IETF Logo Mail Archive

Re: [homenet] write up of time without clocks

Tim Coote <tim+ietf.org@coote.org> Fri, 04 November 2016 14:11 UTC

Return-Path: <tim+ietf.org@coote.org>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF1DC1294FE for <homenet@ietfa.amsl.com>; Fri, 4 Nov 2016 07:11:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=coote.org header.b=gSRpn+Ve; dkim=pass (1024-bit key) header.d=coote.org header.b=cD+DT6op
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VdwnQsmeZVtJ for <homenet@ietfa.amsl.com>; Fri, 4 Nov 2016 07:11:41 -0700 (PDT)
Received: from mercury.coote.org (575185b4.skybroadband.com [87.81.133.180]) by ietfa.amsl.com (Postfix) with ESMTP id 7AB3F129418 for <homenet@ietf.org>; Fri, 4 Nov 2016 07:11:40 -0700 (PDT)
Received: by mercury.coote.org (Postfix, from userid 1000) id 4685916C12DF; Fri, 4 Nov 2016 14:11:36 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.10.3 mercury.coote.org 4685916C12DF
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=coote.org; s=default; t=1478268697; bh=m7BxLzyjDtLUb61X5KQ/YPbMpZEY5pBEMkxBEdLzoUQ=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=gSRpn+Veax7yjq5EKU7i8UHK355pGrKqsN+cuRMDlS9gQGbpvGioe8H5O8Y66txOo T6hFt+3jay4CS3v1Hf3u0t07m50xsT9rts6LH2odJvf6Ftzts22T67Nm1kg493CWGT 8Psm1RYkKClPS3QTNjVqSA79EiWR1JCakQy8L+2M=
X-Original-To: homenet@ietf.org
Received: from [127.0.0.1] (localhost [IPv6:::1]) by mercury.coote.org (Postfix) with ESMTP id 8F50B16C1260; Fri, 4 Nov 2016 14:11:35 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.10.3 mercury.coote.org 8F50B16C1260
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=coote.org; s=default; t=1478268695; bh=m7BxLzyjDtLUb61X5KQ/YPbMpZEY5pBEMkxBEdLzoUQ=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=cD+DT6opnSlYiknIgmMRL0h3QBCmm3NdHQmwIR2P91pNZB5mn8NNTP8z9GYwocb6B 6eg76jnAZupJwPq0n7oYmDIoIGHqCd9KLH+PJNDnnalUB3KUuMHJY6Kc2IOBayC+fj udlfrS1zwDddqXfk1fok3vBb63w9frMjoKFmfRY4=
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Tim Coote <tim+ietf.org@coote.org>
In-Reply-To: <E8216856-25DF-4AE9-8818-61CC7F2E3FBF@consulintel.es>
Date: Fri, 04 Nov 2016 14:11:35 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <CFCDADBC-CEEF-4210-8F32-7B76652041DB@coote.org>
References: <24389.1477921009@obiwan.sandelman.ca> <8737jbe53w.wl-jch@pps.univ-paris-diderot.fr> <m1c1aQj-0000HHC@stereo.hq.phicoh.net> <f0c09d91-cb58-5568-d2d6-810131bc450e@gmail.com> <m1c1snP-0000HpC@stereo.hq.phicoh.net> <a7bdc36e-1567-defd-3346-31e30d88db26@gmail.com> <871syt32c1.wl-jch@pps.univ-paris-diderot.fr> <m1c2GGL-0000GMC@stereo.hq.phicoh.net> <2D09D61DDFA73D4C884805CC7865E6114DA2EEBF@GAALPA1MSGUSRBF.ITServices.sbc.com> <c22476f6-a4c9-4b45-846b-e1adf89aaf0b@gmail.com> <B41B07F4-2337-4D9F-B225-CEA584025C81@iki.fi> <2D09D61DDFA73D4C884805CC7865E6114DA2F297@GAALPA1MSGUSRBF.ITServices.sbc.com> <A9415A12-62D5-4AFF-BCB4-341C28BF7C9A@consulintel.es> <7A9F770B-CED5-4562-8165-DE1C51435EA7@jisc.ac.uk> <E8216856-25DF-4AE9-8818-61CC7F2E3FBF@consulintel.es>
To: jordi.palet@consulintel.es
X-Mailer: Apple Mail (2.2104)
X-Spambayes-Classification: ham; 0.00
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/sW2R3tMIzPN1GcA7IuydDXCLycI>
Cc: Tim.Chown@jisc.ac.uk, "homenet@ietf.org" <homenet@ietf.org>, "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>, Keith Moore <moore@network-heretics.com>, "rbarnes@mozilla.com" <rbarnes@mozilla.com>
Subject: Re: [homenet] write up of time without clocks
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2016 14:11:51 -0000

This may have negative value, so feel free to throw it out. but..  

An observation from consumer IoT work is the importance of giving the consumer positive feedback that all is well. 

Poor visibility and diagnostics of faults make the cost of supporting any service expensive and erode brand value where users just carry on without realising that something’s wrong in one of the umpteen, hard-to-directly-observe bits of hardware (and software). Having raised awareness of an issue, there’s still the challenge of binding the physical box with the name that’s reporting the problem.

My sense is that trying to engineer a general purpose protocol may not be possible.

So, would it be reasonable for devices that are not sure of the time, to report that fact, and their view of what the time is to the user for acceptance?

tc
> On 4 Nov 2016, at 12:11, JORDI PALET MARTINEZ <jordi.palet@consulintel.es> wrote:
> 
> I guess the problem is that this document is NOT targeted to CPEs:
> 
>      In principle these requirements apply to all hosts that connect to
>      the Internet, but this list of requirements is specifically
>      targeted at devices that are constrained in their capabilities,
>      more than general-purpose programmable hosts (PCs, servers,
>      laptops, tablets, etc.), routers, middleboxes, etc.  While this is
>      a fuzzy boundary, it reflects the current understanding of IoT.  A
>      more detailed treatment of some of the constraints of IoT devices
>      can be found in [RFC7228].
> 
> Not sure if we want a separate document, as it seems to me that the requirements are very close or we may need to reword a bit the text above to make it more clear, etc.
> 
> Also is BCP the way if we want authorities to mandate it?
> 
> Saludos,
> Jordi
> 
> 
> -----Mensaje original-----
> De: homenet <homenet-bounces@ietf.org> en nombre de Tim Chown <Tim.Chown@jisc.ac.uk>
> Responder a: <Tim.Chown@jisc.ac.uk>
> Fecha: viernes, 4 de noviembre de 2016, 12:43
> Para: "homenet@ietf.org" <homenet@ietf.org>
> CC: "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>, Keith Moore <moore@network-heretics.com>, "rbarnes@mozilla.com" <rbarnes@mozilla.com>
> Asunto: Re: [homenet] write up of time without clocks
> 
> 
> 
> 
>    Hi,
> 
> 
>    On 4 Nov 2016, at 08:34, JORDI PALET MARTINEZ <jordi.palet@consulintel.es> wrote:
> 
>    Exactly. Same as we have regulations like UL, FCC, EC, etc., the same certifications must care about a minimum set of security, upgradeability, etc., features.
> 
>    So the extra cost for the vendors is almost cero if we are talking about the same certifications entities, just new test added to the actual sets.
> 
>    If you don’t comply the certification, your products will not be accepted in customs from a very high number of countries, so you will be somehow forced to follow them.
> 
>    The question here, is homenet the right venue for creating those minimum requirements?
> 
> 
> 
> 
> 
> 
>    Perhaps contribute to draft-moore-iot-security-bcp-00?
> 
> 
>    See https://tools.ietf.org/html/draft-moore-iot-security-bcp-00
> 
> 
>    This was submitted at the Seoul deadline.  Authors copied.
> 
> 
>    Tim
> 
> 
> 
>    Regards,
>    Jordi
> 
> 
>    -----Mensaje original-----
>    De: homenet <homenet-bounces@ietf.org> en nombre de "STARK, BARBARA H" <bs7652@att.com>
>    Responder a: <bs7652@att.com>
>    Fecha: jueves, 3 de noviembre de 2016, 21:19
>    Para: Markus Stenberg <markus.stenberg@iki.fi>, Brian E Carpenter <brian.e.carpenter@gmail.com>
>    CC: Philip Homburg <pch-homenet-2@u-1.phicoh.com>, "homenet@ietf.org" <homenet@ietf.org>, Juliusz Chroboczek
>     <jch@pps.univ-paris-diderot.fr>
>    Asunto: Re: [homenet] write up of time without clocks
> 
> 
>    Yes, I agree it's possible to do better, but what's the incentive for
>    a bottom-feeding vendor of cheap devices to bother?
> 
> 
> 
>    I hate to say this, but how about legal solutions? 
> 
> 
> 
>       My reading of the tea leaves: either the industry creates its own certification plan, or the regulators will do it for us.
>       Here is a data point:
>       https://www.euractiv.com/section/innovation-industry/news/commission-plans-cybersecurity-rules-for-internet-connected-machines/
>       In the US, both the FCC and FTC are showing keen interest.
>       I'd rather the industry get there first.
>       And, BTW, it's also been suggested that devices list their "end of life" date when they're sold. After which no updates may be provided. And remotely-triggered "kill switch" may be used if a bad vulnerability is discovered after that date.
> 
>       Another recommendation is default passwords be unique per device, and not easily determined from MAC address, firmware revision, etc., and be changeable.
> 
>       That is, it's not just about upgradability. It is also passwords, encryption, and messaging/promises/guarantees that are made.
>       Just like cars now have seatbelts, front and side airbags, crumple zones, and lemon laws.
>       There are a number of industry whitepapers coming out on this topic, and conferences/meetings being held. It's all the rage right now.
> 
> 
>       Barbara
>       _______________________________________________
>       homenet mailing list
>       homenet@ietf.org
>       https://www.ietf.org/mailman/listinfo/homenet
> 
> 
> 
> 
> 
>    **********************************************
>    IPv4 is over
>    Are you ready for the new Internet ?
>    http://www.consulintel.es
>    The IPv6 Company
> 
>    This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or
>     use of the contents of this information, including attached files, is prohibited.
> 
> 
> 
>    _______________________________________________
>    homenet mailing list
>    homenet@ietf.org
>    https://www.ietf.org/mailman/listinfo/homenet
> 
> 
> 
> 
> 
> 
> 
> 
> 
>    _______________________________________________
>    homenet mailing list
>    homenet@ietf.org
>    https://www.ietf.org/mailman/listinfo/homenet
> 
> 
> 
> 
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.consulintel.es
> The IPv6 Company
> 
> This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
> 
> 
> 
> _______________________________________________
> homenet mailing list
> homenet@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet

v2.23.0 | Report a Bug | By Email