On 4/12/17 6:00 AM, Patrik Fältström wrote:
I think too many people do look at using regulation and what not to get this right. That might help but look at the issues wth the CE mark for electric gear. That is hard enough, and is something people KNOW they should look for, and is a REQUIREMENT all over the place. And we still have fake stuff.
The first thing people counterfeit is the CE mark...
I think we need in the case of IoT much more clearly:
A. Tools and software packages that are correct, that do the right thing, so that whoever want to do an internet connected toothbrush can do so by downloading the right software. There are very very few packages that everyone uses (OpenWRT, DNSMasq, Curl etc) and I am still waiting EU Commission and similar organisations put in serious money to have those packages, open source, do the right thing.
B. An agreement from manufacturers that their gear are to do the right thing. Like a gentlemans agreement. Will not help at all, but still a good thing. Enable and make it easy for companies to be signatories of things like MANRS. ISOC?
I think we could do this. I think it would be a good idea. But it cannot be onerous to manufacturers, onerous being, of course, in the eye of the beholder. To me that means, by the way, using only the code you need, maintaining it through updates, advertising the support lifetime of the device, providing for secure onboarding, and explaining how the device is supposed to behave on the network.
C. Make it much more clear in the various pan european legislations that an ISP do have the ability to cut off customers from which bad packets come from. Today ISPs should forward packets but also protect the network (handwaving, handwaving). I do not see ISPs be afraid of cutting customers off, and the main reason for not doing it has to do with increased support cost (why would an ISP invest money in helping a customer they already do not make money on configuring their toothbrush correctly?).
That's why I asked my first question as I did: what can ISPs do to facilitate the RIGHT thing happening? Cutting people off is the most extreme form of answer. Surely there is more that can be done before that point. Eliot