Brian E Carpenter <[email protected]> wrote: > I'm still gnawing on my original bone: if I was running a highly > secure, personnel-safety-critical network, like the particle > accelerator control network I used to run for a living, I *would not* > allow it to rely on masa.vendor.com, and it would be physically > impossible to do so because there would be no physical link anyway. I > would get my vouchers some other way. This is not light bulbs either.
So possibilities that I see:
1) you run a half-mind Registrar that is on the secure side of your air-gap,
and it has
a USB interface (or 9-track tape drive... statscan.gc.ca used to run
unidirectional UUCP over 9-track tapes walked across the machine room
air-gap)
on which it can place voucher requests, and receive vouchers from
other-half-mind Registrar.
This lets you use nonced vouchers, potentially with expiry dates.
Maybe very long expiry dates. Or maybe your personnel-safety-critical
equipment has a best-before date, and so it's acceptable for you to have
vouchers only until that date.
Also recall that we permit the Registrar to ask for, and get, voucher
renewals at any time, so the connected ("other-half-mind") Registrar could
always keep a live set of vouchers.
2) you use NETCONF's mechanism with vouchers that you obtain another way, and
you place them on USB key/CDROM/QR-code.
3) you continue to configure such a network with craft-serial console,
initiating the EST connection via some other credential.
> I believe this can be fixed by clearer scoping of the document, and by
> renaming the "lower security" section as "alternative trust models" or
> something.
I accept that the document could have better text here.
At one point we discussed an operational considerations document.
Is that really what you are asking for?
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
