On Tuesday, September 06, 2016 04:40:30 pm Derek Atkins wrote: > Ben Laurie <b...@google.com> writes: > > An ARM is far too much hardware to throw at "read sensor/munge data/send > > data". > > > > The question is not "how much hardware?" but "price?" - with ARMs > > including h > > /w AES coming in at $2 for a single unit, its hard to explain why you\d want > > to use a less powerful CPU... > > Because this is a light bulb that sells for $6-10. Adding $2 to the price > is just completely unreasonable. The price point needs to be pennies. > Note that this is just one example, but yes, these level of products are > getting "smarter" and we, as security professionals, should encourage > "as strong security as possble" without getting the manufacturers to > just say "sorry, too expensive, I'll go without." (which is, > unfortunately, exactly what's been happening)
Personally, I'd just say "stop putting chips in light bulbs", instead. Companies making these things are unfortunately just not going to be making good security decisions. Bad or no security is cheaper than competent security, and selling light bulbs with bad security is not illegal. We'll be more successful focusing our effort on dealing with light bulb botnets than trying to get people to make secure "smart" light bulbs. There is no good solution on our end, and debating the price of chips for light bulbs is not a good way to make security decisions in TLS. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
