On 02/11/2016 03:52, Philip Homburg wrote:
...
> Which brings me to the following: given that all code has security issues,
> maybe devices should check for updates and just shutdown if they can't
> verify that they are running the latest firmware?
That sounds absolutely dreadful for disaster recovery scenarios where
the Internet is badly broken (after a hurricane, earthquake, etc.)
and people need to restart essential systems (or they need to restart
themselves).
> So the device should have the vendor's long term TLS certicate. With possibly
> an option for the user to disable this kind of security if the device is
> not actually connected to the internet.
No, during disaster recovery the last thing you need is for ordinary people
to be faced with strange security alerts that they've never seen before.
(It's rather like advising people to go into the BIOS to change an option
while the fire alarm is ringing.)
Things need to just work during disaster recovery.
Brian
_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet
