On Mon, Jul 16, 2018 at 08:01:23PM +0000, Owen Friel (ofriel) wrote: [ofriel] Are we making the assumption that all networks are well behaved and a Registrar will actually reject devices it does not explicitly own? What about a rogue network where the operator does not own the connecting devices but the registrar accepts them anyway? That is the issue here.
I think Brians comment was abouut fixing BRSKI to re-include text we lost in rev -08. The details of that text are not too relevant except IMHO giving some examples, as it did in -07. For the benefit of BRSKI becoming RFC, i would like to really only ask the minimum necessary to fix this piece, but not draw it into the larger discussion here related to your draft. As you point out, we can never be sure that rogue domains are not simply accepting devices they do not own. But we can build secure pledges by making MASA more secure and not hand out vouchers without more than the minimum necessary logging. That is not saying that the MASA should do more than just logging for every device, for example if the MASA supports both lightbulbs and core routers, it's clear that the MASA policies could be different. And this "sales" integration could be simply that the MASA requires some simple identity for a domains registrar. E.g: verify some domains email, credit-card number, ... something easily automated and good enough to track back the bad guy with enough likelihood. Cheers Toerless _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima