Randy
On 02.10.18 13:21, Randy Bush wrote:
>>> when i sell the lightb^Hrouter to mary, of course i reset to factory
>>> settings.
>> Great. Mary can register the device with light^hrouter manufacturer
>> and life goes on.
> iff the manufacturer still exists and the manufacture is willing.
>
> you and others seem to be missing that there is a major right of
> ownership war going on out here in the real world.
>
>
I think we've lost sight of what we're talking about. We're talking
about a completely automated method for a local trust anchor to be
installed on a device, and a kick to EST for the device to receive a
local credential. For that to happen there needs to be a trusted
introduction, and the device manufacturer or its agent is in the best
position to do that.
There are many ways for a manufacturer to lock a device to a deployment
without this, just one example being a software license that gets erased
on device reset (remember? you said you were going to perform a device
reset). I'd suggest that we not get wrapped around the axle over the
ownership war.
I would be more concerned about what happens if the manufacturer goes
out of business. I think that's a bigger deal, but can I ask that we
also consider that problem with some more experience under our belts? I
could easily envision a few solutions, but better would be to face down
the problem with some more code and deployment. BTW, manufacturer going
out of business also means no more {bug fixes, security patches, h/w
support, etc}, and so zooming in and just dealing with this may be
suboptimal.
Eliot
Attachment:
signature.asc
Description: OpenPGP digital signature
