On 20 Jan 2020, at 8:45, Eliot Lear (elear) wrote:
Hi Lars,
A fundamental question to ask is whether which IoT uses QUIC is
appropriate for and which ones it is not. For example, obscuring port
information on an industrial device – not to mention encrypting
communications – might actually cause more harm than good if the
result is an inability to audit industrial automation behavior. As
in: why did that signal turn green that caused two trains to collide?
It would be helpful to distinguish auditing from surveillance. It’s ok
for auditing to require the cooperation of the audited entities. That
cooperation could, for example, involve the controlled sharing of keys.
Eliot does raise a good point, in that auditing may be very hard if keys
and cypher suites with PFS are chosen.
Be careful what you wish for. You may not like the results.
Eliot
On 20 Jan 2020, at 09:24, Lars Eggert <[email protected]> wrote:
Signed PGP part
Hi,
I wrote up my experiences of getting QUIC to run on some IoT boards
for the NDSS DISS workshop. Feedback welcome!
Towards Securing the Internet of Things with QUIC. Lars Eggert. Proc.
NDSS Workshop on Decentralized IoT Systems and Security (DISS), San
Diego, CA, USA, February 23, 2020.
https://eggert.org/papers/2020-ndss-quic-iot.pdf
Would be happy to chat about this more, possibly in Vancouver?
Thanks,
Lars
_______________________________________________
T2TRG mailing list
[email protected]
https://www.irtf.org/mailman/listinfo/t2trg
DaveO
_______________________________________________
Lwip mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lwip
