W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2014

Re: "Secure Introduction of Internet-Connected Things" (was Re: [webappsec] Agenda for MONDAY Teleconference 2014-10-20, 12:00 PDT)

From: Chris Palmer <palmer@google.com>
Date: Tue, 21 Oct 2014 16:06:11 -0700
Message-ID: <CAOuvq23JHWNyAw6n24+ZrJirndxQ9+LH268bvS4MRtWbWAVrXA@mail.gmail.com>
To: Ángel González <angel@16bits.net>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Tue, Oct 21, 2014 at 3:57 PM, Ángel González <angel@16bits.net> wrote:

>> On the bright side, it’s very good that the machine generates a fresh
>> key every time you re-enable HTTPS: That means that the key is not
>> static, or identical on all the routers of the same make or model.

> That still doesn't mean there won't be duplicate keys. It is hard for a
> device to have good entropy after a reset. [1] Did you try resetting it
> a few times and comparing the generated keys?

I know. No, I did not check; I was only concerned that the key was not
hard-coded. Given the many problems with Linux' CRNG, especially but
not only a device like that, I didn't bother checking any further.

>> if a device is only marketable if its price point is so low that it
>> cannot be secure, perhaps it should disable itself after some
>> reasonable life-time
>>
> -1
>
> Users will perceive it as planned obsolescence for business reasons, and
> I wouldn't be surprised if producers treated it like that, too.

Otherwise it's planned unsafety.

Perhaps vendors could open source their abandonware. Even then,
though, most fielded devices would still be unsafe.
Received on Tuesday, 21 October 2014 23:06:38 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC