Based upon discussion last week about synchronizing the voucher document with the BRSKI MASA protocol the following clarification was made to the voucher document as part of the WGLC:
- signed using a PKCS#7 structure. The voucher artifact is generated
by
- the pledge's manufacture or delegate (i.e. the MASA).</t>
+ signed using a PKCS#7 structure. The voucher artifact is normally
generated by
+ the pledge's manufacture or delegate (i.e. the Manufacturer
Authorized Signing
+ Authority). A voucher artifact could be signed by a non-MASA and be
compliant
+ to the specified artifact format described in this document. The
appropriate
+ use and trust of such vouchers is out-of-scope of this document.
+ </t>
<t>This document only defines the voucher artifact, leaving it to
other
documents to describe specialized protocols for accessing it.</t>
@@ -75,7 +79,8 @@
<t>This document defines a strategy to securely assign a pledge to an
owner,
using an artifact signed, directly or indirectly, by the pledge's
manufacturer
- or delegate (i.e. the MASA). This artifact is known as the
voucher.</t>
+ or delegate, i.e. the Manufacturer Authorized Signing
+ Authority (MASA). This artifact is known as the voucher.</t>
<t>The voucher artifact is a JSON document, conforming to a data model
described by YANG <xref target="RFC7950"/>, that has been signed
using
@@ -265,7 +270,7 @@ NOTE: All voucher types include a 'Pledge ID serial number'
<section title="Voucher" anchor="voucher">
- <t>The voucher's purpose is to securely assign a pledge to an owner.
+ <t>The voucher's primary purpose is to securely assign a pledge to an
owner.
The voucher informs the pledge which entity it should consider to be
its owner.</t>
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
