Hi Michael, When a device is purchased in real world, usually an invoice is issued in the name of the purchaser with stamp of vendor/manufacturer. I propose that similarly, a digital invoice can be issued which will contain the public key(s) of the <domain owner(s)/JRC(s)> and digitally signed by the manufacturer. The digital invoice may be embedded in the pledge along with the IDevID. When a pledge starts the registration process, it will present the digital invoice along with IDevID. The JRC can verify the digital signature of the manufacturer on the digital invoice and sent a signed note of acceptance to the pledge. The pledge can verify the signed note using the public key(s) mentioned in the digital invoice, thereby verifying its true owner.
This process with eliminate all the communication overhead with MASA and multiple level verification (voucher request, voucher, telemetry etc at JRC/MASA/Pledge). >From security point of view: Given that the digital invoice is digitally signed by manufacturer, the public key of domain owner embedded in the digital invoice can't be changed, otherwise verification of digital signature of manufacturer at JRC end will fail. Requesting you to give your comments as it will simplify the protocol. P.S.: As you had earlier mentioned "On resale, the device should be put through a factory reset to clear things. The MASA will have to be willing to issue a new voucher to the new domain owner."; here also, manufacturer may issue a new digital invoice in case of resale. Regards, Anoop Kumar Pandey ------------------------------------------------------------------------------------------------------------------------------- [ C-DAC is on Social-Media too. Kindly follow us at: Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ] This e-mail is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies and the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email is strictly prohibited and appropriate legal action will be taken. -------------------------------------------------------------------------------------------------------------------------------
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima