From d56c5b6218f268155ee72e01373b84e77af71237 Mon Sep 17 00:00:00 2001
From: Michael Richardson <mcr+ietf@sandelman.ca>
Date: Fri, 4 Oct 2024 12:21:47 -0400
Subject: [PATCH] some additional explanation of why bearer vouchers are out of
 scope

---
 draft-ietf-anima-rfc8366bis.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/draft-ietf-anima-rfc8366bis.md b/draft-ietf-anima-rfc8366bis.md
index 090f87c..38727d0 100644
--- a/draft-ietf-anima-rfc8366bis.md
+++ b/draft-ietf-anima-rfc8366bis.md
@@ -310,7 +310,7 @@ Owner Audit  |  X   |   X     | X          |               | X   | X     |
 |--
 Owner ID     |      |   X     | X          |  X            | X   |       |
 |--
-Bearer out-of-scope| X|       |   wildcard | wildcard      | optional|opt|
+Bearer voucher| X|       |   wildcard | wildcard      | optional|opt|
 |==
 
 NOTE: All voucher types include a 'pledge ID serial-number'
@@ -350,9 +350,13 @@ Bearer Voucher:
   wildcard. Because the registrar identity is not indicated, this
   voucher type must be treated as a secret and protected from exposure
   as any 'bearer' of the voucher can claim the pledge
-  device. Publishing a nonceless bearer voucher effectively turns the
+  device.  This variation is included in the above description in order to clearly
+  how other voucher types differ.
+  This specification does not support bearer vouchers at this time.
+  There are other specifications in the industry which are equivalent though.
+  Publishing a nonceless bearer voucher effectively turns the
   specified pledge into a "TOFU" device with minimal mitigation
-  against MiTM registrars. Bearer vouchers are out of scope.
+  against MiTM registrars. Bearer vouchers are therefore out of scope.
 
 # Changes since RFC8366