Re: [Anima] Secdir last call review of draft-ietf-anima-bootstrapping-keyinfra-16

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Randy

On 02.10.18 13:21, Randy Bush wrote:
>>> when i sell the lightb^Hrouter to mary, of course i reset to factory
>>> settings.
>> Great.  Mary can register the device with light^hrouter manufacturer
>> and life goes on.
> iff the manufacturer still exists and the manufacture is willing.
>
> you and others seem to be missing that there is a major right of
> ownership war going on out here in the real world.
>
>

I think we've lost sight of what we're talking about.  We're talking
about a completely automated method for a local trust anchor to be
installed on a device, and a kick to EST for the device to receive a
local credential.  For that to happen there needs to be a trusted
introduction, and the device manufacturer or its agent is in the best
position to do that.

There are many ways for a manufacturer to lock a device to a deployment
without this, just one example being a software license that gets erased
on device reset (remember?  you said you were going to perform a device
reset).  I'd suggest that we not get wrapped around the axle over the
ownership war. 

I would be more concerned about what happens if the manufacturer goes
out of business.  I think that's a bigger deal, but can I ask that we
also consider that problem with some more experience under our belts?  I
could easily envision a few solutions, but better would be to face down
the problem with some more code and deployment.  BTW, manufacturer going
out of business also means no more {bug fixes, security patches, h/w
support, etc}, and so zooming in and just dealing with this may be
suboptimal.

Eliot



Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux