Kathleen Moriarty has entered the following ballot position for draft-ietf-opsawg-coman-use-cases-04: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: http://datatracker.ietf.org/doc/draft-ietf-opsawg-coman-use-cases/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thanks for your work on this draft, I just have some security stuff I'd like to discuss that should be easy to resolve as some text is provided. In section 4.5, it is critical to also include a statement on security in addition to privacy. Medical devices with network attachments could be used to kill someone. http://abcnews.go.com/Health/dick-cheneys-fear-heart-device-hacks-justified-experts/story?id=20633284 Suggest changing this text from: In both cases, however, it is crucial to protect the privacy of the people to which medical devices are attached. Even though the data collected by a heart beat monitor might be protected, the pure fact that someone carries such a device may need protection. As such, certain medical appliances may not want to participate in discovery and self-configuration protocols in order to remain invisible. To: In both cases, however, it is crucial to protect the safety and privacy of the people to which medical devices are attached. Security precautions to protect access (authentication, encryption, integrity protections, etc.) to such devices may be critical to protecting the safety of the individual. Even though the data collected by a heart beat monitor might be protected, the pure fact that someone carries such a device may need protection. As such, certain medical appliances may not want to participate in discovery and self-configuration protocols in order to remain invisible. General statement: Many of the other use case scenarios also have safety as a concern, requiring security protections (Confidentiality, Integrity, Availability). Sensors used to control environmental settings is another example where air regulation might include detection of harmful things in the air (carbon monoxide). I'm sure there are other safety concerns that motivate security protections in each of the use cases, it's not just privacy (which is important). What if a sensor was tampered with to report or not report something detected? That's not covered in the discussion on availability related problems in 4.6, but does represent another set of security considerations that could lead to safety issues. More text on access control considerations for NMS may help. _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
