[Cryptography] Long-term security (was Re: ratcheting DH strengths over time)

[Ron Garret]

On Nov 17, 2015, at 5:38 PM, Ray Dillinger <bear at sonic.net> wrote:

> On 11/17/2015 05:52 AM, Perry E. Metzger wrote:
> 
>> Fully automated patching seems like the only solution there (at least
>> by default unless you configure it not to), but given the price
>> pressures and the lack of consumer demand, it seems unlikely that the
>> average vendor will do that.
> 
> The real problem is that people want to build all this stuff
> without a self-destruct timer. Things that don't wear out, get
> folded into infrastructure and forgotten rather than becoming
> a routine part of infrastructure maintenance.
> 
> All of these IoT devices need dead-man switches to assure that
> their software does in fact get updated occasionally as the
> security issues get worked out.

You can’t be serious.  Forcing people to update their software on pain of having their devices stop working basically puts the ultimate power in the hands of the device vendors.  How do you know if the update they can now force you to adopt is really more secure than the version you are running now?  Maybe between when you bought the device and when they force-updated it they made a secret deal with the NSA to install a back door.  I don’t see how giving this power to the device vendor is any better than giving it to the government.  (And given the way society is progressing, these two things are becoming increasingly difficult to distinguish from one another.)

rg