[Cryptography] Smart electricity meters can be dangerously insecure, warns expert

Stephen Farrell stephen.farrell at cs.tcd.ie
Thu Jan 5 06:53:49 EST 2017


Peter,

On 05/01/17 02:17, Peter Gutmann wrote:
> no-one who just cares about a straightforward secure
> pipe from A to B with a design spec with a 10-20 year lifetime that fits in
> with existing deployed devices.

That's a really unfair characterisation and there is
no way in which you can somehow know what all of the
hundreds of people who read or participate on the TLS
list actually care about.

Your criticism that TLS and HTTP evolution may be too
influenced by the web has some merit, but you destroy
your own argument by including the nonsense above.

There are cases when your exaggeration and hyperbole
work just fine but in the above (and in your recent
"it's all djb crypto" postings), you're IMO wandering
too far from describing reality, and in ways that could
be damaging (hence this mail).

There are non-trivial issues to consider in terms of the
device and network capabilities that are needed to make
use of TLS and what to do when one cannot (e.g. see the
ongoing group-key discussion in the IETF's ACE working
group). The way to influence the handling of those is
to participate (as you do Peter) and not to discourage
participation via the kind of silly slur quoted above.

S.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3840 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170105/b660063c/attachment.bin>


More information about the cryptography mailing list