Hi Peter, I think I am in the “other security faux pas” area :) Knowing a device is already compromised or a very likely candidate to be compromised can have a number of implications ranging from compromised privacy for the users of the device or the users/devices behind the device to potential serious damage to others, including elements of the Internet infrastructure. Whereas of course parts of Eliot’s points can expand into things like encryption of transport and data storage and the ability for devices to generate or collect data in the first place. What you end up with in the end is something that is deemed “unsafe” from a consumers point of view. With the likelihood of the provider being more knowledgeable about what is safe/unsafe than the average user, would you whether ex-post or ex-ante be able to willing to take measures to protect that customer from (self inflicted) harm and what could be the extend to of these measures? As a more Internet related example, many ISPs by default block outbound mail connections to other than their own outgoing mail servers. I also know a number who still have basic filters on SQL ports to curtail things like slammer or direct connections to poorly maintained databases. Could or would you extend this to the broader landscape of IoT? Groet, MarcoH
On 10 Apr 2017, at 13:48, Peter Koch <pk@DENIC.DE> wrote:
Gents,
I read two different issues, where Eliot mentioned "invasions of privacy" where Marco points to the "solution du jour" of ex-ante regulation of access of devices. Both topics are, in the end, connected, but also have different sets of stakeholders involved. If the two of you could elaborate a bit further, please ...
-Peter
_______________________________________________ iot-discussion mailing list iot-discussion@ripe.net https://lists.ripe.net/mailman/listinfo/iot-discussion