nanog mailing list archives
Re: Spitballing IoT Security
From: "Eric S. Raymond" <esr () thyrsus com>
Date: Wed, 26 Oct 2016 15:40:40 -0400
Mel Beckman <mel () beckman org>:
I also really like the idea of offering open source options to vendors, many of whom seem to illegally take that privilege anyway. A key fast-path component, though, is in my opinion a new RFC for IoT security best practices, and probably some revisions to UPNP. The IoT RFC would spell out basic rules for safe devices: no back doors, no default passwords, no gratuitous inbound connections, etc. It would also make encryption a requirement, and limit how existing UPNP is deployed to prevent unnecessarily exposing vulnerable TCP/UDP ports to the wild. With this RFC in hand, and an appropriate splashy icon for vendor packaging (“RFC 9999 ThingSafe!”), vendors will have a competitive reason for compliance as a market differentiator, whether they deploy with open-source or proprietary code.
That is a good idea and I am officially adopting it as part of the Evil Master Plan for World Domination. :-) I may recruit you to help draft the RFC. -- <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
Current thread:
- Re: Spitballing IoT Security, (continued)
- Re: Spitballing IoT Security bzs (Oct 25)
- RE: Spitballing IoT Security Steve Mikulasik (Oct 24)
- Re: Spitballing IoT Security J. Oquendo (Oct 24)
- Re: Spitballing IoT Security Mike Hammett (Oct 24)
- Re: Spitballing IoT Security Hugo Slabbert (Oct 24)
- Re: Spitballing IoT Security Mike Hammett (Oct 24)
- Re: Spitballing IoT Security bzs (Oct 24)
- Re: Spitballing IoT Security Rich Kulawiec (Oct 26)
- Re: Spitballing IoT Security Eric S. Raymond (Oct 26)
- Re: Spitballing IoT Security Mel Beckman (Oct 26)
- Re: Spitballing IoT Security Eric S. Raymond (Oct 26)
- Re: Spitballing IoT Security Mel Beckman (Oct 26)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
- Re: Spitballing IoT Security Valdis . Kletnieks (Oct 26)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
- Re: Spitballing IoT Security Jean-Francois Mezei (Oct 26)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
- Re: Spitballing IoT Security Leo Bicknell (Oct 26)
- Re: Spitballing IoT Security Jean-Francois Mezei (Oct 26)
- Re: Spitballing IoT Security JORDI PALET MARTINEZ (Oct 26)
- Re: Spitballing IoT Security jim deleskie (Oct 26)