Re: [Anima] security review issue 11: what if MASA refuses to provide a voucher #88
Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 02 December 2018 19:42 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D89581294D0 for <anima@ietfa.amsl.com>; Sun, 2 Dec 2018 11:42:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XVatsPZvpZwo for <anima@ietfa.amsl.com>; Sun, 2 Dec 2018 11:42:39 -0800 (PST)
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD748126CC7 for <anima@ietf.org>; Sun, 2 Dec 2018 11:42:39 -0800 (PST)
Received: by mail-pl1-x62d.google.com with SMTP id k8so5296057pls.11 for <anima@ietf.org>; Sun, 02 Dec 2018 11:42:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=wlpgyJdfgFnbe8Q63YkdS7OUhhYlaXJa5eKsun3T1uM=; b=a31Ov+MMi3Usz9Y6aovihqHfsa/I2bBSBgRgDuoY5Ig4unER8+O4W+mSt3UPjjTLyx vKNZ2jgeKZ3js8Ts+bSO/xkgysXL+5Ao1g93vrgYGpPiHnXszclmQ18dcmzGszmMf9P/ 9dvbD2OtVDrSmGje0ip7xmIQ5b6eJ0kJz5w0A56FYD/Tu/bDAw5ybi7tTZyai1UBghw2 QiWYkrRQT5MumBOtp7y+kNELcnUIdckHjgSXMhbYDIuqZOWHKZZC9GkGZH9DRFm+/TCt xJYJ5NiOH3J6RYwNe6nL3bOLvXwE98BM/x0x8/BZhEiVn0DAN/jpFJFBks3QqiS+Wki1 SGmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=wlpgyJdfgFnbe8Q63YkdS7OUhhYlaXJa5eKsun3T1uM=; b=l4JZ8w013QfWErF6/Oz650iToa3/6G7G0PmvDGEZJZG08BTezVB5vYchIddC69UR9s razL63TaYf1LFf5h/tIm5X+sNqeNT7ekR4Fx1uzXy98IIt/4dr4+ip7UlLBw+Mdbhbd+ arzwR5qssMshs3mW9umVUJHCXFdzvvCOlBe2HbGIOP/H8UZYGKqui36KB4mO8SZRo6XU kk+LB7vvSoqzuB2n5DpytkZpOLtfcVrRVJpOgwq31j+cwX+Qb5Z8gSgEtkNtwpkfyxYY UqYILRIFTSV3BE5NmNgkOvR3CJFOKZ16QiX8h/i3slzmgHT4fH88UZCniG05hBoa6Zk7 y8aw==
X-Gm-Message-State: AA+aEWZZ+pa9cvFQ6Ilu8IrNkowvTmRjO6nonUEDL8eKLsy7J2jNrfyT dpXOjG5bJJCGLW2pEl6TZrKYBkfj
X-Google-Smtp-Source: AFSGD/VTCVtCuSua0UvzPj0qjp+3xQvEPJizViQZ8Ur8aQBO0i6G9A+v6MZJ86Xpjl2CU1nhpDICfw==
X-Received: by 2002:a17:902:7882:: with SMTP id q2mr13651382pll.305.1543779759139; Sun, 02 Dec 2018 11:42:39 -0800 (PST)
Received: from [192.168.178.30] ([118.148.76.40]) by smtp.gmail.com with ESMTPSA id z14sm18155756pgv.47.2018.12.02.11.42.37 for <anima@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 02 Dec 2018 11:42:38 -0800 (PST)
To: anima@ietf.org
References: <153826253306.18743.9250084704876465818@ietfa.amsl.com> <153874289877.989.15433226866680411112@ietfa.amsl.com> <24358.1543530974@dooku.sandelman.ca> <7970.1543544813@dooku.sandelman.ca> <2e4d2c8f-67be-a78e-5930-b078e60f694b@gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <0f875bcf-9b99-977f-ce3b-11ed63ae4273@gmail.com>
Date: Mon, 03 Dec 2018 08:42:33 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.2
MIME-Version: 1.0
In-Reply-To: <2e4d2c8f-67be-a78e-5930-b078e60f694b@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/vjBKB-Uyi0tcfZLEp8VjslL9hVA>
Subject: Re: [Anima] security review issue 11: what if MASA refuses to provide a voucher #88
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Dec 2018 19:42:42 -0000
A small clarification below... On 2018-11-30 16:45, Brian E Carpenter wrote: > On 2018-11-30 15:26, Michael Richardson wrote: >> >> https://github.com/anima-wg/anima-bootstrap/issues/88 >> >>> What happens if the MASA refuses to provide a voucher, or provides a wrong >>> voucher? Can the MASA be used to restrain commerce with specific countries? >>> Is that a feature or a bug? >> >> BRSKI does not eliminate other mechanisms of enrolling devices. >> If the vendor eliminates all other ways of enrolling devices, then yes, it >> could be used as a restraint. But, many vendors already restrict which >> firmware can be used in which countries, and by which customers. >> >> It's a feature that the MASA can be used to defer theft. >> It's a bug that the MASA can be used to prevent resale. >> I'd love to resolve the situation, but I don't know how. > > The feature is good. The bug is a regulatory issue; IANAL > but in any case (as with DRM) it's completely outside the IETF's > control. > > Imagine a military device in such a context. You pull the trigger > and the gun pops up a window saying "Not authorised for use > in Elbonia." From most viewpoints, that's a Good Thing. To be clear, the gun won't shoot because it failed to enrol when the Elbonian army deployed it. BRSKI happens, or doesn't happen, at enrolment time, not later. Brian
- [Anima] Secdir last call review of draft-ietf-ani… Christian Huitema
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] Secdir last call review of draft-ietf… Brian E Carpenter
- Re: [Anima] Secdir last call review of draft-ietf… Joel M. Halpern
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Christian Huitema
- Re: [Anima] Secdir last call review of draft-ietf… Eliot Lear
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] Secdir last call review of draft-ietf… Brian E Carpenter
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Eliot Lear
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] Secdir last call review of draft-ietf… Eliot Lear
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] Secdir last call review of draft-ietf… Ted Lemon
- Re: [Anima] Secdir last call review of draft-ietf… Christian Huitema
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Ted Lemon
- Re: [Anima] Secdir last call review of draft-ietf… Eliot Lear
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] Secdir last call review of draft-ietf… Brian E Carpenter
- Re: [Anima] Secdir last call review of draft-ietf… Joel M. Halpern
- Re: [Anima] Secdir last call review of draft-ietf… Ted Lemon
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Brian E Carpenter
- Re: [Anima] Secdir last call review of draft-ietf… Brian E Carpenter
- Re: [Anima] Secdir last call review of draft-ietf… Randy Bush
- Re: [Anima] [secdir] Secdir last call review of d… Uri Blumenthal
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Brian E Carpenter
- Re: [Anima] Secdir last call review of draft-ietf… Eliot Lear
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] Secdir last call review of draft-ietf… Michael Richardson
- Re: [Anima] [secdir] Secdir last call review of d… Max Pritikin (pritikin)
- [Anima] dealing with many the secdir and genart c… Michael Richardson
- Re: [Anima] [Gen-art] dealing with many the secdi… Brian E Carpenter
- [Anima] gen art issue 7: serial-number in voucher… Michael Richardson
- [Anima] security review issue 11: what if MASA re… Michael Richardson
- Re: [Anima] security review issue 11: what if MAS… Brian E Carpenter
- Re: [Anima] gen art issue 7: serial-number in vou… Kent Watsen
- [Anima] a multiplicity of pinned certificates Michael Richardson
- Re: [Anima] security review issue 11: what if MAS… Brian E Carpenter
- Re: [Anima] [Gen-art] dealing with many the secdi… Michael Richardson
- Re: [Anima] [Gen-art] dealing with many the secdi… Brian E Carpenter
- Re: [Anima] [Gen-art] dealing with many the secdi… Michael Richardson
- Re: [Anima] a multiplicity of pinned certificates Kent Watsen