Fries, Steffen <[email protected]> wrote: > Hi Esko > What irritates me is the statement in the YANG definition of RFC 8366bis: > "Indicates that the voucher has been issued after
okay, so let's do better text.
> Therefore the question for me is not quite answered, if the MASA gets a
> PVR with a nonce and is able to verify proximity, but does not know the
> customer domain, he could provide both values, "proximity" as he could
> verify that the pledge was in direct contact with the registrar and
> "logged" because he does not know the customer domain (maybe I'm
> relating to much in the "trust-on-first-use" statement in the YANG
> description, which I understand as trust-on-first-use for the MASA when
> seeing a PVR from an unknown domain.
I think that I'd pick proximity.
Some manufacturers and some device classes are reasonable for TOFU, some are
not.
In between full supply chain integration would be some kind of
Trust-on-First-Customer.
In that case, the customer domain has to be a known *customer*, but which
device they get is TOFU.
It would be good to come up with words to explain this.
If you think it should be reflected in the new/additional voucher types, I'm
certain open to that idea.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list -- [email protected] To unsubscribe send an email to [email protected]
