mcr
commented
1 year ago Wontfix to be confirmed by group. @dthaler @henkbirkholz @William-PanWei
Open mcr opened 1 year ago
mcr
commented
1 year ago Wontfix to be confirmed by group. @dthaler @henkbirkholz @William-PanWei
dthaler
commented
1 year ago I agree with wontfix but this example came from someone else who may feel more strongly.
henkbirkholz
commented
1 year ago removing the chassis example would be an issue to various contributors, I think. In principle that would not stop us to add a mobile phone example. Are these issues coupled?
ericvoit
commented
1 year ago I really like the Chassis example. It is a real concern for routers as someone can open the backplane and intercept/snoop/etc. intra-device communications.
mcr
commented
1 year ago The suggestion about replacing the chassis example was not well taken to me. I did not see any support for it, and my impression is that the AD did not agree with the reviewer comments.
While it is true that the chassis backplane might be proprietary, and one might think that it's not needing standardization, because the (signed) Evidence is actually being collected and transmitted off-machine to a Verifier, we do need standardization.
And your point that the chassis can be a significant point of attack, particularly if such an attack allows the owner to violate the system licenses.
As per discussion at: https://mailarchive.ietf.org/arch/msg/rats/REAexJRlAPnRCofS--8r8Zhcxgo/ consider replacing the chassis example with an a mobile example.