Adrian Farrel <adrian@xxxxxxxxxxxx> wrote:
>> I've floated an idea in draft-lear-mud-framework-00.txt which talks a
>> little about this. The idea is to learn what the Thing is and then
>> have its manufacturer communicate to a deployment how the thing is
>> intended to be used.
> This approach worries me. While the manufacturer might not object to
> this, the user and the system integrator should. The fact that a device
> was manufactured for foo should not stop it being used for bar.
I haven't read Eliot's document yet.
I imagine the manufacturer initially says:
Device FOO with Version BAR is believed to be safe on open
Internet at date BAZ.
then they say:
Device FOO with Version BAR is known to be unsafe on open
Internet as of date BAZ, but is safe with ports X,Y,Z blocked.
--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx>, Sandelman Software Works
-= IPv6 IoT consulting =-
Attachment:
signature.asc
Description: PGP signature