[192352] in North American Network Operators' Group
Re: Spitballing IoT Security
daemon@ATHENA.MIT.EDU (Mel Beckman)
Wed Oct 26 15:56:43 2016
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: "esr@thyrsus.com" <esr@thyrsus.com>
Date: Wed, 26 Oct 2016 19:56:34 +0000
In-Reply-To: <20161026194040.GA16649@thyrsus.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>, Rich Kulawiec <rsk@gsp.org>
Errors-To: nanog-bounces@nanog.org
Why does everyone think the Master Plan for World Domination has to be Evil=
? :)
-mel beckman
> On Oct 26, 2016, at 12:40 PM, Eric S. Raymond <esr@thyrsus.com> wrote:
>=20
> Mel Beckman <mel@beckman.org>:
>> I also really like the idea of offering open source options to vendors, =
many of whom seem to illegally take that privilege anyway. A key fast-path =
component, though, is in my opinion a new RFC for IoT security best practic=
es, and probably some revisions to UPNP.=20
>>=20
>> The IoT RFC would spell out basic rules for safe devices: no back doors,=
no default passwords, no gratuitous inbound connections, etc. It would als=
o make encryption a requirement, and limit how existing UPNP is deployed to=
prevent unnecessarily exposing vulnerable TCP/UDP ports to the wild. With =
this RFC in hand, and an appropriate splashy icon for vendor packaging (=93=
RFC 9999 ThingSafe!=94), vendors will have a competitive reason for complia=
nce as a market differentiator, whether they deploy with open-source or pro=
prietary code.
>=20
> That is a good idea and I am officially adopting it as part of the Evil
> Master Plan for World Domination. :-)
>=20
> I may recruit you to help draft the RFC.
> --=20
> <a href=3D"http://www.catb.org/~esr/">Eric S. Raymond</a>
