To add to your text Max Pritikin \(pritikin\) <[email protected]> wrote: > Pulling from the YANG module description in s5.3 of RFC8366
> This leaf is "Optional since some serial-numbers are already unique
> within the scope of a MASA” because, within the scope of a manufacturer
> authorized signing authority that is truly provided by the manufacturer
> one could reasonably expect the serial number to be unique. I mean,
> what kind of manufacturer would sell multiple devices with the same
> serial number? They’d just be shooting themselves in the foot.
Yet, it happens!
I bought 50 USB ethernet adapters (for RFC8994 work) via ali-express.
They arrived with Mac address 00:00:00:00:00:00 to 00:00:00:00:00:32.
Took me awhile to notice...
> So the use case here is for a MASA servicing devices that might
> plausibly have the same serial number; where "the statistically unique
> key identifier ensures statistically unique identification of the
> hardware”. This could obviously occur if a manufacture was, shudder,
> re-using serial numbers. It is more likely to occur when the MASA is a
> service authorized by the manufacturer that also handles multiple
> manufacturers.
To need idevid-issuer one needs to have two things occur:
1) different sets of devices (such as from different branches), which share
the same MASA Trust anchor.
(if they have different MASA trust anchors, then no problem)
2) have overlapping serial-numbers.
The most obvious situation is mergers. The MASA get merged.
Another situation is different branches, where one branch deployes a MASA,
and the other branch, which has been doing IDevID for awhile, realizes that
they can jump on board.
I guess that we need to make sure that we have some examples with
idevid-issuer so that we can test all code paths.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
