On 7/21/16 3:48 PM, Michael StJohns wrote: > Without unique source identification (and for that matter role > identification either inband or implicit) any compromised device > results in your attacker being able to act as a controller for the > group. Again, not a large problem (but a problem nonetheless) for a > small group of lights inside an office behind locked doors. But a very > large problem for a system that's possibly controlling 100 or 1000 > lights in a group.
+1, and I'm not even sure if it's not a problem for a small group of lights behind locked doors if wireless is involved. > > As I said at the microphone, if I thought you could just do this as > the "ACE protocol for group control of lights" and keep people from > using it for other things I'd be a lot less concerned (but still > there's the whole threat of turning off all the lights in a building > all at once). But the reality is this protocol will be used for > control of things beyond lights and it would be irresponsible to > standardize a protocol with a real possibility for direct real-world > negative impacts on safety and health. > Yes, but I would go further and say that network owners ask two questions: 1. What is this Thing? 2. And what access does it require/not want? Absent device identity they cannot answer the 2nd question. This is as important for lighting as for any other application, because it is how a network will distinguish what those applications are. > > The way to solve this for a general involves public key cryptography - > that's just how the security and physics and math work out. > Yes. And as I believe has also been discussed, use of PSK seems to cause us to muddle the authentication and authorization aspects of OAUTH, for instance. Eliot
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
