Mel Beckman <m...@beckman.org>:
> I also really like the idea of offering open source options to vendors, many
> of whom seem to illegally take that privilege anyway. A key fast-path
> component, though, is in my opinion a new RFC for IoT security best
> practices, and probably some revisions to UPNP.
>
> The IoT RFC would spell out basic rules for safe devices: no back doors, no
> default passwords, no gratuitous inbound connections, etc. It would also make
> encryption a requirement, and limit how existing UPNP is deployed to prevent
> unnecessarily exposing vulnerable TCP/UDP ports to the wild. With this RFC in
> hand, and an appropriate splashy icon for vendor packaging (“RFC 9999
> ThingSafe!”), vendors will have a competitive reason for compliance as a
> market differentiator, whether they deploy with open-source or proprietary
> code.
That is a good idea and I am officially adopting it as part of the Evil
Master Plan for World Domination. :-)
I may recruit you to help draft the RFC.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
