[Last-Call] Re: Secdir last call review of draft-ietf-asdf-sdf-18

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Magnus Nyström via Datatracker <noreply@xxxxxxxx> wrote:
    > - The Security Considerations section mentions the possible need for
    > confidentiality of an SDF model ("There may be confidentiality requirements on
    > SDF models, both on their content and on the fact that a specific model is used
    > in a particular Thing or environment"). Couldn't there also be a need for
    > integrity/authenticity of a given SDF model? The document is silent on this. -
    > Related to the previous point, was it ever discussed to allow for an integrity
    > or authenticity value accompanying or being part of an SDFThing instance?

For this document, the SDF models are generally used on a IoT gateway
*developers* desktop.  The model goes into some kind of code generator that
creates code that is deployed in the gateway's firmware.

So, _provence_ is the right word: the developer needs to pay attention to
where they downloaded these models from.

At present we *do not* expect SDF models to be used at runtime on a gateway
in a dynamic way.  So issues if integrity of the model are not so important.

Having said this; some of the work that the recharter anticipates *might* go
to a more dynamic model, but that's still future work.

--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide




Attachment: signature.asc
Description: PGP signature

-- 
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux