[iot-discussion] What role does the SP play in protecting consumers re IoT?

On 11 Apr 2017, at 22:37, Gordon Lennox wrote:

> A few years back Patrik Fältström and I wrote a little paper on what happened when I, sitting at home in Brussels, accessed his web-site in Sweden. With a little bit of thought you can imagine what we saw. The number of networks involved. The number of name servers involved. The number of content servers involved. Patrik was a bit surprised to see - to be reminded? - that one machine  was acting as both a name server and a content server? I am not sure if Patrik is on this list but I have copied him in. So if anyone wants the paper he can give a pointer on his site.

Yes, I am on this list, and the link to the paper is:

<https://stupid.domain.name/node/1720>

I think too many people do look at using regulation and what not to get this right. That might help but look at the issues wth the CE mark for electric gear. That is hard enough, and is something people KNOW they should look for, and is a REQUIREMENT all over the place. And we still have fake stuff.

I think we need in the case of IoT much more clearly:

A. Tools and software packages that are correct, that do the right thing, so that whoever want to do an internet connected toothbrush can do so by downloading the right software. There are very very few packages that everyone uses (OpenWRT, DNSMasq, Curl etc) and I am still waiting EU Commission and similar organisations put in serious money to have those packages, open source, do the right thing.

B. An agreement from manufacturers that their gear are to do the right thing. Like a gentlemans agreement. Will not help at all, but still a good thing. Enable and make it easy for companies to be signatories of things like MANRS. ISOC?

C. Make it much more clear in the various pan european legislations that an ISP do have the ability to cut off customers from which bad packets come from. Today ISPs should forward packets but also protect the network (handwaving, handwaving). I do not see ISPs be afraid of cutting customers off, and the main reason for not doing it has to do with increased support cost (why would an ISP invest money in helping a customer they already do not make money on configuring their toothbrush correctly?).

D. Public sector must buy only correct internet connected toothbrushes. To see public sector buy a single thing that do not do IPv6, that do not do DHCP correctly or what not should be punished in some way. Here is where the whip should be applied. Big time! And of course to whoever delivers an internet connected x-ray with open port 22. Full refund, replace the gear, and up to 4% of the turnaround in economical fees if not remediated quickly (i.e. in months).

But, as I see little to no interest in "correct Internet access" from for example the Commission, I do not understand how this (A+D) will be implemented.

   Patrik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: </ripe/mail/archives/iot-wg/attachments/20170412/0cbeb2b6/attachment.sig>