Eliot Lear <[email protected]> wrote: >> On 13 Jul 2019, at 17:10, Michael Richardson <[email protected]> >> wrote: >> >> Signed PGP part >> >> Eliot Lear <[email protected]> wrote: >>> I think the simplest way to address the bulk of both Adam’s and >>> Warren’s concern is to require the device to emit via whatever >>> management interface exists, upon request, a voucher that it has >>> signed with its own iDevID. It would have to be nonceless with >>> perhaps a long expiry, and that would cover a number of other use >>> cases as well. That way if the manufacturer goes out of business, or >>> if the owner wants to transfer the device without manufacturer >>> consent, there is a way forward. >> >> 1) would it have a pinned-domain-cert for the new owner, or would it >> be some kind of wildcard/bearer voucher?
> Again, I think this is a matter for the seller, and also a matter for
> the seller as to when the voucher is generated, so that it doesn’t need
> to lie around. I was also thinking that this would be the sort of
> thing that could be printed out, either in a QR or OCR form, if
> necessary.
But, the pledge has to be programmed to do the validation we describe.
>> 2) what would the management interface be, specifically, how would it
>> be secured?
> The reason I mentioned CIP and Profinet in a previous message is that
> once the device is bootstrapped, if it has a management interface, that
> is what should be used. Adding new services on a device is
> undesirable. This covers the case when the manufacturer becomes
> unavailable. However, it should be viewed as a backstop. See below.
I am completely unfamiliar with those protocols.
I would very much like to define a way to update voucher validation trust
anchors in that.
> Another way to look at this would be to for the manufacturer to ping
> the owner periodically to reconfirm ownership. If the owner fails to
> respond, allow another owner to transfer the device. Or… simply ping
> the owner when a transfer request is made. But these require that the
> MASA be present.
This is a good sales channel integration point, and might be a win-win for
many manufacturers and operators.
Why pay for support on devices that are no longer used?
Why generate security patches for devices no longer used?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
