[Cryptography] Fwd: OPENSSL FREAK
Bill Frantz
frantz at pwpconsult.com
Tue Apr 7 20:46:39 EDT 2015
On 4/7/15 at 3:50 PM, dan at geer.org wrote:
>Perhaps what is needed is a way to reach out and upgrade the endpoints
>when the time of necessity comes. But today, or real soon now,
>most of the places needing a remote management interface through
>which you can remotely upgrade the endpoints are embedded hardware.
>So let me ask a question, should or should not an embedded system
>be required to have a remote management interface?
There are a number of fairly inexpensive microprocessor chips
which can implement remote management.
The ATmega48 series processors used in the Arduino have writable
flash memory for their programs. They are available in quantity
one at between $3.00 and $5.00, with more capable ones going up
to $20.00 or so. These might make a nice Internet interface
device which talks to smaller embedded systems over local radio
links and protects them from the rest of the Internet.
However, in the drive to minimum cost, I expect that all these
niceties will go by the wayside and we'll have to go with a
throw them out approach. The resulting planned obsolescence may
appeal to the manufacturers, particularly if they can point to a
"best practices" or law that makes them do it, so a drop dead on
<date> may be adoptable.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | Security is like Government | Periwinkle
(408)356-8506 | services. The market doesn't | 16345
Englewood Ave
www.pwpconsult.com | want to pay for them. | Los Gatos,
CA 95032
More information about the cryptography
mailing list