[Cryptography] Long-term security (was Re: ratcheting DH strengths over time)

Ray Dillinger bear at sonic.net
Wed Nov 18 15:13:36 EST 2015 


On 11/18/2015 12:12 AM, Ron Garret wrote:

>> All of these IoT devices need dead-man switches to assure that
>> their software does in fact get updated occasionally as the
>> security issues get worked out.
> 
> You can’t be serious.  Forcing people to update their software on pain of having their devices stop working basically puts the ultimate power in the hands of the device vendors.  

Which is different from blindly trusting them in the
first place when you buy the brand-new target you're
painting on your chest, how?

I *know* expiry a bad idea - I'm mooting it mainly
because people are talking about auto-updates and there
is ABSOLUTELY NO OTHER WAY you're ever going to get auto-
updates in place. Therefore that idea is just as bad as
this one because it ENTAILS this one.  In fact expiry is
probably a less-bad idea, from the consumer POV, than
buying IoT devices in the first place.

There are no Internet-of-Targets devices in my home,
specifically because no vendor is accepting legal and
financial liability for the long-term security of their
devices.

No Trust = No Sale.

But that's me.  Most consumers are following them like
sheep to the slaughter.

Homer Husband and Harriet Housewife do not understand the
need for software updates and WILL NOT GET THEM.  They
didn't buy a computer, they bought a frikkin water heater.
NOT hooking it up to the Internet where the stupid auto-
update idea could work, is probably the best security
they are likely to get.  But even that won't work if some
yahoo can exploit it via its even-stupider-to-have-
installed wireless interface.

The fact that if they don't patch a vulnerability someone
can now use their water heater to plant viruses on their
computer is nonsensical to them.  They not only have no
idea why these systems should be related, odds are that
they have no idea THAT these systems are related.  They
will ignore everything that it is possible to ignore.  The
*only* way to get their attention on the fact that updates
are needed, is with an expiry.

If you're serious about updating IoT devices, then
devices that are not getting updates must somehow call
attention to themselves ("Huh?  Our water heater can send
us messages?!")  And then educate them, at least a little
bit, about what they have to do ("Our water heater says
it's going to stop working next month if we don't get
this little dime-size thingie attached to the thermostat
replaced with a new one.  I guess the hardware store has
those?")

IMO, the Internet-of-Targets is a bad idea in the first
place.  There is NO way my thermostat or my refrigerator
has any business talking to the Internet or listening to
the Internet.  If I want or need adaptive learning software
to set the optimum temperatures, save electricity, or
remind me I need to buy cheese, I'm happy to run that
software locally on a machine that has absolutely no
bridge to the Internet-at-large and absolutely no
relationship with any particular vendor of cheese.


				Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151118/a0498da6/attachment.sig>

More information about the cryptography mailing list