On Mon, Dec 9, 2013 at 7:28 PM, Brian E Carpenter < [email protected]> wrote:
> On 10/12/2013 12:20, Stephen Farrell wrote: > ... > > Its not directly relevant to pervasive monitoring, but IMO the > > worst security thing about tiny devices is the lack of s/w or > > firmware update. Without that, we're basically screwed istm. And > > we don't look like we're getting that, not even in proprietary > > flavours. Or maybe I'm out of date on that? Would love to be. > > We're not screwed if (and only if) such devices can only communicate > with the rest of the world via some larger box. That needs to > include all forms of communication, of course, including near-field, > to avoid walk-by snooping. > > Indeed I am not sure that's possible. At some point we'll need > to start suspecting give-away pens of being surveillance devices > distributed by the thousand. We are already at that point with USB memory sticks. Quite a few have ended up being corrupted with malware. There is certainly a need here and it is significant. But I think the answers are going to have to be regulation and audits and the like. What we can do about this in the IETF is quite limited. What we could do is to have some sort of device registration protocol whereby the device gains access to the network by first proposing a 'contract' specifying all the ports and protocols it is going to speak. The network infrastructure could then default-deny any access outside that contract. This would then reduce the audit task from observing the behavior of the device to checking the facilities it asks for and seeing if they are acceptable. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
