Re: Spitballing IoT Security

[Mel Beckman <mel () beckman org>]

Why does everyone think the Master Plan for World Domination has to be Evil? :)

 -mel beckman

> On Oct 26, 2016, at 12:40 PM, Eric S. Raymond <esr () thyrsus com> wrote:
>
> Mel Beckman <mel () beckman org>:
> > I also really like the idea of offering open source options to vendors, many of whom seem to illegally take that 
> > privilege anyway. A key fast-path component, though, is in my opinion a new RFC for IoT security best practices, and 
> > probably some revisions to UPNP. 
> >
> > The IoT RFC would spell out basic rules for safe devices: no back doors, no default passwords, no gratuitous inbound 
> > connections, etc. It would also make encryption a requirement, and limit how existing UPNP is deployed to prevent 
> > unnecessarily exposing vulnerable TCP/UDP ports to the wild. With this RFC in hand, and an appropriate splashy icon 
> > for vendor packaging (“RFC 9999 ThingSafe!”), vendors will have a competitive reason for compliance as a market 
> > differentiator, whether they deploy with open-source or proprietary code.
>
> That is a good idea and I am officially adopting it as part of the Evil
> Master Plan for World Domination. :-)
>
> I may recruit you to help draft the RFC.
> -- 
>        <a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>