[Cryptography] "push within the entire IT industry to, make everything "Web-centric"

Ron Garret ron at flownet.com
Wed Oct 20 15:41:40 EDT 2021 

On Oct 17, 2021, at 12:37 PM, Ray Dillinger <bear at sonic.net> wrote:

> 
> 
> On 10/6/21 8:35 PM, Robert Wilson via cryptography wrote:
>> 
>> For there to be a marketing advantage to a garage door opener
>> connecting to the internet somehow, it seems to me that the choice
>> between one that does and one that does not has to be visible to the
>> prospective purchaser. Adding it as just something this manufacturer's
>> opener has doesn't pull me toward buying that model/brand without
>> that. I was never offered such a choice, and was not even told in
>> advance that my new opener would have that feature so that I could say
>> "wait, what does that add to the cost".
>> 
>> Bob W.
> 
> 
> At the risk of asking a dumb question, do we suppose there might be a
> market for "privacy appliances" or "secure appliances" which are 'smart'
> insofar as onboard intelligence can make them, but guaranteed not to
> send or receive messages over any computer networks in any way under any
> circumstances?

That’s not a dumb question, but it is the wrong question.  Suppose there were such a market.  How would you enforce this guarantee?  For example:

> A tablet for reading books, can be used for .... reading books, full stop.

How are you going to get the books onto the tablet without connecting to the internet?  And if you allow it to connect to the internet, how are you going to ensure that all it does with that connection is download books?

It is the impossibility of enforcing such a guarantee that causes a market for such things not to exist.  Even if enough people wanted such a thing to make it economically viable, it would cost more to reliably distinguish the secure devices from the snake oil than to produce the secure devices.  And note that it is not enough to audit the devices when they are produced (though even that by itself would probably be a show-stopper).  You would have to monitor them *continuously* because zero-days are everywhere.  They can even be inserted stealthily into hardware nowadays.

rg

More information about the cryptography mailing list