On 11/4/16, 8:11 AM, "homenet on behalf of JORDI PALET MARTINEZ"
<homenet-boun...@ietf.org on behalf of jordi.pa...@consulintel.es> wrote:
>I guess the problem is that this document is NOT targeted to CPEs:
>
> In principle these requirements apply to all hosts that connect to
> the Internet, but this list of requirements is specifically
> targeted at devices that are constrained in their capabilities,
> more than general-purpose programmable hosts (PCs, servers,
> laptops, tablets, etc.), routers, middleboxes, etc. While this is
> a fuzzy boundary, it reflects the current understanding of IoT. A
> more detailed treatment of some of the constraints of IoT devices
> can be found in [RFC7228].
>
>Not sure if we want a separate document, as it seems to me that the
>requirements are very close or we may need to reword a bit the text above to
>make it more clear, etc.
We already have a separate document: https://tools.ietf.org/html/rfc7084 "IPv6
CE Router Requirements"
It says CPE router SHOULD support 6rd and SHOULD support DS-Lite.
Lee
>
>Also is BCP the way if we want authorities to mandate it?
>
>Saludos,
>Jordi
>
>
>-----Mensaje original-----
>De: homenet <homenet-boun...@ietf.org> en nombre de Tim Chown
><tim.ch...@jisc.ac.uk>
>Responder a: <tim.ch...@jisc.ac.uk>
>Fecha: viernes, 4 de noviembre de 2016, 12:43
>Para: "homenet@ietf.org" <homenet@ietf.org>
>CC: "hannes.tschofe...@gmx.net" <hannes.tschofe...@gmx.net>, Keith Moore
><mo...@network-heretics.com>, "rbar...@mozilla.com" <rbar...@mozilla.com>
>Asunto: Re: [homenet] write up of time without clocks
>
>
>
>
> Hi,
>
>
> On 4 Nov 2016, at 08:34, JORDI PALET MARTINEZ <jordi.pa...@consulintel.es>
> wrote:
>
> Exactly. Same as we have regulations like UL, FCC, EC, etc., the same
> certifications must care about a minimum set of security, upgradeability,
> etc., features.
>
> So the extra cost for the vendors is almost cero if we are talking about
> the same certifications entities, just new test added to the actual sets.
>
> If you don’t comply the certification, your products will not be accepted
> in customs from a very high number of countries, so you will be somehow
> forced to follow them.
>
> The question here, is homenet the right venue for creating those minimum
> requirements?
>
>
>
>
>
>
> Perhaps contribute to draft-moore-iot-security-bcp-00?
>
>
> See https://tools.ietf.org/html/draft-moore-iot-security-bcp-00
>
>
> This was submitted at the Seoul deadline. Authors copied.
>
>
> Tim
>
>
>
> Regards,
> Jordi
>
>
> -----Mensaje original-----
> De: homenet <homenet-boun...@ietf.org> en nombre de "STARK, BARBARA H"
> <bs7...@att.com>
> Responder a: <bs7...@att.com>
> Fecha: jueves, 3 de noviembre de 2016, 21:19
> Para: Markus Stenberg <markus.stenb...@iki.fi>, Brian E Carpenter
> <brian.e.carpen...@gmail.com>
> CC: Philip Homburg <pch-homene...@u-1.phicoh.com>, "homenet@ietf.org"
> <homenet@ietf.org>, Juliusz Chroboczek
> <j...@pps.univ-paris-diderot.fr>
> Asunto: Re: [homenet] write up of time without clocks
>
>
> Yes, I agree it's possible to do better, but what's the incentive for
> a bottom-feeding vendor of cheap devices to bother?
>
>
>
> I hate to say this, but how about legal solutions?
>
>
>
> My reading of the tea leaves: either the industry creates its own
> certification plan, or the regulators will do it for us.
> Here is a data point:
>
> https://www.euractiv.com/section/innovation-industry/news/commission-plans-cybersecurity-rules-for-internet-connected-machines/
> In the US, both the FCC and FTC are showing keen interest.
> I'd rather the industry get there first.
> And, BTW, it's also been suggested that devices list their "end of
> life" date when they're sold. After which no updates may be provided. And
> remotely-triggered "kill switch" may be used if a bad vulnerability is
> discovered after that date.
>
> Another recommendation is default passwords be unique per device, and
> not easily determined from MAC address, firmware revision, etc., and be
> changeable.
>
> That is, it's not just about upgradability. It is also passwords,
> encryption, and messaging/promises/guarantees that are made.
> Just like cars now have seatbelts, front and side airbags, crumple
> zones, and lemon laws.
> There are a number of industry whitepapers coming out on this topic,
> and conferences/meetings being held. It's all the rage right now.
>
>
> Barbara
> _______________________________________________
> homenet mailing list
> homenet@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet
>
>
>
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.consulintel.es
> The IPv6 Company
>
> This electronic message contains information which may be privileged or
> confidential. The information is intended to be for the use of the
> individual(s) named above. If you are not the intended recipient be aware
> that any disclosure, copying, distribution or
> use of the contents of this information, including attached files, is
> prohibited.
>
>
>
> _______________________________________________
> homenet mailing list
> homenet@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet
>
>
>
>
>
>
>
>
>
> _______________________________________________
> homenet mailing list
> homenet@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet
>
>
>
>
>**********************************************
>IPv4 is over
>Are you ready for the new Internet ?
>http://www.consulintel.es
>The IPv6 Company
>
>This electronic message contains information which may be privileged or
>confidential. The information is intended to be for the use of the
>individual(s) named above. If you are not the intended recipient be aware that
>any disclosure, copying, distribution or use of the contents of this
>information, including attached files, is prohibited.
>
>
>
>_______________________________________________
>homenet mailing list
>homenet@ietf.org
>https://www.ietf.org/mailman/listinfo/homenet
_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet