W3C home > Mailing lists > Public > public-automotive@w3.org > September 2016

Re: [Minutes] Auto WG 2016-09-06

From: Song Li <ls@newskysecurity.com>
Date: Wed, 7 Sep 2016 07:06:27 -0700
Message-ID: <CAJmxCGBYWwzYKb_=L-4q-+nAfW-fz+7Qd+-Y5Y1mf1N4otc2=Q@mail.gmail.com>
To: T Guild <ted@w3.org>
Cc: public-automotive <public-automotive@w3.org>, Jeremiah Foster <jeremiah.foster@pelagicore.com>
Hi Ted,

Thanks for the article, very insightful and I'm glad that the most
important aspects of vehicle security are listed. Also thanks for
introducing Jeremiah, nice to e-meet you, Jeremiah.

Unfortunately I have another travel plan that's overlapping with the Ann
Arbor meeting, I'd love to provide my input remotely if that's possible,
or, as you said, continue the conversation during other meetings.


Regards

Song Li

Co-founder and CTO
NewSky Security <https://newskysecurity.com>


On Wed, Sep 7, 2016 at 5:45 AM, Ted Guild <ted@w3.org> wrote:

> On Tue, 2016-09-06 at 18:39 -0700, Song Li wrote:
> > I missed the security part of the discussion - I would suggest we
> > include certificate management in our security model. It should cover
> > (but not limited to):
> > How to create certificates
> > How to deploy certificates to in-vehicle servers
> > How developers authenticate the server via certificates
> > How to revoke and renew certificates
>
> Hi Song,
>
> I had given some thought on an app market eco-system that would go
> beyond what we're standardizing and started an article, never published
> and still drafty, that starts to touch on certs. You'll probably
> recognize some bits from a phone call we had some time ago.
>
> https://www.w3.org/2016/04/guidelines-article.html
>
> The purpose of the article is to give background to those not familiar
> with this space and to try to attract more experts to work on privacy
> and security guidelines. I am not seeing the level of cooperation yet
> among OEM/Tier 1s nor with 3rd party developers that would be necessary
> for such marketplaces.
>
> Certs, app package management, OS privilege management etc is elsewhere
> in the stack than web layer. With Genivi Security Expert Group being
> restarted and their interest in working with us we should explore these
> area which is why I added Jeremiah to the Cc.
>
> Steve Crumb had asked for someone from W3C to attend a "Standards
> Integration Workshop (End to End Security)" meeting in Ann Arbor on 5
> October. I will not be able to attend and have been unsuccessful so far
> in finding a W3C colleague to attend. It is too far for someone from
> Asia or Europe to go for a half day meeting. I believe our Chairs also
> expressed regrets. I should have thought to ask if you could go. If not
> I suspect there be some sort of report and opportunity during Genivi
> AMM to get swapped in and continue the conversation.
>
> --
> Ted Guild <ted@w3.org>
> W3C Systems Team
> http://www.w3.org
>
>
Received on Wednesday, 7 September 2016 14:06:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:06:00 UTC