On Tue, Jul 17, 2018 at 12:49:35AM -0400, Michael Richardson wrote:
> Toerless Eckert <t...@cs.fau.de> wrote:
> > As you point out, we can never be sure that rogue domains are not
> > simply accepting devices they do not own. But we can build secure
>
> Please explain how this works.
> A Registrar that accepts a device that has an audit-only MASA is not
> rogue. It's doing exactly the right thing.
You don't legally own such a pledge just because you claim it on a MASA,
but doing so could easily be interpreted to be at least theft of service.
> I think the problem is that some people think they are going to
> sell $100K BFRs with audit-only policies?
Bad Feeble Router ? ;-)
> > the MASA should do more than just logging for every device, for
> > example if the MASA supports both lightbulbs and core routers, it's
> > clear that the MASA policies could be different.
>
> And given the ability to embed different URLs in the IDevID certificate,
> I'd want to run two completely different MASA :-)
And Trust Anchors. Epecially when you want to ve free to sell off
individual product lines in a large company.
Cheers
Toerless
> > And this "sales" integration could be simply that the MASA requires
> > some simple identity for a domains registrar. E.g: verify some
> > domains email, credit-card number, ... something easily
> > automated and good enough to track back the bad guy with enough
> > likelihood.
>
> --
> ] Never tell me the odds! | ipv6 mesh networks
> [
> ] Michael Richardson, Sandelman Software Works | network architect
> [
> ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails
> [
>
>
_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
