You're right, I got this confused with another thread. Lee
On 11/4/16, 11:29 AM, "JORDI PALET MARTINEZ" <[email protected]> wrote: >I think we are talking about different issues here, the point is security >requirement to avoid the CPEs to be easily “controlled” for attacks … > >Regards, >Jordi > > >-----Mensaje original----- >De: homenet <[email protected]> en nombre de "Howard, Lee L" ><[email protected]> >Responder a: <[email protected]> >Fecha: viernes, 4 de noviembre de 2016, 15:42 >Para: JORDI PALET MARTINEZ <[email protected]>, Tim Chown ><[email protected]>, "[email protected]" <[email protected]> >CC: "[email protected]" <[email protected]>, Keith Moore ><[email protected]>, "[email protected]" <[email protected]> >Asunto: Re: [homenet] write up of time without clocks > > > > > > > On 11/4/16, 8:11 AM, "homenet on behalf of JORDI PALET MARTINEZ" > <[email protected] on behalf of [email protected]> wrote: > > >I guess the problem is that this document is NOT targeted to CPEs: > > > > In principle these requirements apply to all hosts that connect to > > the Internet, but this list of requirements is specifically > > targeted at devices that are constrained in their capabilities, > > more than general-purpose programmable hosts (PCs, servers, > > laptops, tablets, etc.), routers, middleboxes, etc. While this is > > a fuzzy boundary, it reflects the current understanding of IoT. A > > more detailed treatment of some of the constraints of IoT devices > > can be found in [RFC7228]. > > > >Not sure if we want a separate document, as it seems to me that the > requirements are very close or we may need to reword a bit the text above to > make it more clear, etc. > > We already have a separate document: https://tools.ietf.org/html/rfc7084 > "IPv6 CE Router Requirements" > > It says CPE router SHOULD support 6rd and SHOULD support DS-Lite. > > > Lee > > > > > >Also is BCP the way if we want authorities to mandate it? > > > >Saludos, > >Jordi > > > > > >-----Mensaje original----- > >De: homenet <[email protected]> en nombre de Tim Chown > <[email protected]> > >Responder a: <[email protected]> > >Fecha: viernes, 4 de noviembre de 2016, 12:43 > >Para: "[email protected]" <[email protected]> > >CC: "[email protected]" <[email protected]>, Keith Moore > <[email protected]>, "[email protected]" <[email protected]> > >Asunto: Re: [homenet] write up of time without clocks > > > > > > > > > > Hi, > > > > > > On 4 Nov 2016, at 08:34, JORDI PALET MARTINEZ > <[email protected]> wrote: > > > > Exactly. Same as we have regulations like UL, FCC, EC, etc., the same > certifications must care about a minimum set of security, upgradeability, > etc., features. > > > > So the extra cost for the vendors is almost cero if we are talking > about the same certifications entities, just new test added to the actual > sets. > > > > If you don’t comply the certification, your products will not be > accepted in customs from a very high number of countries, so you will be > somehow forced to follow them. > > > > The question here, is homenet the right venue for creating those > minimum requirements? > > > > > > > > > > > > > > Perhaps contribute to draft-moore-iot-security-bcp-00? > > > > > > See https://tools.ietf.org/html/draft-moore-iot-security-bcp-00 > > > > > > This was submitted at the Seoul deadline. Authors copied. > > > > > > Tim > > > > > > > > Regards, > > Jordi > > > > > > -----Mensaje original----- > > De: homenet <[email protected]> en nombre de "STARK, BARBARA > H" <[email protected]> > > Responder a: <[email protected]> > > Fecha: jueves, 3 de noviembre de 2016, 21:19 > > Para: Markus Stenberg <[email protected]>, Brian E Carpenter > <[email protected]> > > CC: Philip Homburg <[email protected]>, "[email protected]" > <[email protected]>, Juliusz Chroboczek > > <[email protected]> > > Asunto: Re: [homenet] write up of time without clocks > > > > > > Yes, I agree it's possible to do better, but what's the incentive for > > a bottom-feeding vendor of cheap devices to bother? > > > > > > > > I hate to say this, but how about legal solutions? > > > > > > > > My reading of the tea leaves: either the industry creates its own > certification plan, or the regulators will do it for us. > > Here is a data point: > > > https://www.euractiv.com/section/innovation-industry/news/commission-plans-cybersecurity-rules-for-internet-connected-machines/ > > In the US, both the FCC and FTC are showing keen interest. > > I'd rather the industry get there first. > > And, BTW, it's also been suggested that devices list their "end of > life" date when they're sold. After which no updates may be provided. And > remotely-triggered "kill switch" may be used if a bad vulnerability is > discovered after that date. > > > > Another recommendation is default passwords be unique per device, > and not easily determined from MAC address, firmware revision, etc., and be > changeable. > > > > That is, it's not just about upgradability. It is also passwords, > encryption, and messaging/promises/guarantees that are made. > > Just like cars now have seatbelts, front and side airbags, crumple > zones, and lemon laws. > > There are a number of industry whitepapers coming out on this > topic, and conferences/meetings being held. It's all the rage right now. > > > > > > Barbara > > _______________________________________________ > > homenet mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/homenet > > > > > > > > > > > > ********************************************** > > IPv4 is over > > Are you ready for the new Internet ? > > http://www.consulintel.es > > The IPv6 Company > > > > This electronic message contains information which may be privileged > or confidential. The information is intended to be for the use of the > individual(s) named above. If you are not the intended recipient be aware > that any disclosure, copying, distribution or > > use of the contents of this information, including attached files, > is prohibited. > > > > > > > > _______________________________________________ > > homenet mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/homenet > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > homenet mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/homenet > > > > > > > > > >********************************************** > >IPv4 is over > >Are you ready for the new Internet ? > >http://www.consulintel.es > >The IPv6 Company > > > >This electronic message contains information which may be privileged or > confidential. The information is intended to be for the use of the > individual(s) named above. If you are not the intended recipient be aware > that any disclosure, copying, distribution or use of the contents of this > information, including attached files, is prohibited. > > > > > > > >_______________________________________________ > >homenet mailing list > >[email protected] > >https://www.ietf.org/mailman/listinfo/homenet > _______________________________________________ > homenet mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/homenet > > > > >********************************************** >IPv4 is over >Are you ready for the new Internet ? >http://www.consulintel.es >The IPv6 Company > >This electronic message contains information which may be privileged or >confidential. The information is intended to be for the use of the >individual(s) named above. If you are not the intended recipient be aware that >any disclosure, copying, distribution or use of the contents of this >information, including attached files, is prohibited. > > > _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
