W3C home > Mailing lists > Public > public-web-bluetooth-log@w3.org > August 2016

Re: [web-bluetooth] What is a secure Device Firmware Update Service?

From: Gordon Williams via GitHub <sysbot+gh@w3.org>
Date: Mon, 01 Aug 2016 10:06:00 +0000
To: public-web-bluetooth-log@w3.org
Message-ID: <issue_comment.created-236540931-1470045958-sysbot+gh@w3.org>
Just IMO, I feel like it's not such a big deal in cases where the user
 has to do something physical with the device to initiate flashing 
(eg. holding down a button while inserting the battery). Obviously if 
flashing can be initiated via Web Bluetooth it's a major security 
issue (but then it is on all platforms).

As someone doing an Open Source (hardware and software) product I'm 
stuck in a difficult position... To implement firmware update in a way
 that won't be blocked I've actually got to lock my users out of their
 own devices... They'll no longer be able to compile their own 
firmware, as I obviously can't share the private key.

Do you see any way around this?

GitHub Notification of comment by gfwilliams
Please view or discuss this issue at 
 using your GitHub account
Received on Monday, 1 August 2016 10:06:07 UTC

This archive was generated by hypermail 2.3.1 : Monday, 1 August 2016 10:06:08 UTC