On 13-Jul-22 09:51, Michael Richardson wrote:
Brian E Carpenter <[email protected]> wrote:
> Just trying to check my understanding. In section 5.5.1 we have:
I'm behind on their latest changes, but I'll catch up.
> In 5.4.2 we have:
>> The registrar-agent MAY use
>>
>> * "product-serial-number._brski-pledge._tcp.local", to discover a
>> specific pledge, e.g., when connected to a local network.
>>
>> * "_brski-pledge._tcp.local" to get a list of pledges to be
>> bootstrapped.
> So where does the list at "_brski-pledge._tcp.local" come from? Is
> that configured in the same way as section 5.5.1 suggests, except that
> it's configured into the host providing _brski-pledge._tcp.local?
The Registrar-Agent does an mDNS query _brski-pledge._tcp.local to discover
all the pledges on the local LAN. It will receive multiple answers,
of the product-serial-number._brski-pledge._tcp.local form, I think.
Oh. I didn't know mDNS could do that.
> In any case, isn't the list of pledges itself a point of attack for
> someone attempting to install a rogue device? So the security of the
> list of pledges should perhaps be discussed in the Security
> Considerations, even though it's outside the protocol itself.
The Rogue device would have to come from a certified Manufacturer, i.e. one
known to the Registrar. As per RFC8995 section 11.5:
"Manually configuring each manufacturer's trust anchor."
...
but, perhaps I don't understand your question well enough.
Even so, it could be an unexpected device, couldn't it? Or am I
allowed to install an extra keypad on a door without adding
it to a database?
Brian
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
