Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 14 July 2019 22:18 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F1A2120189; Sun, 14 Jul 2019 15:18:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.859
X-Spam-Level:
X-Spam-Status: No, score=-2.859 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_24_48=1.34, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QPgtY8edVoS3; Sun, 14 Jul 2019 15:18:52 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35E851200B4; Sun, 14 Jul 2019 15:18:52 -0700 (PDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id BB43F3818E; Sun, 14 Jul 2019 18:18:50 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 36B24FE2; Sat, 13 Jul 2019 11:13:32 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Benjamin Kaduk <kaduk@mit.edu>
cc: Eliot Lear <lear@cisco.com>, draft-ietf-anima-bootstrapping-keyinfra@ietf.org, Adam Roach <adam@nostrum.com>, anima-chairs@ietf.org, The IESG <iesg@ietf.org>, Toerless Eckert <tte+ietf@cs.fau.de>, anima@ietf.org
In-Reply-To: <20190711214847.GA16418@kduck.mit.edu>
References: <156282703648.15280.17739830959261983790.idtracker@ietfa.amsl.com> <17580.1562874933@localhost> <ACEB4033-707F-47AF-B58A-5227B444BEAB@cisco.com> <20190711214847.GA16418@kduck.mit.edu>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Sat, 13 Jul 2019 11:13:32 -0400
Message-ID: <2499.1563030812@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/RnNkGSL7F5xAPi3e9ha730tghPw>
Subject: Re: [Anima] Adam Roach's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Jul 2019 22:18:57 -0000

Eliot> I think the simplest way to address the bulk of both Adam’s and
Eliot> Warren’s concern is to require the device to emit via whatever
Eliot> management interface exists, upon request, a voucher that it has
Eliot> signed with its own iDevID.  It would have to be nonceless with
Eliot> perhaps a long expiry, and that would cover a number of other use
Eliot> cases as well.  That way if the manufacturer goes out of business, or
Eliot> if the owner wants to transfer the device without manufacturer
Eliot> consent, there is a way forward.

Benjamin Kaduk <kaduk@mit.edu> wrote:
    > An interesting thought.  Would there be a way (or a need) to usefully
    > audit such voucher issuance?

The vendor would be unable to provide any record of them being issued.
The device could provide an audit log.  Perhaps we could use some kind of
merkle tree such that every such voucher had a record of all previous ones,
going back to the original MASA issue voucher.

I had originally considered this to be the right way to do resale, but many
others thought it too complex.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-