some additional explanation of why bearer vouchers are out of scope

anima-wg · Oct 4, 2024 · d56c5b6 · d56c5b6
1 parent a52f705
commit d56c5b6
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/draft-ietf-anima-rfc8366bis.md b/draft-ietf-anima-rfc8366bis.md
@@ -310,7 +310,7 @@ Owner Audit  |  X   |   X     | X          |               | X   | X     |
 |--
 Owner ID     |      |   X     | X          |  X            | X   |       |
 |--
-Bearer out-of-scope| X|       |   wildcard | wildcard      | optional|opt|
+Bearer voucher| X|       |   wildcard | wildcard      | optional|opt|
 |==
 
 NOTE: All voucher types include a 'pledge ID serial-number'
@@ -350,9 +350,13 @@ Bearer Voucher:
   wildcard. Because the registrar identity is not indicated, this
   voucher type must be treated as a secret and protected from exposure
   as any 'bearer' of the voucher can claim the pledge
-  device. Publishing a nonceless bearer voucher effectively turns the
+  device.  This variation is included in the above description in order to clearly
+  how other voucher types differ.
+  This specification does not support bearer vouchers at this time.
+  There are other specifications in the industry which are equivalent though.
+  Publishing a nonceless bearer voucher effectively turns the
   specified pledge into a "TOFU" device with minimal mitigation
-  against MiTM registrars. Bearer vouchers are out of scope.
+  against MiTM registrars. Bearer vouchers are therefore out of scope.
 
 # Changes since RFC8366