On 2012-03-28 11:58, Dmitry Anipko wrote:
> As someone who works for a host software vendor, I'd like to add couple of
> points. I agree with Mark that in general the security topic is wider than
> only filtering on the borders of the realms of the traffic destined to hosts,
> and I support the efforts to figure out the right set of knobs for the
> former. That said, for the latter, I'd like to see something along the below
> lines in the requirements
> (some of which may already be in the text in some form, putting it here just
> for fluency of this piece of the story).
>
> 1. Homenet hosts MUST implement their own security policies in accordance to
> their computing capabilities.
I think we know from some famous cases that SCADA systems are highly
insecure, mainly due to following this principle (translated as
"security is too hard and this device will always be on a private
network anyway"). I'm a bit nervous that this policy will encourage
low-end device designers to classify their devices as not having
enough resource to deal with security.
Brian
_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet
