[Cryptography] Fwd: OPENSSL FREAK
Tom Mitchell
mitch at niftyegg.com
Mon Apr 6 22:17:56 EDT 2015
On Mon, Apr 6, 2015 at 3:08 PM, Ray Dillinger <bear at sonic.net> wrote:
>
> On 04/06/2015 11:55 AM, Bill Frantz wrote:
>
> > I think there may be useful application areas where there are good
> > answers to these questions. The IoT seems a likely place. However, I
> > still think the option of regular software upgrades is probably a better
> > option for most uses.
>
> Yes, the Internet of Things as it's being called is scary as hell
> because you know that software will not be updated in any organized
> way - especially when the company that sold the "thing" is out of
> business or loses a patent lawsuit or something.
>
This is important.
It opens the door to: what if my thing cannot be updated?
It opens the next door to: what if I do not know my thing needs an update?
It opens another door to: what does an update cost?
I think there is a strong need for better firewalls and better home routers.
As much as I like the electronics of my current home devices the management
tools and firewall abilities are seriously lacking.
My latest laptop purchase ended up with some badware because I needed some
tool to install a compiler and other package that I wanted on it.
This illuminates two gaps... a) protect and isolate. b) sufficiently rich
vendor based
distributions to not need basic tools.
Firewalls could channel IOT devices to a VPN or other crypto based service.
OS vendors could champion crypto based software signature and package
services.
If nothing else tracking the bits back to the bad boys would be easy
(easier).
OS vendors could build high crypto quality hash based assurance
file and attribute based system services into their system design.
The secure bootstrap tools we are seeing now could help or hinder
competition...
Their ability to protect is untested... or unclear.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150406/0f784dfa/attachment.html>
More information about the cryptography
mailing list