>>Then why use ACME to begin with?
What I understand it was to make it easier for “newbies” to set up a device. So
the device can automatically do “inclusion” of itself once it connects to a
network.
I see no security problems with allowing longer certificates, since the
certificates are only locally used, and hard-restricted to the particular
network that uses the certificate.
For certificates on the internet, its important with short lifetimes,
revocation and such, since there unauthorized people can get on board. For
local networks this isn’t a risk.
A non-revoked certificate is only a risk if a
malicious actor gets its hand on a device after It changed owner, what my
suggestion of mandatory reset if it is not connected, or connected to a
network the device doesn’t recongnize based on certificate AND a new user is
paired through a method that doesn’t require cooperation by a already
paired user/device.
These 2 circumstances together is clear evidence that the device itself is not
being owned by the same user anymore, thus it should erase any keys and
certificates for security, both so the new user cannot act maliciously against
the old user, AND so the old user cannot act maliciously against the new user.
Best regards, Sebastian Nielsen
_______________________________________________
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
