Hi Michael, > -----Original Message----- > From: Michael Richardson <mcr+i...@sandelman.ca> > Sent: Monday, September 2, 2024 2:36 AM > > Logged and verified relates to actions which can be performed on the > > MASA side related to ownership verification, while proximity and > > agent-proximity provide information about the onboarding situation n > > the deployment domain. > > Nonce-less vouchers would be logged, for instance. [stf] correct, based on the definition of "logged": "Indicates that the voucher has been issued after minimal verification of ownership or control. The issuance has been logged for detection of potential security issues (e.g., recipients of vouchers might verify for themselves that unexpected vouchers are not in the log). This is similar to unsecured trust-on-first-use principles but with the logging providing a basis for detecting unexpected events."; this could also be a voucher containing a nonce but without supply chain integration.
> > > I was wondering if we address different assertions in one value based > > on the following use case: > > > * A pledge (product) is sold via a distributor. The MASA has no > > information about the final customer. > > * If the pledge is onboarded, it creates a Voucher-request asking for > > a proximity assertion > > * The registrar provides the registrar voucher request including the > > pledge voucher request to the MASA > > * Based on the contained information, the MASA can verify proximity, > > but still may not know the customer (domain). > > * The MASA could react with the assertion "proximity". But given that > > the MASA has no information about the end customer it may also react > > with "logged" > > That's correct. > I would always go for proximity if there is a voucher-request. > > > With this, are we addressing two different statements in one > > enumeration? Or did I misinterpret the enum? > > It may well be that in the ~10 years since we started, that the concepts have > drifted. Probably worth a re-think after a few years of real deployment. [stf] Yes, as seen for other approaches, adaptation likely will show additional points to cover. Agent-proximity is likely a good example. For the specific issue, we may think about having distinct statements that relate to a supply chain integration (verified, logged) and some other distinct statements, which relate to the interaction in the customer domain (proximity, agent-proximity). > > -- > Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > _______________________________________________ Anima mailing list -- anima@ietf.org To unsubscribe send an email to anima-le...@ietf.org
