Michael StJohns <mstjo...@comcast.net> wrote: >> I'm less sure that I agree with the subsequent view that we can't >> adopt this item until we have assurance; I'd say that asking for the >> issue to be addressed as part of the adoption process is reasonable, >> and objecting at WGLC if it has not been addressed is the right way.
> http://www.techworm.net/2016/11/researchers-use-drones-hijack-philips-hue-smart-lights.html > describes how the use of multi-party symmetric key systems weakens even > minimal security guarantees in a IOT system. In this article, its > noted that the HUE lights have firmware that's signed/encrypted by a > symmetric key (which - by definition then needs to be included in every > device to decrypt/verify the firmware), and that the attackers were > able to extract the key from a lightbulb with relative ease; craft > their own firmware and cause the lightbulbs to load it in a chain > reaction. I had read all about this, and I wondered how they had gotten the bogus firmware accepted; I thought that this was the "bug", but I hadn't read (or I had missed) that the firmware was symmetric signed. That's really really dumb. > So I'd turn this around and ask for a offer of proof that we can find a > way to do this safely *BEFORE* having the IETF invest time and > resources in the work. I don't expect a fully fleshed out solution, > but I haven't seen even a hint that anyone knows how to mitigate the > risks. I see your point. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace