[192002] in North American Network Operators' Group
Re: IoT security, was Krebs on Security booted off Akamai network
daemon@ATHENA.MIT.EDU (John R. Levine)
Sun Oct 9 10:02:54 2016
X-Original-To: nanog@nanog.org
Date: 9 Oct 2016 10:02:50 -0400
From: "John R. Levine" <johnl@iecc.com>
To: "Florian Weimer" <fw@deneb.enyo.de>
In-Reply-To: <87r37phiqn.fsf@mid.deneb.enyo.de>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Sun, 9 Oct 2016, Florian Weimer wrote:
> If we want to make consumers to make informed decisions, they need to
> learn how things work up to a certain level. And then current
> technology already works.
I think it's fair to say that security through consumer education has been
a failure every time anyone has tried it. Why do you think this would be
any different?
> There is little interest in this, however. There's a comparable
> business case for providing managed PCs to consumers, and I'm not sure
> if any such companies are still left.
There's at least two large ones: Microsoft and Apple. Try installing
Windows 10 without letting Microsoft update and reconfigure the software
any time they want, any way they want.
Expecting consumers to evaluate the security behavior of their lightbulbs
and their refrigerator is absurd. We need to figure out how to have the
devices and routers configure themselves so the devices can do what they
need to do without doing what we really don't want them to do.
Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
