Ok, I see four basic requirements here: 1) IoT device should receive regular security updates 2) security status of the device should be manageable (get patchlevel, update OTA) for every active device 3) updates should be digitally signed (unless user is allowed to bypass this restriction under certain conditions) 4) the "non IoT" counterpart of the infrastructure, whatever it be, including development and release process, should be reasonably protected. Did I miss anything? On Thu, Nov 30, 2017 at 01:21:43PM +0000, Jim Reid wrote:
On 29 Nov 2017, at 20:46, Taras Heichenko <tasic@hostmaster.ua> wrote:
On Nov 29, 2017, at 22:23, Alex Smirnoff <ark@eltex.net> wrote:
Count me in, though I have just a single idea: make sure updates are available in a timely manner.
Besides availability of updates there also should be easy and clear way to update any device.
OK Taras and Alex - thanks. Would you like to develop your ideas further? Perhaps this could be worked up and then turned into a RIPE document by the WG?