Hi Michael! Apologies for the tardy reply.
> -----Original Message----- > From: Michael Richardson <mcr+i...@sandelman.ca> > Sent: Sunday, March 10, 2024 4:24 PM > To: Roman Danyliw <r...@cert.org> > Cc: The IESG <i...@ietf.org>; opsawg@ietf.org; opsawg-cha...@ietf.org; > m...@ietf.org; draft-ietf-opsawg-mud-iot-dns-considerati...@ietf.org > Subject: Re: [Mud] [OPSAWG] Roman Danyliw's Discuss on draft-ietf-opsawg- > mud-iot-dns-considerations-12: (with DISCUSS and COMMENT) > > > Roman Danyliw via Datatracker <nore...@ietf.org> wrote: > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > ** Section 7. > > The use of a publicly specified firmware update protocol would also > > enhance privacy of IoT devices. In such a system, the IoT device > > would never contact the manufacturer for version information or for > > firmware itself. > > > Why does the use of a “publicly specified firmware update protocol” > necessarily > > enhance privacy? Do all such protocols have the properties described in > the > > second sentence? > > answering this directly now. > I don't know, because, we, the IETF, have yet to specify one :-) (This is a > topic I > want to bring to SUIT when it recharters) I am making an assumption here > about how such a protocol would work. This is the source of my confusion and why I am holding a DISCUSS. I'm challenged by the assertion of privacy properties for something that isn't being cited (i.e., a tangible instance of an update protocols) or that can be validated as accurate. Why does the draft need to make privacy claims about a hypothetical protocol? Furthermore, it isn't clear in what way this guidance is actionable since it is hypothetical. > I have added this paragraph after the one you cite: > > } While a vendor proprietary scheme to distribute firmware updates would } > satisfy some of these criteria, operators/Enterprises are less likely to } > install > one of these for every single device. > } Home (residential) users are unlikely to install any system that did not } > provide service to all their devices, so only a system that was } > non-proprietary > is likely to be present. I'm unfamiliar with the hypothetical residential user or residential home network being described here. I would assert without evidence that "most residential users" don't install any firmware update system intentionally, proprietary or open. Firmware updates are handled by whatever protocols or practices the IoT devices happen to have built in to them. The closest might be the deployment of a router or an IoT hub of some kind. I am unaware of these classes of devices competing on the strength, ease, comprehensiveness or transparency of their update features. > I also don't know of other such protocols; perhaps the latest MATTER spec > includes one. OPC UA does not (AFAIK) specify one yet. > > While there could be many privately specified firmware update protocols, and > maybe every single LG home appliance (for instance) uses the same one, using > such a privately specified protocol would tell everyone you have LG > appliances. > > If every single device that you have has to reach out to the vendor, on their > own, then an observer learn not just which kind of devices one has, how many > of them there are, and even possibly what their usage pattern is. > Consider a hospital with hundreds of diffusion pumps: assume that they do not > perform firmware updates while in use (unlike, it seems Tesla cars). > Then, the moment they are put back in the closet, they look for updates > online. > Thus the observer knows when they are returned to the closet. > If this Enterprise had multiple locations, and the locations did Internet > directly > (via running everything through HQ via site-to-site VPN), then the observer > gets > to see the distribution of devices to locations too. > > I assume that Samsung and GE are unlikely to use LG's protocol, and that each > would have their own protocol, and as a result, it's unlikely that anyone will > deploy servers to accomodate all of these. Particularily, nobody is going to > deploy a non-publically specified protocol in the home. As noted above, home users are already deployed "non-publicly specified protocols" in their homes as part of whatever update mechanism the IoT already has. Roman _______________________________________________ OPSAWG mailing list -- opsawg@ietf.org To unsubscribe send an email to opsawg-le...@ietf.org
