Kent Watsen <[email protected]> wrote: >> But, more interestingly, it can be used to update the trust anchors, to >> enable a resale/transfer of ownership!
> I think I see a smiley-face here too ;)
Sadly, no.
> But, seriously, no. It's expected that decommissioning will returned a
> device back to its factory default state. No manufacturer will agree
> that it is anything other than the state of the device when it was
> manufactured. Anything other than that could be leveraged to mount an
> attack. Change in ownership-assignment needs to occur through some
> other means, of which there are many but, in the end, if the 2nd-owner
> cares about the security (not just the convenience) of bootstrapping,
> then they are strongly advised to purchase never before used
> equipment.
This is indeed the tussle the BRSKI document has been dealing with
in its IESG review. If we can't change the trust anchors used to verify
the voucher, then how can the device be onboarded after the MASA
has gone away?
I don't understand how RFC8572 slipped through the IESG without resolving this.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
