On Dec 1, 2017, at 12:03, Robert Kisteleki <robert@ripe.net> wrote:
On 2017-11-30 17:31, Alex Smirnoff wrote:
Ok, I see four basic requirements here: 1) IoT device should receive regular security updates 2) security status of the device should be manageable (get patchlevel, update OTA) for every active device 3) updates should be digitally signed (unless user is allowed to bypass this restriction under certain conditions) 4) the "non IoT" counterpart of the infrastructure, whatever it be, including development and release process, should be reasonably protected.
Did I miss anything?
I think it's useful to point to related work in the IETF circles (e.g. https://tools.ietf.org/html/draft-moore-iot-security-bcp-01) that has a much broader set of requirements with good explanations.
Good point. Of course we can try to do some kind of the same job. May be we will find something new but more possible we will just repeat the same. So what are aims of this wg? May be we will not repeat but collect what was done till now and look what can be done on this basis?
Cheers, Robert
_______________________________________________ iot-wg mailing list iot-wg@ripe.net https://lists.ripe.net/mailman/listinfo/iot-wg
-- Best regards Taras Heichenko tasic@hostmaster.ua