On 02/11/2016 03:52, Philip Homburg wrote: ... > Which brings me to the following: given that all code has security issues, > maybe devices should check for updates and just shutdown if they can't > verify that they are running the latest firmware?
That sounds absolutely dreadful for disaster recovery scenarios where the Internet is badly broken (after a hurricane, earthquake, etc.) and people need to restart essential systems (or they need to restart themselves). > So the device should have the vendor's long term TLS certicate. With possibly > an option for the user to disable this kind of security if the device is > not actually connected to the internet. No, during disaster recovery the last thing you need is for ordinary people to be faced with strange security alerts that they've never seen before. (It's rather like advising people to go into the BIOS to change an option while the fire alarm is ringing.) Things need to just work during disaster recovery. Brian _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet