Re: Observations on (non-technical) changes affecting IETF operations
Michael Richardson <mcr@sandelman.ca> Wed, 09 March 2016 14:39 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D44A812D6EF for <ietf@ietfa.amsl.com>; Wed, 9 Mar 2016 06:39:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([127.0.0.1]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 37lNjIfSQy0W for <ietf@ietfa.amsl.com>; Wed, 9 Mar 2016 06:39:06 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB10212D693 for <ietf@ietf.org>; Wed, 9 Mar 2016 06:35:51 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id CDECC203AF; Wed, 9 Mar 2016 09:37:44 -0500 (EST)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 108F76374E; Wed, 9 Mar 2016 09:35:50 -0500 (EST)
From: Michael Richardson <mcr@sandelman.ca>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Subject: Re: Observations on (non-technical) changes affecting IETF operations
In-Reply-To: <CAMm+LwiBT9S-twGVzC-7yVBZ9dHA3+8f4ffPv3LyoZ_8+kdqmw@mail.gmail.com>
References: <E83FC2B4-867D-44C9-AE1B-F4C414ABD041@piuha.net> <4A95BA014132FF49AE685FAB4B9F17F657DF2330@dfweml701-chm> <EDFB7D0B-2A49-46BD-A84C-0E1FA07793FA@piuha.net> <20160307133944.GB25576@gsp.org> <56DD876C.6050008@cs.tcd.ie> <CAMm+LwiBT9S-twGVzC-7yVBZ9dHA3+8f4ffPv3LyoZ_8+kdqmw@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.4.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Wed, 09 Mar 2016 09:35:50 -0500
Message-ID: <9059.1457534150@obiwan.sandelman.ca>
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/Lr-hlM8NFJvi1TYbhZM84QzJhvI>
Cc: IETF <ietf@ietf.org>, Rich Kulawiec <rsk@gsp.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2016 14:39:11 -0000
I think that I understand what you are saying, so let me repeat it back to you in my own words. Phillip Hallam-Baker <phill@hallambaker.com> wrote: > First, I disagree with Jari's original analysis of the problem. The > Internet security problem is not limited to IoT: I tend to agree... the only reason we aren't as "concerned" about non-IoT things is because we can (in theory) update them, the devices are used directly by humans who sometimes notice if they are broken (or p0wned), and the passwords, as weak as they are, can in theory, be stored in the human, rather than in the system. (In practice: it's better to let the browser store them) > I think the big difference is that in IoT it is impossible to ignore > the usability problem that cripples most IETF security protocols. With > the new EC curves we can now do public key crypto on 16 bit and even 8 > bit devices (just don't do it too often). But we are still constrained > by the affordances of the devices: So, I see this as an opportunity... It's like the book with no letter e: https://en.wikipedia.org/wiki/Gadsby_(novel) artists impose arbitrary restrictions on themselves in order to do better work. The IoT space is restrictive, and has no humans to pick options or store passwords, so we have to do it correctly. It's also much more of a greenfield with no clear incumbent. Therefore we can throw away many of the things that turned out to be unworkable/insecure, like passwords. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
- Getting off Things - namely this mailing list tom p.
- Observations on (non-technical) changes affecting… Jari Arkko
- RE: Observations on (non-technical) changes affec… Linda Dunbar
- Re: Observations on (non-technical) changes affec… Jari Arkko
- RE: Observations on (non-technical) changes affec… Dave Cridland
- Re: Observations on (non-technical) changes affec… Randy Bush
- Re: Observations on (non-technical) changes affec… Melinda Shore
- Re: Observations on (non-technical) changes affec… Joel M. Halpern
- Re: Observations on (non-technical) changes affec… Rich Kulawiec
- Re: Observations on (non-technical) changes affec… Stephen Farrell
- Re: Observations on (non-technical) changes affec… Randy Bush
- Re: Observations on (non-technical) changes affec… Phillip Hallam-Baker
- Security for the Internet of Things and Other Thi… Jari Arkko
- RE: Observations on (non-technical) changes affec… Dirk Kutscher
- Re: Observations on (non-technical) changes affec… Jari Arkko
- Re: Observations on (non-technical) changes affec… Michael Richardson
- Re: Security for the Internet of Things and Other… Michael Richardson
- Re: Security for the Internet of Things and Other… Carsten Bormann
- Getting on with Things Eliot Lear
- Re: Security for the Internet of Things and Other… Theodore V Faber
- RE: Getting on with Things Adrian Farrel
- Re: Getting on with Things Carsten Bormann
- Re: Getting on with Things Stewart Bryant
- Re: Getting on with Things Carsten Bormann
- Re: Getting on with Things Stewart Bryant
- Re: Getting on with Things Eliot Lear
- Re: Observations on (non-technical) changes affec… Brian E Carpenter
- Re: Getting on with Things Michael Richardson
- Re: Getting on with Things Carsten Bormann
- Re: Getting on with Things Medel Ramirez
- Re: Security for the Internet of Things and Other… Phillip Hallam-Baker
- Re: Getting on with Things Gmail
- Re: Security for the Internet of Things and Other… Livingood, Jason
- Re: Security for the Internet of Things and Other… Scott Kitterman
- Re: Security for the Internet of Things and Other… Eliot Lear
- Re: Security for the Internet of Things and Other… Stewart Bryant
- Re: Observations on (non-technical) changes affec… Charles Eckel (eckelcu)
- Re: Observations on (non-technical) changes affec… Dave Crocker
- Re: Observations on (non-technical) changes affec… Phillip Hallam-Baker
- Re: Observations on (non-technical) changes affec… Jari Arkko
- Re: Observations on (non-technical) changes affec… Phillip Hallam-Baker
- Re: Observations on (non-technical) changes affec… Charles Eckel (eckelcu)
- Re: Observations on (non-technical) changes affec… l.wood
- Re: Observations on (non-technical) changes affec… George Michaelson
- Re: Observations on (non-technical) changes affec… Eggert, Lars
- Re: Observations on (non-technical) changes affec… Phillip Hallam-Baker
- Re: Observations on (non-technical) changes affec… lloyd.wood
- Re: Observations on (non-technical) changes affec… Eggert, Lars
- Re: Observations on (non-technical) changes affec… S Moonesamy
- Re: Observations on (non-technical) changes affec… Joseph Lorenzo Hall
- Re: Observations on (non-technical) changes affec… Joseph Lorenzo Hall
- Re: Observations on (non-technical) changes affec… S Moonesamy
- Re: Observations on (non-technical) changes affec… Randy Bush
- RE: Observations on (non-technical) changes affec… Russ White
- Re: Observations on (non-technical) changes affec… Melinda Shore
- Re: Observations on (non-technical) changes affec… Eliot Lear