IETF Logo Mail Archive

Re: [Iotops] can we create protocols that securely transfer ownership?

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 30 October 2020 19:58 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: iotops@ietfa.amsl.com
Delivered-To: iotops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 763713A11E3 for <iotops@ietfa.amsl.com>; Fri, 30 Oct 2020 12:58:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.346
X-Spam-Level:
X-Spam-Status: No, score=-2.346 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.247, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XrLDJd0fD-Oc for <iotops@ietfa.amsl.com>; Fri, 30 Oct 2020 12:58:33 -0700 (PDT)
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5AA43A11D4 for <iotops@ietf.org>; Fri, 30 Oct 2020 12:58:33 -0700 (PDT)
Received: by mail-pl1-x62a.google.com with SMTP id r10so3494235plx.3 for <iotops@ietf.org>; Fri, 30 Oct 2020 12:58:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=dfOo74FldJ1IiyFqtipotnOqCJ4L3DL4QzoVI38qvMQ=; b=lHSOgolW5Mxn5efHjks3THW9ILTz5cu0JdwZsUl1yExGeRazf5AYYW68KWBxp2tJO2 DAhuPVU9a5p1LczKKm3NY+LNN2tYCSHHs6E4wtDn/ayuiAzZCRqvTfdiwlLGZ2YuRoni wAfEUiebxX4owX/9vCixYd8gMxYTBuCVmVFkk6JhxAbp3KGMhSjpUKr6DT0X8P/xbrqq H1QUOJjwl0o7b2N7m6nuqjiBkZVgnvZ/jGj/+tdnx9eFZ+qvniwV9ca5euVXH6DkJQx1 EF5fBVNYxaYI4IfLw39L33IEBi0Du3b464+/Dg72MswgPend+PrKpko6+Y4F3DYwLFqa 9eYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=dfOo74FldJ1IiyFqtipotnOqCJ4L3DL4QzoVI38qvMQ=; b=Es6wi8btqa5GSksEYuRR/JWCb8kGmzeS2TMAkLKfKIhXtP8+UlF5oDfgvVqykrZDot zDnzp3EwEvOd1EsFs+rgV5Uf+wQVlXg7KhswraF6WvZCVrKFbgWocr+orjrWifzev1Jz QjED/s1ImwEXtLK4zk+YfdqWz+INYZEAUdyoB0f8i/JsDvjEBJnM6gjABzu3Z/4Yy3UV Sq/yABipPU+rOJNHhuew4GsUvEOAjDPolbqI7arOGuBTOVFUbp7rhb4/ByS7t75KFidM JiRJvXWhjpY2NW1d9C119nUK1uaRoZCagfplqEmteeIK618QQDOmrlZRzv37Hzfsim6n xjDQ==
X-Gm-Message-State: AOAM530EAn2P+cfXUeitK6LdbkezTP8Fqt7lEADh8nms7mjnWCekiZGL IbUwqavNgTqxSdBE00K7Sp+fTtFecGE=
X-Google-Smtp-Source: ABdhPJy5DgLUVMY7ysJ4YUV2OKItBJ+PgjEx/f2KxgOlO4Zw+VTN6xkSJ6rMLYO3+fwvYHR2xacAGQ==
X-Received: by 2002:a17:902:21:b029:d2:564a:5dc6 with SMTP id 30-20020a1709020021b02900d2564a5dc6mr10657527pla.14.1604087912859; Fri, 30 Oct 2020 12:58:32 -0700 (PDT)
Received: from [192.168.178.20] ([151.210.130.0]) by smtp.gmail.com with ESMTPSA id w6sm6308891pgr.71.2020.10.30.12.58.30 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 30 Oct 2020 12:58:32 -0700 (PDT)
To: Michael Richardson <mcr+ietf@sandelman.ca>, "Andrew G. Malis" <agmalis@gmail.com>, iotops@ietf.org
References: <160338716989.22551.17761888498316049460@ietfa.amsl.com> <CAA=duU3XAgBsbqf1k=jQ4yh-DdR=TyX+FkTYcm7LKtBzd99fdQ@mail.gmail.com> <13731.1604075416@localhost> <CAA=duU3Z5v03AkoWTJvXN2r4co9r8zTSjS5n7t0Q2NeOoTyDnQ@mail.gmail.com> <28326.1604078708@localhost>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <9a2a134a-e530-81de-7c51-e6d401c3c7dd@gmail.com>
Date: Sat, 31 Oct 2020 08:58:27 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <28326.1604078708@localhost>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/BLkL1mZ_Rd9ueRoeMY4pAu5Sb4w>
Subject: Re: [Iotops] can we create protocols that securely transfer ownership?
X-BeenThere: iotops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IOT Operations <iotops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iotops>, <mailto:iotops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops/>
List-Post: <mailto:iotops@ietf.org>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iotops>, <mailto:iotops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Oct 2020 19:58:35 -0000

On 31-Oct-20 06:25, Michael Richardson wrote:
> 
> Andrew G. Malis <agmalis@gmail.com> wrote:
>     > Yes, in addition to being a good story, the point is who controls the
>     > firmware in our things, and how bad it can get not only when the
>     > manufacturer enforces DRM, but the gov't enables the behavior
>     > (criminalizing jailbreaking).
> 
>     > Or the issues that arise when the manufacturer fails to properly maintain
>     > the firmware, or goes out of business.
> 
> All major concerns.  What do you think the IETF can/should do?
> I have some very specific ideas which I think are manageable and specific.

Both BRSKI and SUIT have minor references to the latter problem, and I
think that when considering tiny cheap devices it isn't a theoretical issue,
but one that's highly likely. There is also (as for incandescent light
bulbs) a strong incentive for manufacturers to sell devices that are
designed to break after a while. An expiring certificate would be a great
way to break devices remotely, for example.

   Brian

v2.23.0 | Report a Bug | By Email