-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 12/9/13 7:43 PM, Phillip Hallam-Baker wrote: > What we can do about this in the IETF is quite limited. What we > could do is to have some sort of device registration protocol > whereby the device gains access to the network by first proposing a > 'contract' specifying all the ports and protocols it is going to > speak. The network infrastructure could then default-deny any > access outside that contract. > > This would then reduce the audit task from observing the behavior > of the device to checking the facilities it asks for and seeing if > they are acceptable. I have been thinking similarly... sort of a standards-supported network monitor for the internet of things: from p. 4 of https://www.cdt.org/files/pdfs/CDT-Internet-of-Things-Comments.pdf: "There may be technological solutions to these barrier-crossing issues that consumers can configure to control the amount and nature of data transmitted by IoT-capable sensors and devices in sensitive locations. For example, it may be possible to design “middleware” networking equipment that a member of the household or business could configure to selectively allow or disallow networked objects from communicating outside of the household network. Ideally, such a privacy appliance could easily identify data emitted by IoT-capable products in the home network, but that relies on manufacturers inserting the right tags into their network communication that such an appliance could read. This would probably require significant standards work and manufacturer buy-in (or a legislative or regulatory mandate) to support this kind of functionality. Another option may be to design a standard element to the networkable components of IoT objects — say a pull-off tab or shielding element — that consumers can activate in order to toggle or disable networking functionality. Given that certain activities and areas in one’s home are particularly sensitive towards arbitrary data collection — bedrooms, bathrooms, children’s areas — there may be a level of tracking and data usage that above which is simply not appropriate for those products or that industry commits to making connected and disconnected versions." Would love to know if there is work (standards, research, whatever) in this area I should be aware of. best, Joe - -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 [email protected] PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSp05YAAoJEF+GaYdAqahx388P/3Mg/JTS5SOqpjdKLakv3+dm PyjbV2IZgojQI/x6bQO7JBggSo5djess7GzK2BdKH5U8gzSHv4Q7+OXYEooiO+c/ 01QC0vJCO7mCw3Sr0hfpRB1s59cIimqR44yNT1bi0R3EU6d1e+l3UGftqOlBrQ6O IU6yp0puY9lXsZ6S6vY5zIbKwpGDsCBAaqx7872VEwjjKEnf0yDsmQsur1xe4vGt AF1G64kwq5brGjCz0plAcawDU4ljoOBHSaCaxcXt1co4fJzM1EcsrRKKg3dZruRr aEDDKuFO6oHv4mtHmG//54XXSglEXnaaVs1tPCFevXTUgdBtooKVhmj26xoTe4i6 FtT9p0LUtY01UMzNz9KtmvYG1LvCjKScx86lqFb7In2sOcrPTngx6f8mxbTzzSMF SL1UWqjHazeWuIQtSVk2mSuYvlT/Ja9eQ+p/BRYcQdKF5e/koezuTclP+2DTWITd iX6JNuUY9msEaL9e0/8glioT7DC+maBLX06rsuXzWZ3OenNLxLW3eINgxYq1469O 3e2TLa29uM3UnC/ya61bsLMVlx9wy169O6iuZA6g78e6cN11CYzf0JewGidhZ5sA /vuQXZ5ChLtMhrJPOlzJmA9HLqQ9mXrUbdKwRvABjaBimehcb8geYloae4WwQEtF JoIicWI8Yf2OqCzsOI3x =RYCM -----END PGP SIGNATURE----- _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
