On 2018-10-01 07:52, Randy Bush wrote:
> christian,
>
> a stunning review as usual. but i have two questions which you kind of
> finessed. they are simple binary, i.e. yes/no, questions that the end
> user, to whom the IETF is ultimately responsible, really cares about.
>
> if the manufacturer's servers go down, either permanently or even for
> a day, does the device i have purchased still work? i.e. is it fail
> soft? [0]
It still works if and only if the registrar already holds its voucher.
There's a related question, which is: if the autonomic network is
air-gapped from the Internet, as is very likely in many sensitive
applications, does the whole mechanism work at all?
The answer is, as I understand it, yes, but with a variant. See option 3
in section 6.3. "Registrar security reductions", which explicitly covers
the case of obtaining vouchers in advance from the MASA.
The BRSKI authors regard this as less secure than relying on the MASA
in real time. You might have a different opinion, if you were operating
the air-gapped network. My personal opinion is that this will be a
widely used solution, whatever its security issues, because it avoids
MASA dependency.
> if the manufacturer's servers go down, either permanently or even for
> a day, can i give/sell the device i have purchased to a third, well
> fourth i guess, party, at my whim and seamlessly unencumbered?
There are two conditions for it to work as I understand:
1) The device ID is added to the list of devices acceptable to the
registrar in its new network.
AND
2) That registrar is able to contact the MASA.
Alternatively - see the previous point. If you had previously obtained
a voucher in advance, you could include it with the device. Just as
you might write the hard disk password on a yellow sticky when
selling a laptop in a garage sale.
Brian
>
> fwiw, i asked these same questions at the 2005 paris side meeting at
> l'ecole whatever hosted by mark. the blank stares i received alarmed
> me. the ietf is ultimately responsible to the users.
>
> thanks.
>
> randy
>
> --
>
> 0 - yes, i understand i may not be able to access it through the
> manufacturer's cloud. so you want to help look at tcpdumps of
> the manufacturer installed thermostat that does not talk to that
> mfgr on net that i am debugging this weekend? :(
>
> _______________________________________________
> Anima mailing list
> Anima@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/anima
>
