Re: [Iotops] can we create protocols that securely transfer ownership?
Alexandre Petrescu <alexandre.petrescu@gmail.com> Sat, 31 October 2020 11:56 UTC
Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: iotops@ietfa.amsl.com
Delivered-To: iotops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AD783A197C for <iotops@ietfa.amsl.com>; Sat, 31 Oct 2020 04:56:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.424
X-Spam-Level:
X-Spam-Status: No, score=0.424 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.247, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PiDINh7ya0mo for <iotops@ietfa.amsl.com>; Sat, 31 Oct 2020 04:56:56 -0700 (PDT)
Received: from cirse-smtp-out.extra.cea.fr (cirse-smtp-out.extra.cea.fr [132.167.192.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8731E3A197B for <iotops@ietf.org>; Sat, 31 Oct 2020 04:56:55 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by cirse-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 09VBurkY016344 for <iotops@ietf.org>; Sat, 31 Oct 2020 12:56:53 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 716CB202EBA for <iotops@ietf.org>; Sat, 31 Oct 2020 12:56:53 +0100 (CET)
Received: from muguet1-smtp-out.intra.cea.fr (muguet1-smtp-out.intra.cea.fr [132.166.192.12]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 66757202C85 for <iotops@ietf.org>; Sat, 31 Oct 2020 12:56:53 +0100 (CET)
Received: from [10.11.240.40] ([10.11.240.40]) by muguet1-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 09VBuriR023612 for <iotops@ietf.org>; Sat, 31 Oct 2020 12:56:53 +0100
To: iotops@ietf.org
References: <160338716989.22551.17761888498316049460@ietfa.amsl.com> <CAA=duU3XAgBsbqf1k=jQ4yh-DdR=TyX+FkTYcm7LKtBzd99fdQ@mail.gmail.com> <13731.1604075416@localhost>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <bb0aa02a-6b36-736d-41ec-959cda8f7a2a@gmail.com>
Date: Sat, 31 Oct 2020 12:56:52 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0
MIME-Version: 1.0
In-Reply-To: <13731.1604075416@localhost>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/8urZcU6WAfH51ahizoqHckD-d1U>
Subject: Re: [Iotops] can we create protocols that securely transfer ownership?
X-BeenThere: iotops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IOT Operations <iotops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iotops>, <mailto:iotops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops/>
List-Post: <mailto:iotops@ietf.org>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iotops>, <mailto:iotops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Oct 2020 11:56:58 -0000
'Transferring ownership' - like in selling property to somebody? A contract would be needed, and a notary with an electronic signature. Le 30/10/2020 à 17:30, Michael Richardson a écrit : > > Andrew G. Malis <agmalis@gmail.com> wrote: >> Now that there seems to be at least a few people on the list, I >> would like to suggest that this be put into the charter as >> recommended reading: > >> https://arstechnica.com/gaming/2020/01/unauthorized-bread-a-near-future-tale-of-refugees-and-sinister-iot-appliances/ > >> > Tales of dystopian machine dominated futures abound. There are also tales of futures dominated by a few oligarchies storing the data. It would be these private interests that dominate the world, via computers, be them Things or information highways. A sort of facebooks extended along certain negative extension lines. In these worlds indeed the person-to-person communication would be needed to avoid negative situations. But 'transferring ownership' would not be desirable: one would not transfer ownership of information from one's brain to Things and even less let these Things further transfer ownership to other private interests. There would be a need of a protocol to make sure ownership is not transferred, but hardcoded in silicium. Or maybe 'securely transfer ownership' would be akin to a delegation of identity, under the form of securely allowing somebody to act on one's behalf, a sort of 'delegation of signature'. Delegate signature but maintain control, like in delegating to vote. Alex There is an entire > subarea of sociology that deals with the counter-cyclical nature of > SF. (SF is happy when times are dark, and SF is dystopian when times > are good) For those that like to keep up on the latest stupidity, > given that you probably aren't reading comp.risks anymore, I > suggest: http://www.firemountain.net/mailman/listinfo/dumpsterfire > > Andrew, I presume that the thing we need to take home from this tale > of abusive *DRM* (nothing specific to do with IoT) is that we need > real transfer of ownership. > > That's why the charter proposes to work on issues that include: - > factory provisioning of devices - onboarding of devices - > administrative control of devices - software/firmware upgrades - end > of life management of devices > > There is a significant tussle between: 1) running the software *you* > want on *your* devices 2) running the software that external entity X > says is secure > > Vernor Vinge, in _Rainbows End_, written in 2006, and set in 2025, > predicts a world where governments say, "Enough is Enough", and they > stop letting anyone other than them decide what software will run on > personal computing devices, and core Internet routers. (X=government > above) Sure, you can have as many layers of virtualization as we like > (the protagonist's teenage granddaughter sets him up with > win95^Wfvwm95), but they control the turtle at the bottom. > > I coined a term Internet of Øwned Things => IøT. This is the set of > things where the device can actually be owned by the person who > bought it. (vs pwned things, where a hostile owns things) > > My take: if you can't control what software runs on your > toaster^Wthing, then you don't really øwn it. > > -- ] Never tell me the odds! | ipv6 > mesh networks [ ] Michael Richardson, Sandelman Software Works > | IoT architect [ ] mcr@sandelman.ca > http://www.sandelman.ca/ | ruby on rails [ > > > > > -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT > consulting ) Sandelman Software Works Inc, Ottawa and Worldwide > > > > >
- [Iotops] New Non-WG Mailing List: IOTOPS -- IOT O… IETF Secretariat
- Re: [Iotops] New Non-WG Mailing List: IOTOPS -- I… Andrew G. Malis
- [Iotops] can we create protocols that securely tr… Michael Richardson
- Re: [Iotops] can we create protocols that securel… Andrew G. Malis
- Re: [Iotops] can we create protocols that securel… Michael Richardson
- Re: [Iotops] can we create protocols that securel… Brian E Carpenter
- Re: [Iotops] maintain ownership (was: can we crea… Toerless Eckert
- Re: [Iotops] can we create protocols that securel… William_J_G Overington
- Re: [Iotops] can we create protocols that securel… Alexandre Petrescu
- Re: [Iotops] can we create protocols that securel… Michael Richardson
- Re: [Iotops] can we create protocols that securel… Michael Richardson
- Re: [Iotops] can we create protocols that securel… Toerless Eckert
- [Iotops] Use of abbreviations William_J_G Overington
- Re: [Iotops] Use of abbreviations Henk Birkholz
- Re: [Iotops] Use of abbreviations William_J_G Overington
- Re: [Iotops] Use of abbreviations Brian E Carpenter
- Re: [Iotops] can we create protocols that securel… Qin Wu
- Re: [Iotops] maintain ownership (was: can we crea… Qin Wu
- Re: [Iotops] maintain ownership (was: can we crea… Michael Richardson
- Re: [Iotops] maintain ownership (was: can we crea… Toerless Eckert
- Re: [Iotops] maintain ownership (was: can we crea… Toerless Eckert
- Re: [Iotops] maintain ownership (was: can we crea… Michael Richardson
- Re: [Iotops] maintain ownership (was: can we crea… Amyas Phillips, Ambotec
- Re: [Iotops] maintain ownership (was: can we crea… Michael Richardson
- Re: [Iotops] maintain ownership Brian E Carpenter
- Re: [Iotops] maintain ownership Michael Richardson
- Re: [Iotops] maintain ownership William_J_G Overington
- Re: [Iotops] maintain ownership William_J_G Overington