Would make more sense with the right link... sorry... https://tools.ietf.org/id/draft-hallambaker-securecode-00.txt On Thu, Oct 16, 2014 at 3:50 PM, Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote: > I started to draft out my ideas under the impression that the cut off > date is tomorrow when there is a bit more time. > > This is a starting point for a draft: > > https://tools.ietf.org/html/draft-hallambaker-sxs-confirm-00 > > > My home configuration has already exceeded the complexity of a typical > university department in the 1990s and it is far from comprehensive. > Less than a quarter of the light switches are under IP control. Such > organizations found software management and distribution > infrastructures essential so it is a good bet that the home will. > > It will always be necessary to support the approach where the user > relies on a cloud service provided by the vendor. But it should also > be possible to bind a device to a local or personal 'hub' so that it > receives all its directions from that source. Including when to accept > updates, which updates to accept, etc. etc. > > > While the vulnerability concern is limited to 'software' (anything > from HTML to firmware), the line between software and configuration is > blurred. Especially when many vulnerabilities are configuration > settings. So configuration is also part of the issue here.