IETF Logo Mail Archive

Re: [Iotops] can we create protocols that securely transfer ownership?

"Andrew G. Malis" <agmalis@gmail.com> Fri, 30 October 2020 16:43 UTC

Return-Path: <agmalis@gmail.com>
X-Original-To: iotops@ietfa.amsl.com
Delivered-To: iotops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D5413A0A62 for <iotops@ietfa.amsl.com>; Fri, 30 Oct 2020 09:43:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5NkZRNvNPxlc for <iotops@ietfa.amsl.com>; Fri, 30 Oct 2020 09:43:41 -0700 (PDT)
Received: from mail-qk1-x72a.google.com (mail-qk1-x72a.google.com [IPv6:2607:f8b0:4864:20::72a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 839613A07F0 for <iotops@ietf.org>; Fri, 30 Oct 2020 09:43:41 -0700 (PDT)
Received: by mail-qk1-x72a.google.com with SMTP id q199so5377806qke.10 for <iotops@ietf.org>; Fri, 30 Oct 2020 09:43:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GIcPvQJ1aAjlejmRgT0oz4eiS5ZEaT98fVmuwCyz4rI=; b=oc7G/stIZi57DNOymPFCyOkZLqy5UsqrVcessaOUp3zPJaEvZdos/Q7XjcPw8RA/Kf JDUhKlDaRRNzr50k17gzZTMzgRTIK5UFx2Phe9qb3ESnSyb72fRfBl3zR3CHswcB+jcl dyvyJQ7K/UrqbglJK+7OC7dF4Uz6/sY+AaPZeosO5GyjnWa+VzYy+ts98pLybz/wytu7 CoQnWnVPFYwQ23rPz5orjJ+pQS0BCuaYp+a3SB6XfrMAfQwoXhOsXdwoFdwjNrfbO+yE TyyLYG+CkQ8k8nSFCAI0BRUHOXRLj4B8lsDi9mfVtg7OjDji+HoA87BpU3j3w0qSkRa+ FnLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GIcPvQJ1aAjlejmRgT0oz4eiS5ZEaT98fVmuwCyz4rI=; b=ErusxXLhuO5SylzX0Soxvvy6kz5LrBGUbtEGWTxk81UJ6JbbDnPE4SAuwH12l0+T9K MU9lZgVpX3tD+XV1Livr0q7dCmuE2uXwLv463Y3B3SHGVXV4bNX8k7OVbLiUDBVHNPaz rmXd73K6l58x0j7DQL3HzyNPqZ07BTwU5eomy2arcGSN4rNX1PsY3+nCFD0aV91i4Ken QCw/FvTrWNQzE899e/vksy576UQqCG8dhYiDB85e7a/qJuxxpALUzlfZ+4Fj+igvCcuU NlZHmghBzkMcDQa9xecIBrIiyRsGeQcVCLcjd3/nsXTQ3DlWyYjZCajvI9AsjGGA+yyI xvcQ==
X-Gm-Message-State: AOAM532OqneMuvvKJILwYBqwxlmmuC0SLCJ2dr4XQfatohTMI2uW2r62 PNKs8VT/0SL+zPkYbpXkRUao4E+eSQZGR3a7NVf99N+b
X-Google-Smtp-Source: ABdhPJylj5MgEdPtRKvq91hRfvzolJniNf3/g/vrDbIuNEsp3ey5JgmDqZTv+VSz4Gxvhn0+vnTv3PW5RmJ11YesY9o=
X-Received: by 2002:a37:9883:: with SMTP id a125mr3024144qke.430.1604076220537; Fri, 30 Oct 2020 09:43:40 -0700 (PDT)
MIME-Version: 1.0
References: <160338716989.22551.17761888498316049460@ietfa.amsl.com> <CAA=duU3XAgBsbqf1k=jQ4yh-DdR=TyX+FkTYcm7LKtBzd99fdQ@mail.gmail.com> <13731.1604075416@localhost>
In-Reply-To: <13731.1604075416@localhost>
From: "Andrew G. Malis" <agmalis@gmail.com>
Date: Fri, 30 Oct 2020 12:43:29 -0400
Message-ID: <CAA=duU3Z5v03AkoWTJvXN2r4co9r8zTSjS5n7t0Q2NeOoTyDnQ@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: iotops@ietf.org
Content-Type: multipart/alternative; boundary="00000000000051603005b2e619ac"
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/Srt7cZQM7gSULRkivGdFkXeq150>
Subject: Re: [Iotops] can we create protocols that securely transfer ownership?
X-BeenThere: iotops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IOT Operations <iotops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iotops>, <mailto:iotops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops/>
List-Post: <mailto:iotops@ietf.org>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iotops>, <mailto:iotops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Oct 2020 16:43:45 -0000

Michael,

Thanks for the dumpsterfire pointer.

Yes, in addition to being a good story, the point is who controls the
firmware in our things, and how bad it can get not only when the
manufacturer enforces DRM, but the gov't enables the behavior
(criminalizing jailbreaking).

Or the issues that arise when the manufacturer fails to properly maintain
the firmware, or goes out of business.

Cheers,
Andy


On Fri, Oct 30, 2020 at 12:30 PM Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Andrew G. Malis <agmalis@gmail.com> wrote:
>     > Now that there seems to be at least a few people on the list, I
> would like
>     > to suggest that this be put into the charter as recommended reading:
>
>     >
> https://arstechnica.com/gaming/2020/01/unauthorized-bread-a-near-future-tale-of-refugees-and-sinister-iot-appliances/
>
> Tales of dystopian machine dominated futures abound. There is an entire
> subarea of sociology that deals with the counter-cyclical nature of SF.
> (SF is happy when times are dark, and SF is dystopian when times are good)
> For those that like to keep up on the latest stupidity, given that you
> probably aren't reading comp.risks anymore, I suggest:
>   http://www.firemountain.net/mailman/listinfo/dumpsterfire
>
> Andrew, I presume that the thing we need to take home from this tale of
> abusive *DRM*  (nothing specific to do with IoT) is that we need real
> transfer of ownership.
>
> That's why the charter proposes to work on issues that include:
>   - factory provisioning of devices
>   - onboarding of devices
>   - administrative control of devices
>   - software/firmware upgrades
>   - end of life management of devices
>
> There is a significant tussle between:
>    1) running the software *you* want on *your* devices
>    2) running the software that external entity X says is secure
>
> Vernor Vinge, in _Rainbows End_, written in 2006, and set in 2025,
> predicts a world where governments say, "Enough is Enough", and they
> stop letting anyone other than them decide what software will run on
> personal
> computing devices, and core Internet routers. (X=government above)
> Sure, you can have as many layers of virtualization as we like (the
> protagonist's teenage granddaughter sets him up with win95^Wfvwm95), but
> they control the turtle at the bottom.
>
> I coined a term Internet of Øwned Things => IøT.
> This is the set of things where the device can actually be owned by the
> person who bought it.  (vs pwned things, where a hostile owns things)
>
> My take: if you can't control what software runs on your toaster^Wthing,
> then
> you don't really øwn it.
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh
> networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT
> architect   [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on
> rails    [
>
>
>
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>            Sandelman Software Works Inc, Ottawa and Worldwide
>
>
>
>
>

v2.23.0 | Report a Bug | By Email