IETF Logo Mail Archive

Re: [Iotops] can we create protocols that securely transfer ownership?

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 01 November 2020 16:00 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: iotops@ietfa.amsl.com
Delivered-To: iotops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5C3B3A0B38 for <iotops@ietfa.amsl.com>; Sun, 1 Nov 2020 08:00:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TOm6RKE2jWHy for <iotops@ietfa.amsl.com>; Sun, 1 Nov 2020 08:00:30 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDDD43A0B39 for <Iotops@ietf.org>; Sun, 1 Nov 2020 08:00:29 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 160AF389A7; Sun, 1 Nov 2020 11:07:26 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id GfbRMNxx41NX; Sun, 1 Nov 2020 11:07:25 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 9DF9A389A3; Sun, 1 Nov 2020 11:07:25 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 16B491D2; Sun, 1 Nov 2020 11:00:28 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: William_J_G Overington <wjgo_10009=40btinternet.com@dmarc.ietf.org>, Iotops@ietf.org
In-Reply-To: <6e7fc2c3.ccb.1757e4c3e9e.Webtop.227@btinternet.com>
References: <6e7fc2c3.ccb.1757e4c3e9e.Webtop.227@btinternet.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sun, 01 Nov 2020 11:00:28 -0500
Message-ID: <4838.1604246428@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/iotops/q2UcOMLa2ZCF3qLIZBpoYdNzZ0M>
Subject: Re: [Iotops] can we create protocols that securely transfer ownership?
X-BeenThere: iotops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IOT Operations <iotops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iotops>, <mailto:iotops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iotops/>
List-Post: <mailto:iotops@ietf.org>
List-Help: <mailto:iotops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iotops>, <mailto:iotops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Nov 2020 16:00:34 -0000

William_J_G Overington <wjgo_10009=40btinternet.com@dmarc.ietf.org> wrote:
    > I am wondering if the issue of being able to recover the original software
    > for a thing could be solved by some infrastructure something like it being
    > good practice for the manufacturer of the thing to produce a hexadecimal dump
    > of the software and publish it in a PDF (Portable Document Format) document
    > and for that PDF document to be deposited at The British Library in
    > accordance with the legal deposit regulations together with a note permitting
    > The British Library to supply a copy to anyone for a fee. The document could
    > also be made available on the manufacturer's website, yet legal deposit at
    > The British Library would mean that the document would still be available
    > even if the manufacturer went out of business and the website was no longer
    > available.

While there is an issue of how to maintain software beyond the lifetime of
the (interest of the marketing department) of the manufacturer, the bigger
picture is that the device is cryptographically locked to running on software
approved (digitally signed) by the manufacturer.

We actually *need* this kind of lockdown in order to keep malware out.
But, one person's weed is another person's wild-flower.

Having the hexdump doesn't help us much.  We basically already have that.
Often we have the entire source code, but we still can't load it into the
device because we don't have the keys that are baked (literally: by laser
blown fuses into the silicon) into the device.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email