> > I'm fine with everything, i am just representing the fears i have from > > other IETF participants that do not like the MASA concept in the first > > place and fear side channels. Hence my suggestions to make this side > > channel as acceptable as feaible. > >My experience is that many assume "MASA" must be controlled by the factory in >a hostile foreign regime. I find that sad, and they want to use another term. >All sorts of side channels are possible; I agree that one might want to be >concerned, but ultimately, there are other methods to create them.
If the fear is side channels, then it makes sense to not only look at the voucher (YANG defined) data but also what can be carried in the envelope. (CMS, JOSE or COSE.) In the COSE case, there's a very rich set of header parameters defined which is also ever-evolving, with new entries being added to the registry. This provides opportunity to store "side channel" data that a Registrar checking the voucher-request and voucher would possibly not notice. E.g. one can include a "c5b" protected header attribute storing a new format for CBOR-encoded certs (C509), where the sidechannel data is hidden in a field inside the C509 certificate. A Registrar that doesn't know about C509 certificates would not be able to inspect/parse this and find the hidden data. And if the Registrar would block any voucher / voucher-request due to unrecognized fields, it would not be able to get any onboarding done! (So, an unhappy Registrar customer...) Esko _______________________________________________ Anima mailing list -- anima@ietf.org To unsubscribe send an email to anima-le...@ietf.org
