IETF Logo Mail Archive

Re: [Anima] security review issue 11: what if MASA refuses to provide a voucher #88

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 30 November 2018 03:45 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 709261277CC for <anima@ietfa.amsl.com>; Thu, 29 Nov 2018 19:45:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vvIjCYY-__4g for <anima@ietfa.amsl.com>; Thu, 29 Nov 2018 19:45:10 -0800 (PST)
Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A85C1126BED for <anima@ietf.org>; Thu, 29 Nov 2018 19:45:10 -0800 (PST)
Received: by mail-pg1-x530.google.com with SMTP id 17so1905437pgg.1 for <anima@ietf.org>; Thu, 29 Nov 2018 19:45:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=0WgTbb/OQbjNQ/eoIrP+1Z8qBf2P3jKzVkzloK/V4As=; b=NT48793pWGu70r212cpGGA8q1CvCM8DsSXUZz3kViDOJuPHmYpG6XPscuDo3YQuFY9 nsMbPu/MZBb7upValXC5YSwuT2MEw2I7nPLCkAtxY2zvXyQS9ydFLDgQ/wNCJr1gZ8vq uf66EaO/OeaGkmjW5FadDoNwa0+A/JocKro8Rgr2v1a2zsQpWMafBUfiasFE/pR/9o78 2Yntls626HMrNniie/8rWglKDBNZ4EmDrq/ffAMhZ+MQKnX3L63xhn1h46DqKP3BIr2l w7o4b7HnRRmrOh3VCbVxFZCzUuwdycUTSrgQ1fefJsH5bwd9tPTUP8emNqLcYrb0H6Yx whRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=0WgTbb/OQbjNQ/eoIrP+1Z8qBf2P3jKzVkzloK/V4As=; b=UP6bPrWk1cF1610fltbW2wYlrbdyiIfzUJAGqLlDD7gSs9pfY6gsJ51UqBVBTNX38u P8GMDdfF5AWoYlNy3sOUdFjbRpH4abXaaUDWN7Wp55RoXPymPCzA+Mn+zHpRErm4Q+wq gAxUUBzbm3n9M3hfgyc+aw5eW4sXpiVF/5KtX/xNZwEAlzNR3ZcANXn6TGivexh7myYR FwN92Ari7TbdvaDgFHSc9ZAxaP5Mug/3UYe+JVz3TaBip63zbdKPcMvbB/1Fkk6s7fTy vTncodzrcQUT9EQl4/G2f3JBqNh9TlxR490t3hg9Ivnp2RLX57nc/jfXi7QfrhpnkKq1 KjBg==
X-Gm-Message-State: AA+aEWaSJgDtUUy1GfZqwwUPZmS9lt+pGAWqdL6pvNDWzRQbiLg3z4He a+JlhiwnwjI73QB4G825ZuG9aKNd
X-Google-Smtp-Source: AFSGD/W5XNWgLzh4om5ZTNLUOhMij0w2sUhORIW1etWkYi8NsJ4hJ5CB32+m9vliWtFzVaGH3zzIxA==
X-Received: by 2002:aa7:8354:: with SMTP id z20mr3984040pfm.81.1543549509966; Thu, 29 Nov 2018 19:45:09 -0800 (PST)
Received: from [192.168.178.30] ([118.148.76.40]) by smtp.gmail.com with ESMTPSA id z7sm5860674pga.6.2018.11.29.19.45.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Nov 2018 19:45:08 -0800 (PST)
To: Michael Richardson <mcr+ietf@sandelman.ca>, anima@ietf.org
References: <153826253306.18743.9250084704876465818@ietfa.amsl.com> <153874289877.989.15433226866680411112@ietfa.amsl.com> <24358.1543530974@dooku.sandelman.ca> <7970.1543544813@dooku.sandelman.ca>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <2e4d2c8f-67be-a78e-5930-b078e60f694b@gmail.com>
Date: Fri, 30 Nov 2018 16:45:03 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1
MIME-Version: 1.0
In-Reply-To: <7970.1543544813@dooku.sandelman.ca>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/LimzJ_cF4N2rY42Z6pAlrfBSHEM>
Subject: Re: [Anima] security review issue 11: what if MASA refuses to provide a voucher #88
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 03:45:13 -0000

On 2018-11-30 15:26, Michael Richardson wrote:
> 
> https://github.com/anima-wg/anima-bootstrap/issues/88
> 
>> What happens if the MASA refuses to provide a voucher, or provides a wrong
>> voucher? Can the MASA be used to restrain commerce with specific countries?
>> Is that a feature or a bug?
> 
> BRSKI does not eliminate other mechanisms of enrolling devices.
> If the vendor eliminates all other ways of enrolling devices, then yes, it
> could be used as a restraint.  But, many vendors already restrict which
> firmware can be used in which countries, and by which customers.
> 
> It's a feature that the MASA can be used to defer theft.
> It's a bug that the MASA can be used to prevent resale.
> I'd love to resolve the situation, but I don't know how.

The feature is good. The bug is a regulatory issue; IANAL
but in any case (as with DRM) it's completely outside the IETF's
control.

Imagine a military device in such a context. You pull the trigger
and the gun pops up a window saying "Not authorised for use
in Elbonia." From most viewpoints, that's a Good Thing.

   Brian

v2.23.0 | Report a Bug | By Email