I have been doing a lot of work on DNS Handles and have come to the surprising conclusion that a handle is not the same as an address
The concept of the DNS is that it is an infrastructure that resolves names to services or hosts. The DNS name is the persistent identifier. Handles subvert this, the DNS name is merely an aide memoire for a public key. Once the name has been traded in for the public key, we don't need the name any more, the key is authoritative. This may sound pedantic, because it is. But that is kind of what standards are all about. What this means in practice is a somewhat different approach to how DANE/DANCE credentials might be used in an IoT environment. Let us say @alice.example.com authorizes @bob.example.com to program her thermostat while he is a house guest. This means the thermostat gets a message 'add @bob.example.com to the list of authorized users' and that is the point that the thermostat fetches the TLSA record to get Bob's private root of trust. The Bob that is added is the Bob whose root was advertised at the moment the authorization was issued. The device doesn't care about subsequent changes of control of the handle. This approach solves the problem of offline access to the device, it doesn't matter if the thermostat has lost connection to the external network, it is the private root that counts. Alternatively, the authorization might be mediated by some local trust service in which case the translation happens when Bob is added in to the local trust service. Crossposting to DANE because the same consideration would apply to server certificates in an IoT device to device scenario.
_______________________________________________ dane mailing list -- [email protected] To unsubscribe send an email to [email protected]
