On Wed, Oct 12, 2016 at 4:46 PM, Martin Thomson <m...@mozilla.com> wrote: > On Thu, Oct 13, 2016 at 6:21 AM, Benjamin Francis <bfran...@mozilla.com> > wrote: >> Much more compelling is the member submission from EVRYTHNG which also forms >> the basis of the book, Building the Web of Things. > > Yes, that is a much clearer articulation of a vision. It starts going > off the rails in a few places as it gets into specifics (MUST support > all the basic HTTP verbs, WTF), but it is *much* more concrete. I > still don't know how to bridge the gap completely, particularly when > it comes to things like identification and - dare I say it - > discovery, but you can see a potential way forward at least.
Off the rails in a few places is being generous I think, but it's not worth picking it apart with more specifics. The one thing I will point out is the only mentions of "security" in that member submission is some hand-waving about "just use HTTPS" and then "may use other mechanisms" (paraphrasings). Security is the number one problem for anything "ot" (iot, wot, wotever), not just to the devices themselves, but frankly, to the web and internet as a whole due to their potential deployment in numbers that dwarf the number of existing devices. To not have that addressed front and center IMO means they don't know what they're doing. If you haven't been keeping up with KrebsOnSecurity in the past month, I'll just reference these two for why: https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/ https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/ This entire industry area is fraught, and borderline being irresponsibly developed, marketed, and deployed. If you find anyone who claims to be successfully developing and deploying secure IoT/WoT "devices" or "solutions", I'll leave you with this (so far unanswered AFAIK) challenge: http://tantek.com/2015/252/t1/wot-iot-security-expert-post-ip-appliances All that being said, I think we should non-formally object to the Proposed W3C Charter: Web of Things Working Group with reasons of: * insufficient incubation of security aspects * overall risk (greatly increased vulnerability) to the web/internet as a whole being the reasons (with above citations). Tantek _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
