OK, here's a reformulation that takes a somewhat stronger position (mainly by checking the other box, and adding the paragraph at the end).
-David
[X] opposes this Charter and requests that this group not be
created [Formal Objection] (your details below).
We're concerned enough about the security and privacy aspects of
this charter and the associated work that we believe this effort is
not currently ready to begin development on the Recommendation
track.
We have a number of concerns about the security aspects of this
work. It's not clear how exposing vehicle information through
WebSockets will work in a secure way. Will connections to parts of
the car be exposed to the Internet? If not, how will access be
limited to allowed clients? How will integration with the DNS-based
CA system and with the same origin policy be handled? The proposals
to use fixed hostnames don't appear workable, since they don't
establish unique identities for which certificates can be issued.
Similarly, it's not clear how the V2X server described verifies that
the connection it receives is from a vehicle with the VIN that the
client claims to have. Security is critical, as security
vulnerabilities in systems within cars have already led to serious
safety problems; see http://www.autosec.org/publications.html .
It seems that privacy needs to be a core aspect of this working
group, given the level of private data involved in this space, and
given deeper consideration from the beginning than a note that the
working group will secure reviews from the Privacy Interest Group.
It's also not OK to use a new GTLD (as this proposes using wwwivi);
see https://tools.ietf.org/html/rfc6761 .
These concerns are apparent after only a brief review. Given that,
we believe that the best path forward in this area is for the
community to take some time to consider security and privacy more
carefully, and come back later with a charter that reflects that
consideration.
--
π L. David Baron http://dbaron.org/ π
π’ Mozilla https://www.mozilla.org/ π
Before I built a wall I'd ask to know
What I was walling in or walling out,
And to whom I was like to give offense.
- Robert Frost, Mending Wall (1914)
signature.asc
Description: PGP signature
_______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
