Ø  But I don't think we can tell endpoints that they are on their own unless 
they get the right hardware or they comply with the ACE-OAuth model, or DOXS.

[This is probably an issue unrelated to EST topic but worthwhile to talk about 

How do you expect companies to come up with reasonable IoT security?

Our (Arm) thinking was that working on building blocks that are then combined 
in complete IoT device management solutions (like LwM2M) and supplemented with 
security guidance that includes the implementation (software & hardware), as we 
do it with the Platform Security Architecture (see 
 is the only way to improve IoT security. If you just dump ideas and protocols 
with lots of options to OEMs and let them figure out the security story 
themselves then guess what the outcome will be.


IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you.
Ace mailing list

Reply via email to