Re-reading... This errata was about RFC8995, but really, it was about voucher(-request) module, so it applies to RFC8366bis. In the ietf-voucher.yang, we have:
description
"The Authority Key Identifier OCTET STRING (as defined in
Section 4.2.1.1 of RFC 5280) from the pledge's IDevID
certificate. Optional since some serial-numbers are
already unique within the scope of a MASA.
Inclusion of the statistically unique key identifier
ensures statistically unique identification of the
hardware.
When processing a voucher, a pledge MUST ensure that its
IDevID Authority Key Identifier matches this value. If no
match occurs, then the pledge MUST NOT process this
voucher.
When issuing a voucher, the MASA MUST ensure that this
field is populated for serial-numbers that are not
otherwise unique within the scope of the MASA.";
There is no other text in RFC8366bis about idevid-issuer.
The MASA knows (by construction) if serial-numbers are unique across the
entire manufacturer, or not. If not, then the manufacturer would always
include the idevid-issuer in it's vouchers.
Similiarly, the Pledge would know (by construction) if it always needs to
include it or not.
I'm happy to mark this errata as closed by RFC8366bis.
That needs a new section, I think...
https://github.com/anima-wg/voucher/commit/64056649c836f7b9fd4094d827e2d04860e41a3e
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list -- [email protected] To unsubscribe send an email to [email protected]
