Toerless Eckert <[email protected]> wrote: > As you point out, we can never be sure that rogue domains are not > simply accepting devices they do not own. But we can build secure
Please explain how this works.
A Registrar that accepts a device that has an audit-only MASA is not
rogue. It's doing exactly the right thing.
I think the problem is that some people think they are going to
sell $100K BFRs with audit-only policies?
> the MASA should do more than just logging for every device, for
> example if the MASA supports both lightbulbs and core routers, it's
> clear that the MASA policies could be different.
And given the ability to embed different URLs in the IDevID certificate,
I'd want to run two completely different MASA :-)
> And this "sales" integration could be simply that the MASA requires
> some simple identity for a domains registrar. E.g: verify some
> domains email, credit-card number, ... something easily
> automated and good enough to track back the bad guy with enough
> likelihood.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
