On Tue, Jul 17, 2018 at 12:49:35AM -0400, Michael Richardson wrote: > Toerless Eckert <t...@cs.fau.de> wrote: > > As you point out, we can never be sure that rogue domains are not > > simply accepting devices they do not own. But we can build secure > > Please explain how this works. > A Registrar that accepts a device that has an audit-only MASA is not > rogue. It's doing exactly the right thing.
You don't legally own such a pledge just because you claim it on a MASA, but doing so could easily be interpreted to be at least theft of service. > I think the problem is that some people think they are going to > sell $100K BFRs with audit-only policies? Bad Feeble Router ? ;-) > > the MASA should do more than just logging for every device, for > > example if the MASA supports both lightbulbs and core routers, it's > > clear that the MASA policies could be different. > > And given the ability to embed different URLs in the IDevID certificate, > I'd want to run two completely different MASA :-) And Trust Anchors. Epecially when you want to ve free to sell off individual product lines in a large company. Cheers Toerless > > And this "sales" integration could be simply that the MASA requires > > some simple identity for a domains registrar. E.g: verify some > > domains email, credit-card number, ... something easily > > automated and good enough to track back the bad guy with enough > > likelihood. > > -- > ] Never tell me the odds! | ipv6 mesh networks > [ > ] Michael Richardson, Sandelman Software Works | network architect > [ > ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails > [ > > _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima