Goals
The Misbehavior Authority (MA) is an intrinsically central SCMS component that performs multiple functions to manage risk in the SCMS like receiving misbehavior reports from EEs, investigating potential misbehavior, and blacklisting or revoking components. As a central component, there will only be one MA instance.
The figure shows that the MA receives requests from one or more RAs and it sends out requests to PCAs, pairs of LAs, and the CRLG.
EEs must encrypt misbehavior reports to be sent to the MA. Therefore, all EEs will need the current MA certificate, which they obtain during enrollment from the DCM or during operation from their assigned RA.
Procedure
Components that communicate with an added MA must be properly configured.
End States
After completing this use case, the MA will be configured with the following values:
| MA Value | Notes |
|---|---|
| List of RA TLS certificates | The MA must maintain a list of TLS certificates for all RA's that will forward misbehavior reports on behalf of EEs. |
| List of PCA FQDN and TLS certificates | The MA must maintain a list of all PCA network addresses and TLS certificates. |
| List of LA FQDN and TLS certificates | The MA must maintain a list of all LA's and their TLS certificates. |
| CRLG FQDN and TLS certificate | The MA must be able to send revocation requests to the CRLG. |
After completing this use case, RAs will be configured with the following values:
| RA Value | Notes |
|---|---|
| MA FQDN and TLS certificate | Each RA must be able to establish a secure connection to the MA. |
| MA's SCMS certificate | Each RA must provide MA's certificate to its EEs. |
After completing this use case, DCMs will be configured with the following values:
| DCM Value | Notes |
|---|---|
| MA's SCMS certificate | Each DCM must provide the current MA's certificate to EEs during enrollment. |
All RAs, PCAs, LAs, and the CRLG will need a copy of the new MA's TLS certificate so that they can establish secure communication. These components can learn the MA's SCMS certificate by validating any signed message from the MA and chaining it up to the SCMS root certificate (which they already have).
Attachments:
Add_MA (application/drawio)
add_MA_diagram (application/drawio)
add_MA_diagram.png (image/png)
add_MA_diagram.png (image/png)
add_MA_diagram (application/drawio)