Re: [Anima] I-D Action: draft-richardson-anima-voucher-delegation-00.txt
Michael Richardson <mcr+ietf@sandelman.ca> Tue, 21 January 2020 14:49 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B82C12009E for <anima@ietfa.amsl.com>; Tue, 21 Jan 2020 06:49:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hd9lEDDa9H-k for <anima@ietfa.amsl.com>; Tue, 21 Jan 2020 06:49:45 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD2C3120090 for <anima@ietf.org>; Tue, 21 Jan 2020 06:49:44 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 2600B3897C; Tue, 21 Jan 2020 09:49:12 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id AFCE0E99; Tue, 21 Jan 2020 09:49:43 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
cc: Anima WG <anima@ietf.org>
In-Reply-To: <5e6201ff-dae2-8e89-c520-d42db4450736@gmail.com>
References: <157834858103.8080.6136531026469791288@ietfa.amsl.com> <5e6201ff-dae2-8e89-c520-d42db4450736@gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Tue, 21 Jan 2020 09:49:43 -0500
Message-ID: <21530.1579618183@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/1fJNhsXSmTn1dMrUZFmLvldq2Fk>
Subject: Re: [Anima] I-D Action: draft-richardson-anima-voucher-delegation-00.txt
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 14:49:50 -0000
Brian E Carpenter <brian.e.carpenter@gmail.com> wrote: > Again I'm outside my comfort zone, but the Abstract says: >> This chain of authorization can support >> permission-less resale of devices, as well as guarding against >> business failure of the BRSKI [I-D.ietf-anima-bootstrapping-keyinfra] >> Manufacturer Authorized Signing Authority (MASA). > I'd really appreciate a worked example for both of these cases. > Maybe that will come in the Applicability sections? Sure that's a reasonable request. > In particular section 5.1 says: >> The Registrar needs to be informed that it should not contact a MASA >> using the URL in the IDevID, but rather to contact the previous >> owner's DASA. > What happens if the previous owner went bust and its DASA no longer exists? At first look, that is equivalent to the MASA going bust: you can no longer autonomically onboard the device. It would have to be done manually. But, actually one can go back to any previous DASA, or back to the MASA, to ask for a new voucher. So it's equivalent only if all of the previous owners/manufacturers are bust. This ability is a potential security threat, and deserves some discussion. Should there be a way that we can revoke a previous delegation voucher? Does it require cooperation of the manufacturer? I think it is reasonable for companies that buy assets of dead companies to be able to go to the manufacturer for a DASA that would allow them to resell the equipement. I've tried to engage with a company I know of that does this to try to understand how things flow today. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- Re: [Anima] I-D Action: draft-richardson-anima-vo… Brian E Carpenter
- Re: [Anima] I-D Action: draft-richardson-anima-vo… Michael Richardson