Hi Michael,
When a device is purchased in real world, usually an invoice is issued
in the name of the purchaser with stamp of vendor/manufacturer.
I propose that similarly, a digital invoice can be issued which will
contain the public key(s) of the <domain owner(s)/JRC(s)> and digitally
signed by the manufacturer. The digital invoice may be embedded in the
pledge along with the IDevID.
When a pledge starts the registration process, it will present the
digital invoice along with IDevID. The JRC can verify the digital signature
of the manufacturer on the digital invoice and sent a signed note of
acceptance to the pledge. The pledge can verify the signed note using the
public key(s) mentioned in the digital invoice, thereby verifying its true
owner.
This process with eliminate all the communication overhead with MASA and
multiple level verification (voucher request, voucher, telemetry etc at
JRC/MASA/Pledge).
>From security point of view: Given that the digital invoice is digitally
signed by manufacturer, the public key of domain owner embedded in the
digital invoice can't be changed, otherwise verification of digital
signature of manufacturer at JRC end will fail.
Requesting you to give your comments as it will simplify the protocol.
P.S.: As you had earlier mentioned "On resale, the device should be put
through a factory reset to clear things. The MASA will have to be willing
to issue a new voucher to the new domain owner."; here also, manufacturer
may issue a new digital invoice in case of resale.
Regards,
Anoop Kumar Pandey
-------------------------------------------------------------------------------------------------------------------------------
[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]
This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.
-------------------------------------------------------------------------------------------------------------------------------
_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
