Ø But I don't think we can tell endpoints that they are on their own unless they get the right hardware or they comply with the ACE-OAuth model, or DOXS.
[This is probably an issue unrelated to EST topic but worthwhile to talk about nevertheless.] How do you expect companies to come up with reasonable IoT security? Our (Arm) thinking was that working on building blocks that are then combined in complete IoT device management solutions (like LwM2M) and supplemented with security guidance that includes the implementation (software & hardware), as we do it with the Platform Security Architecture (see https://developer.arm.com/products/architecture/platform-security-architecture), is the only way to improve IoT security. If you just dump ideas and protocols with lots of options to OEMs and let them figure out the security story themselves then guess what the outcome will be. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
