Randy On 02.10.18 13:21, Randy Bush wrote: >>> when i sell the lightb^Hrouter to mary, of course i reset to factory >>> settings. >> Great. Mary can register the device with light^hrouter manufacturer >> and life goes on. > iff the manufacturer still exists and the manufacture is willing. > > you and others seem to be missing that there is a major right of > ownership war going on out here in the real world. > > I think we've lost sight of what we're talking about. We're talking about a completely automated method for a local trust anchor to be installed on a device, and a kick to EST for the device to receive a local credential. For that to happen there needs to be a trusted introduction, and the device manufacturer or its agent is in the best position to do that. There are many ways for a manufacturer to lock a device to a deployment without this, just one example being a software license that gets erased on device reset (remember? you said you were going to perform a device reset). I'd suggest that we not get wrapped around the axle over the ownership war. I would be more concerned about what happens if the manufacturer goes out of business. I think that's a bigger deal, but can I ask that we also consider that problem with some more experience under our belts? I could easily envision a few solutions, but better would be to face down the problem with some more code and deployment. BTW, manufacturer going out of business also means no more {bug fixes, security patches, h/w support, etc}, and so zooming in and just dealing with this may be suboptimal. Eliot
Attachment:
signature.asc
Description: OpenPGP digital signature