This goes back to your observation from the content-type discussion:
"Data items not mentioned SHOULD be ignored."
BUT: Vendors (running MASA) could be very curious. Lightbulbs enrolling
may want to encode in some opague data of the VR (such as the cert)
information spoofed about the environment, such as the wifi BSSIDs
it sees, aka: Mac Addresses of WiFi APs. This is what google for example
uses to guess where you are on the planet.
Given how some ANIMA observers are concerned about MASA/Vendors,
i think we should do our best to avoid unnecessary side channel
opportunities.
So: Why would we not want to specify that pledge MUST NOT include
into the voucher elements not explicitly mentioned in the document ?
Cheers
Toerless
On Mon, Jul 26, 2021 at 10:15:17PM -0400, Michael Richardson wrote:
>
> In the hackathon work a Registrar implementor noticed an x5bag on the
> BRSKI-EST link (Pledge->Registrar)
>
> I think that the DTLS Client Certificate (and chain) is always better.
> But, I guess we should say something about why the Registrar should prefer to
> use that instead.
>
> So pledge can put stuff in that doesn't belong, but it will get ignored.
>
> https://github.com/anima-wg/constrained-voucher/issues/145
>
>
> --
> Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
> Sandelman Software Works Inc, Ottawa and Worldwide
>
>
>
>
> _______________________________________________
> Anima mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/anima
--
---
[email protected]
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
