On Wed, Oct 12, 2016 at 4:46 PM, Martin Thomson <m...@mozilla.com> wrote:
> On Thu, Oct 13, 2016 at 6:21 AM, Benjamin Francis <bfran...@mozilla.com> 
> wrote:
>> Much more compelling is the member submission from EVRYTHNG which also forms
>> the basis of the book, Building the Web of Things.
> Yes, that is a much clearer articulation of a vision.  It starts going
> off the rails in a few places as it gets into specifics (MUST support
> all the basic HTTP verbs, WTF), but it is *much* more concrete.  I
> still don't know how to bridge the gap completely, particularly when
> it comes to things like identification and - dare I say it -
> discovery, but you can see a potential way forward at least.

Off the rails in a few places is being generous I think, but it's not
worth picking it apart with more specifics.

The one thing I will point out is the only mentions of "security" in
that member submission is some hand-waving about "just use HTTPS" and
then "may use other mechanisms" (paraphrasings).

Security is the number one problem for anything "ot" (iot, wot,
wotever), not just to the devices themselves, but frankly, to the web
and internet as a whole due to their potential deployment in numbers
that dwarf the number of existing devices. To not have that addressed
front and center IMO means they don't know what they're doing.

If you haven't been keeping up with KrebsOnSecurity in the past month,
I'll just reference these two for why:


This entire industry area is fraught, and borderline being
irresponsibly developed, marketed, and deployed.

If you find anyone who claims to be successfully developing and
deploying secure IoT/WoT "devices" or "solutions", I'll leave you with
this (so far unanswered AFAIK) challenge:

All that being said, I think we should non-formally object to the
Proposed W3C Charter: Web of Things Working Group with reasons of:
* insufficient incubation of security aspects
* overall risk (greatly increased vulnerability) to the web/internet as a whole
being the reasons (with above citations).

dev-platform mailing list

Reply via email to