OK, here's a reformulation that takes a somewhat stronger position (mainly by checking the other box, and adding the paragraph at the end).
-David [X] opposes this Charter and requests that this group not be created [Formal Objection] (your details below). We're concerned enough about the security and privacy aspects of this charter and the associated work that we believe this effort is not currently ready to begin development on the Recommendation track. We have a number of concerns about the security aspects of this work. It's not clear how exposing vehicle information through WebSockets will work in a secure way. Will connections to parts of the car be exposed to the Internet? If not, how will access be limited to allowed clients? How will integration with the DNS-based CA system and with the same origin policy be handled? The proposals to use fixed hostnames don't appear workable, since they don't establish unique identities for which certificates can be issued. Similarly, it's not clear how the V2X server described verifies that the connection it receives is from a vehicle with the VIN that the client claims to have. Security is critical, as security vulnerabilities in systems within cars have already led to serious safety problems; see http://www.autosec.org/publications.html . It seems that privacy needs to be a core aspect of this working group, given the level of private data involved in this space, and given deeper consideration from the beginning than a note that the working group will secure reviews from the Privacy Interest Group. It's also not OK to use a new GTLD (as this proposes using wwwivi); see https://tools.ietf.org/html/rfc6761 . These concerns are apparent after only a brief review. Given that, we believe that the best path forward in this area is for the community to take some time to consider security and privacy more carefully, and come back later with a charter that reflects that consideration. -- π L. David Baron http://dbaron.org/ π π’ Mozilla https://www.mozilla.org/ π Before I built a wall I'd ask to know What I was walling in or walling out, And to whom I was like to give offense. - Robert Frost, Mending Wall (1914)
signature.asc
Description: PGP signature
_______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform