[Iotops] end passwords NOW!

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 02 March 2023 21:28 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: iotops@ietfa.amsl.com
Delivered-To: iotops@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 0840FC15256B for <iotops@ietfa.amsl.com>; Thu, 2 Mar 2023 13:28:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.696
X-Spam-Status: No, score=-6.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (bad RSA signature)" header.d=sandelman.ca
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id MlPhg8CcLQGy for <iotops@ietfa.amsl.com>; Thu, 2 Mar 2023 13:28:03 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net []) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C018EC14CE38 for <iotops@ietf.org>; Thu, 2 Mar 2023 13:28:03 -0800 (PST)
Received: from dyas.sandelman.ca (desktop4.sandelman.ca []) by relay.sandelman.ca (Postfix) with ESMTPS id 1A6E61F455; Thu, 2 Mar 2023 21:28:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=sandelman.ca; s=mail; t=1677792481; bh=F2kk9q5lGsOufutbm6MppTLO9PnO7WEDAO1LZDGPntU=; h=From:To:Subject:In-reply-to:References:Date:From; b=jKricqyV8D6wG4wigSNvhsziOYyOxtdD2MAdzSrlPgkmrXtIYmMyv89fcueolHFfD 12vl+k+BBfsbFTyAh1UAo2EhLtH16SWNmS8ARnIWgRJYu/jFThTtZSRatq2TOGGhIc eOuJkYRt2XwRLCjy+q8XQDjJ9KtqUfEgfG5ahnUkNqoopcVUhlTpp92BgZVAKJRDN6 vRwN/MjA5Sr1Bn+gIKtE6/FIlj1oifyIVkmTRmlHUFwUJTb1xQQVFPA8O70v1FoRCA zsQ0+6xYOVucn5S8leuCOTmsILDLT0cNGiTTnphjRnDZU3DKGzzAiVbY2GVx3T+3kH I0reVNoOuYCZw==
Received: by dyas.sandelman.ca (Postfix, from userid 1000) id 283D7A1338; Thu, 2 Mar 2023 16:27:59 -0500 (EST)
Received: from dyas (localhost []) by dyas.sandelman.ca (Postfix) with ESMTP id 264FAA0FDA; Thu, 2 Mar 2023 16:27:59 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Eliot Lear <lear@lear.ch>, iotops@ietf.org
In-reply-to: <af3ea132-f300-6496-8d00-dd7084560921@lear.ch>
References: <2b042daf-a7a4-84b4-bd9a-bb293849ca43@isode.com> <af3ea132-f300-6496-8d00-dd7084560921@lear.ch>
Comments: In-reply-to Eliot Lear <lear@lear.ch> message dated "Thu, 02 Mar 2023 13:54:52 +0100."
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.3
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 02 Mar 2023 16:27:59 -0500
Message-ID: <1744568.1677792479@dyas>
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/NZ_b9_HdFuQkbUYSeZDuLKpjDVU>
Subject: [Iotops] end passwords NOW!
X-BeenThere: iotops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IOT Operations <iotops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iotops>, <mailto:iotops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops/>
List-Post: <mailto:iotops@ietf.org>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iotops>, <mailto:iotops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2023 21:28:08 -0000

Eliot Lear <lear@lear.ch> wrote:
    > 1. Passwords on devices are a bad idea IOT devices that are associated
    > with north-bound control functions.  This includes bridges, vacuum
    > cleaners, ovens, HVACs, and the like.

I think that you mean that when I connect to my oven, I shouldn't be using a
password to login from my phone and/or browser.

You could also mean that when my oven connects to it's cloud service, that it
shouldn't be using a password.

(These are not mutually exclusive)

Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-