Hi Dave, Might work for lightbulbs. Doesn't work for automotive sensors and ECUs, which already have proprietary security (undisclosed algorithms) and badly need to have standards-based security. Cents in cost really matter here. ARM CPUs are not and will not become the only answer in automotive.
Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmu...@gmail.com Jan-April: 579 Park Place Saline, MI 48176 734-944-0094 May-Dec: PO Box 221 Grand Marais, MI 49839 906-494-2434 On Tue, Sep 6, 2016 at 8:17 PM, Dave Garrett <davemgarr...@gmail.com> wrote: > On Tuesday, September 06, 2016 04:40:30 pm Derek Atkins wrote: > > Ben Laurie <b...@google.com> writes: > > > An ARM is far too much hardware to throw at "read sensor/munge > data/send > > > data". > > > > > > The question is not "how much hardware?" but "price?" - with ARMs > including h > > > /w AES coming in at $2 for a single unit, its hard to explain why > you\d want > > > to use a less powerful CPU... > > > > Because this is a light bulb that sells for $6-10. Adding $2 to the > price > > is just completely unreasonable. The price point needs to be pennies. > > Note that this is just one example, but yes, these level of products are > > getting "smarter" and we, as security professionals, should encourage > > "as strong security as possble" without getting the manufacturers to > > just say "sorry, too expensive, I'll go without." (which is, > > unfortunately, exactly what's been happening) > > Personally, I'd just say "stop putting chips in light bulbs", instead. > Companies making these things are unfortunately just not going to be making > good security decisions. Bad or no security is cheaper than competent > security, and selling light bulbs with bad security is not illegal. We'll > be more successful focusing our effort on dealing with light bulb botnets > than trying to get people to make secure "smart" light bulbs. There is no > good solution on our end, and debating the price of chips for light bulbs > is not a good way to make security decisions in TLS. > > > Dave > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
