Henk Birkholz <[email protected]> wrote: > If there is interest in this application of a source for freshness, we > can certainly make that happen.
> And while we are at it: If ANIMA has any requirements on potential
> payloads of an epoch marker, please say so :-)
So while I know exactly what I want to do for initial onboarding within
BRSKI, which is very clearly background check, I'm unclear what to do for
*ACP* uses for continuous verification that the device hasn't gone bad.
The IoT case, particularly the Home IoT case, is similar, but different in
subtle ways. For instance, it's not crazy to *me* to do a soft reboot of
your lightbulbs once a day (without touching the hardware registers that
control the state of the bulb), in order to get a fresh measured boot value.
In addition to being good for attestation, it also gives one a "hitless" way
to do regular firmware updates without annoying anyone.
But, for routing equipment, I'm not so sure.
This is a place where I think that Eric Voit has a much better handle on how
we produce evidence that is fresh.. Would you want to use the "hitless"
facilities which now seem ubiquitous from the major manufacturers?
(I first saw this from Brocade in 2010, but I never saw it actually work)
In either case, this is where the Epoch ID comes into play to me.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
