ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Getting on with Things

2016-03-09 13:38:21
from [Carsten Bormann] [Permanent Link] 
Michael Richardson wrote:

I imagine the manufacturer initially says:
    Device FOO with Version BAR is believed to be safe on open
    Internet at date BAZ.


I'd like to have the legal department that lets that statement pass...


then they say:
    Device FOO with Version BAR is known to be unsafe on open
    Internet as of date BAZ, but is safe with ports X,Y,Z blocked.


More likely.  But the device knows nothing about that.

The device does know what software runs on it.
Making that information available in the constrained space in such a way
that security automation can act on it is one of our immediate objectives.
(I'll probably talk briefly about this in next week's T2TRG meeting, in
the context of managing "unmanaged" networks.  With luck, we'll have a
draft for Buenos Aires.)

Grüße, Carsten
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Getting on with Things, Michael Richardson
Next by Date:  Re: Getting on with Things, Medel Ramirez
Previous by Thread:  Re: Getting on with Things, Michael Richardson
Next by Thread:  RE: Observations on (non-technical) changes affecting IETF operations, Dave Cridland
Indexes:  [Date] [Thread] [Top] [All Lists]