IETF Logo Mail Archive

[Iotops] can we create protocols that securely transfer ownership?

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 30 October 2020 16:30 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: iotops@ietfa.amsl.com
Delivered-To: iotops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 492FE3A0FF6 for <iotops@ietfa.amsl.com>; Fri, 30 Oct 2020 09:30:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EIg-aUqnkzMS for <iotops@ietfa.amsl.com>; Fri, 30 Oct 2020 09:30:18 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A6973A0FEF for <iotops@ietf.org>; Fri, 30 Oct 2020 09:30:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 05D42389BB; Fri, 30 Oct 2020 12:37:07 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id hoID8PIlRHaL; Fri, 30 Oct 2020 12:37:06 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 7EB09389B9; Fri, 30 Oct 2020 12:37:06 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 69207362; Fri, 30 Oct 2020 12:30:16 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Andrew G. Malis" <agmalis@gmail.com>, iotops@ietf.org
In-Reply-To: <CAA=duU3XAgBsbqf1k=jQ4yh-DdR=TyX+FkTYcm7LKtBzd99fdQ@mail.gmail.com>
References: <160338716989.22551.17761888498316049460@ietfa.amsl.com> <CAA=duU3XAgBsbqf1k=jQ4yh-DdR=TyX+FkTYcm7LKtBzd99fdQ@mail.gmail.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Fri, 30 Oct 2020 12:30:16 -0400
Message-ID: <13731.1604075416@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/7C0P8YPH1GMRXt8fBZmC1bQvlNA>
Subject: [Iotops] can we create protocols that securely transfer ownership?
X-BeenThere: iotops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IOT Operations <iotops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iotops>, <mailto:iotops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops/>
List-Post: <mailto:iotops@ietf.org>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iotops>, <mailto:iotops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Oct 2020 16:30:20 -0000

Andrew G. Malis <agmalis@gmail.com> wrote:
    > Now that there seems to be at least a few people on the list, I would like
    > to suggest that this be put into the charter as recommended reading:

    > https://arstechnica.com/gaming/2020/01/unauthorized-bread-a-near-future-tale-of-refugees-and-sinister-iot-appliances/

Tales of dystopian machine dominated futures abound. There is an entire
subarea of sociology that deals with the counter-cyclical nature of SF.
(SF is happy when times are dark, and SF is dystopian when times are good)
For those that like to keep up on the latest stupidity, given that you
probably aren't reading comp.risks anymore, I suggest:
  http://www.firemountain.net/mailman/listinfo/dumpsterfire

Andrew, I presume that the thing we need to take home from this tale of
abusive *DRM*  (nothing specific to do with IoT) is that we need real
transfer of ownership.

That's why the charter proposes to work on issues that include:
  - factory provisioning of devices
  - onboarding of devices
  - administrative control of devices
  - software/firmware upgrades
  - end of life management of devices

There is a significant tussle between:
   1) running the software *you* want on *your* devices
   2) running the software that external entity X says is secure

Vernor Vinge, in _Rainbows End_, written in 2006, and set in 2025,
predicts a world where governments say, "Enough is Enough", and they
stop letting anyone other than them decide what software will run on personal
computing devices, and core Internet routers. (X=government above)
Sure, you can have as many layers of virtualization as we like (the
protagonist's teenage granddaughter sets him up with win95^Wfvwm95), but
they control the turtle at the bottom.

I coined a term Internet of Øwned Things => IøT.
This is the set of things where the device can actually be owned by the
person who bought it.  (vs pwned things, where a hostile owns things)

My take: if you can't control what software runs on your toaster^Wthing, then
you don't really øwn it.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [




--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email