Hi Jim, On 15/10/14 13:49, Jim Gettys wrote: >> > > ​Since writable flash must be protected (and cheaply!), and > software/firmware still updated in such devices > one area may be to describe such mechanisms, along with the issues of key > management > best practices which are far from the minds of most vendors who have never > given thought to long lived network systems. > Without such guidance, we'll live in a sea of vulnerability. > > Looming larger is the observation that as an industry we don't think about > building systems and software with long life times; that goes well beyond > the IETF. Yes, a bunch of this is not really directly IETF stuff, but as you say there could be informational/bcp documents that'd be of value or maybe we'd find that the tools we already have (CMS, jose etc.) might not be quite right or could need some extensions/addons that'd help, or even that some new protocol might be needed. > > As to I-D's, I have to locate appropriate co-authors before I can commit to > anything. Sure. I hope some folks get in touch with you on that. S.