siethower
commented
2 years ago Some modifications:
Nonceless voucher may be part of the sales channel integration. The registrar-agent may submit a nonceless voucher directly to the pledge and only trigger the PER. This approach would not require online MASA.
Proposal: A nonceless voucher may be accepted as in BRSKI, may be allowed by a manufactures pledge implementation. It requires to perform the validation that the pledge is connected to an authorized registrar-agent by other means, as the registrar would be able to verify it using the agent-signed-data in the PER.
stfries
(based on feedback from Esko)
Nonceless voucher may be part of the sales channel integration. The registrar-agent can submit the voucher response directly to the pledge and only trigger the pledge-enrollment-request. This approach would avoid an online MASA.
Proposal: A nonceless voucher may be accepted, if no pledge-voucher-request was generated (pledge has to keep state). This approach may be allowed by a vendor. It requires to perform the validation that the pledge is connected to an authorized registrar-agent by other means, as the registrar would be able to verify it using the agent-signed-data in the pledge-voucher-request.