Re: [perpass] Tiny stacks

[Joseph Lorenzo Hall <joe@cdt.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


On 12/9/13 7:43 PM, Phillip Hallam-Baker wrote:
> What we can do about this in the IETF is quite limited. What we
> could do is to have some sort of device registration protocol
> whereby the device gains access to the network by first proposing a
> 'contract' specifying all the ports and protocols it is going to
> speak. The network infrastructure could then default-deny any
> access outside that contract.
> 
> This would then reduce the audit task from observing the behavior
> of the device to checking the facilities it asks for and seeing if
> they are acceptable.

I have been thinking similarly... sort of a standards-supported
network monitor for the internet of things:

from p. 4 of
https://www.cdt.org/files/pdfs/CDT-Internet-of-Things-Comments.pdf:

"There may be technological solutions to these barrier-crossing issues
that consumers can configure to control the amount and nature of data
transmitted by IoT-capable sensors and devices in sensitive locations.
For example, it may be possible to design “middleware” networking
equipment that a member of the household or business could configure
to selectively allow or disallow networked objects from communicating
outside of the household network. Ideally, such a privacy appliance
could easily identify data emitted by IoT-capable products in the home
network, but that relies on manufacturers inserting the right tags into
their network communication that such an appliance could read. This
would probably require significant standards work and manufacturer
buy-in (or a legislative or regulatory mandate) to support this kind
of functionality. Another option may be to design a standard element
to the networkable components of IoT objects — say a pull-off tab or
shielding element — that consumers can activate in order to toggle or
disable networking functionality. Given that certain activities and
areas in one’s home are particularly sensitive towards arbitrary data
collection — bedrooms, bathrooms, children’s areas — there may be a
level of tracking and data usage that above which is simply not
appropriate for those products or that industry commits to making
connected and disconnected versions."

Would love to know if there is work (standards, research, whatever) in
this area I should be aware of.

best, Joe

- -- 
Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSp05YAAoJEF+GaYdAqahx388P/3Mg/JTS5SOqpjdKLakv3+dm
PyjbV2IZgojQI/x6bQO7JBggSo5djess7GzK2BdKH5U8gzSHv4Q7+OXYEooiO+c/
01QC0vJCO7mCw3Sr0hfpRB1s59cIimqR44yNT1bi0R3EU6d1e+l3UGftqOlBrQ6O
IU6yp0puY9lXsZ6S6vY5zIbKwpGDsCBAaqx7872VEwjjKEnf0yDsmQsur1xe4vGt
AF1G64kwq5brGjCz0plAcawDU4ljoOBHSaCaxcXt1co4fJzM1EcsrRKKg3dZruRr
aEDDKuFO6oHv4mtHmG//54XXSglEXnaaVs1tPCFevXTUgdBtooKVhmj26xoTe4i6
FtT9p0LUtY01UMzNz9KtmvYG1LvCjKScx86lqFb7In2sOcrPTngx6f8mxbTzzSMF
SL1UWqjHazeWuIQtSVk2mSuYvlT/Ja9eQ+p/BRYcQdKF5e/koezuTclP+2DTWITd
iX6JNuUY9msEaL9e0/8glioT7DC+maBLX06rsuXzWZ3OenNLxLW3eINgxYq1469O
3e2TLa29uM3UnC/ya61bsLMVlx9wy169O6iuZA6g78e6cN11CYzf0JewGidhZ5sA
/vuQXZ5ChLtMhrJPOlzJmA9HLqQ9mXrUbdKwRvABjaBimehcb8geYloae4WwQEtF
JoIicWI8Yf2OqCzsOI3x
=RYCM
-----END PGP SIGNATURE-----