Benjamin Kaduk <ka...@mit.edu> wrote:
    > Apparently I only have one comment buried inline.  We must be making
    > progress :)

    >> > The audit log is a defense against this in that it allows for
    >> post-facto > discovery of misuse?  Or is there some pre-issuance
    >> authorization check > going on.  > I think I may need some section
    >> references to where the authorization > policy (options) are
    >> documented; I've lost a bit of state on this one.
    >> 
    >> That's right, the audit log provides discovery of mis-use.  The check
    >> belongs prior to issurance of an LDevID, and may be repeated regularly
    >> afterwards.
    >> 
    >> I think you are asking for a list of MASA authorization policy
    >> options.  We do not have such a menu of options, and I'm reluctant to
    >> write them down normatively at this point, as I think that there are
    >> combinations we do not yet understand.
    >> 
    >> 5.5.3 points out that nonceless vouchers need more authorization.
    >> Other parts of 5.5 provide other options.  Please let me know if you
    >> think this is insufficient for a Proposed Standard.

    > I think I'd like to see a small addition after/near "[t]his
    > verification is only a consistency check that the unauthenticated
    > domain CA intended the voucher-request signer to be a registrar"
    > (perhaps at the end of the paragraph?) noting something like "since the
    > domain CA is unauthenticated to the MASA, depending on MASA policy,
    > vouchers not authorized by the pledge owner may be issued; the MASA
    > audit log can be used to detect such missisuance".

I've added:

          <t>
            Even when a domain CA is authenticated to the MASA, and there is
            strong sales channel integration to understand who the legitimate
            owner is, the above cmcRC check prevents arbitrary End-Entity
            certificates (such as an LDevID certificate) from
            having vouchers issued against them.
          </t>
          <t>
            Other cases of inappropriate voucher issuance are detected
            by examination of the audit log.
          </t>

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     m...@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


Attachment: signature.asc
Description: PGP signature

_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Reply via email to