Sept. 21, 2018
5:20 p.m.
On 21/09/2018 18:02, Michael StJohns wrote:
I wish people would stop repeating this stupid canard. It's almost as stupid as "IOT devices need less security".
I should clarify. It's *technically* a problem with a solution, as you've outlined. Getting such a solution *commercially deployed* in low cost CPE seems somewhat harder.
But guidance to the CPE vendors that they need to provide firmware updates for at least N years after manufacture and that those firmware updates may include new root public keys seems like a good document to write.
I don't think IETF guidance alone will suffice. It may require legislative mandate. Ray