On Mon, Jul 16, 2018 at 08:01:23PM +0000, Owen Friel (ofriel) wrote:
[ofriel] Are we making the assumption that all networks are well behaved and a
Registrar will actually reject devices it does not explicitly own? What about a
rogue network where the operator does not own the connecting devices but the
registrar accepts them anyway? That is the issue here.
I think Brians comment was abouut fixing BRSKI to re-include
text we lost in rev -08. The details of that text are not too
relevant except IMHO giving some examples, as it did in -07.
For the benefit of BRSKI becoming RFC, i would like to really
only ask the minimum necessary to fix this piece, but not draw it into the
larger discussion here related to your draft.
As you point out, we can never be sure that rogue domains are not
simply accepting devices they do not own. But we can build secure
pledges by making MASA more secure and not hand out vouchers without
more than the minimum necessary logging. That is not saying that
the MASA should do more than just logging for every device, for
example if the MASA supports both lightbulbs and core routers, it's
clear that the MASA policies could be different.
And this "sales" integration could be simply that the MASA requires
some simple identity for a domains registrar. E.g: verify some
domains email, credit-card number, ... something easily
automated and good enough to track back the bad guy with enough
likelihood.
Cheers
Toerless
_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
