[Cryptography] Long-term security (was Re: ratcheting DH strengths over time)

Ron Garret ron at flownet.com
Thu Nov 19 03:32:58 EST 2015


On Nov 18, 2015, at 12:13 PM, Ray Dillinger <bear at sonic.net> wrote:

> On 11/18/2015 12:12 AM, Ron Garret wrote:
> 
>>> All of these IoT devices need dead-man switches to assure that
>>> their software does in fact get updated occasionally as the
>>> security issues get worked out.
>> 
>> You can’t be serious.  Forcing people to update their software on pain of having their devices stop working basically puts the ultimate power in the hands of the device vendors.
> 
> Which is different from blindly trusting them in the
> first place when you buy the brand-new target you're
> painting on your chest, how?

Because when I buy, I at least have the option of *trying* to ascertain exactly what it is that I’m buying and choosing not to buy if I don’t like what I find.  Forced update robs me of that option.

> I *know* expiry a bad idea - I'm mooting it mainly
> because people are talking about auto-updates and there
> is ABSOLUTELY NO OTHER WAY you're ever going to get auto-
> updates in place.

Auto update and forced update are not the same thing.  I’m all for auto-update as an option, maybe even the default option.  But I think it is crucial to retain the ability to opt out without bricking your device. That’s the only leverage consumers have against vendor abuse after purchase because, as you yourself presciently observe:

> no vendor is accepting legal and
> financial liability for the long-term security of their
> devices.

[snip]

> If you're serious about updating IoT devices, then
> devices that are not getting updates must somehow call
> attention to themselves

Yes, of course.  But ceasing to operate altogether is a rather heavy-handed way of delivering a notification.

> IMO, the Internet-of-Targets is a bad idea in the first place.

Amen to that.  (What *is* the matter with kids today?)

rg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151119/665a04d5/attachment.sig>


More information about the cryptography mailing list