Not saying otherwise. But we're talking about a threat model, not what the doc says.
On 7/26/16 6:28 PM, Somaraju Abhinav wrote: > Hi Eliot, > If you read the document, we introduce a scope in the AT-KDC and AT-R > token which specifies what resources are accessible via the knowledge > of the group key. The architecture ensures that the group key can only > be used for authorized resources. This allows us to only use the group > key to control light intensity resource and nothing else. Even on the > luminaire, the group key cannot be used to access other information > such as commissioning data. > > Abhinav > > > Sent from my Windows Phone > ------------------------------------------------------------------------ > From: Eliot Lear <mailto:[email protected]> > Sent: 26/07/2016 17:59 > To: Kathleen Moriarty <mailto:[email protected]>; > Kumar, Sandeep <mailto:[email protected]> > Cc: Somaraju Abhinav <mailto:[email protected]>; > [email protected] <mailto:[email protected]>; Rene Struik > <mailto:[email protected]>; Michael StJohns > <mailto:[email protected]>; Stephen Farrell > <mailto:[email protected]> > Subject: Re: [Ace] Adoption of Low Latency Group Communication > Security Work in ACE > > Hi Kathleen, > > > On 7/26/16 4:52 PM, Kathleen Moriarty wrote: >> What is the bigger threat model? >> >> Lights turning on/off in large buildings could result in increased >> energy costs. >> Lights turning on/off could result in safety issues (they could be >> extreme). > > It's also a matter of changing colors, misappropriation of sensors, > and perhaps more important: expropriation of the lighting systems to > attack other systems. Thus the concern over transitory trust, > especially should these systems have multiple functions. > > Eliot > > ________________________________________________________ The contents > of this e-mail and any attachments are confidential to the intended > recipient. They may not be disclosed to or used by or copied in any > way by anyone other than the intended recipient. If this e-mail is > received in error, please immediately notify the sender and delete the > e-mail and attached documents. Please note that neither the sender nor > the sender's company accept any responsibility for viruses and it is > your responsibility to scan or otherwise check this e-mail and any > attachments.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
