB or DHCP cases :-)
To your smiley-face, the ultimate USB use-case entails using no network at all, so you're right that there is no mutually-authenticated TLS connection then! For all other cases, it's actually possible that the bootstrapping event may lead to a mutually-authenticated TLS connection. It entails the device consuming "signed data", which means it needs also an "ownership voucher" as well as an "owner certificate". [note: terms in "quotes" are defined in RFC 8572] >> Sounds correct, but clarifying: > >> 1) the current keystore model is all about enabling a controller/NMS >> application to configure/set/push keys and associated end-entity >> certificates to a device. > >> 2) there is a suggestion that the keystore model could/should be >> extended to support ACME (or similar), in which case one might claim >> that the device had "pulled" an end-entity certificate from a "securely >> identified server" (dropping the "EST" part). > >> 3) the truststore model (draft-ietf-netconf-trust-anchors) can be used >> by a controller/NMS application to configure/set/push trust-anchor >> certs used, e.g., to verify a remote server's end-entity certificate. > > But, more interestingly, it can be used to update the trust anchors, to > enable a resale/transfer of ownership! I think I see a smiley-face here too ;) But, seriously, no. It's expected that decommissioning will returned a device back to its factory default state. No manufacturer will agree that it is anything other than the state of the device when it was manufactured. Anything other than that could be leveraged to mount an attack. Change in ownership-assignment needs to occur through some other means, of which there are many but, in the end, if the 2nd-owner cares about the security (not just the convenience) of bootstrapping, then they are strongly advised to purchase never before used equipment. Kent
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
