W3C home > Mailing lists > Public > public-web-bluetooth-log@w3.org > August 2016

Re: [web-bluetooth] What is a secure Device Firmware Update Service?

From: Gordon Williams via GitHub <sysbot+gh@w3.org>
Date: Mon, 01 Aug 2016 10:06:00 +0000
To: public-web-bluetooth-log@w3.org
Message-ID: <issue_comment.created-236540931-1470045958-sysbot+gh@w3.org>
Just IMO, I feel like it's not such a big deal in cases where the user
 has to do something physical with the device to initiate flashing 
(eg. holding down a button while inserting the battery). Obviously if 
flashing can be initiated via Web Bluetooth it's a major security 
issue (but then it is on all platforms).

As someone doing an Open Source (hardware and software) product I'm 
stuck in a difficult position... To implement firmware update in a way
 that won't be blocked I've actually got to lock my users out of their
 own devices... They'll no longer be able to compile their own 
firmware, as I obviously can't share the private key.

Do you see any way around this?

-- 
GitHub Notification of comment by gfwilliams
Please view or discuss this issue at 
https://github.com/WebBluetoothCG/web-bluetooth/issues/258#issuecomment-236540931
 using your GitHub account
Received on Monday, 1 August 2016 10:06:07 UTC

This archive was generated by hypermail 2.3.1 : Monday, 1 August 2016 10:06:08 UTC