[{"author": "Jim Fenton", "text": "
Appropriate that Meetecho says \"dance PLAYING\"
", "time": "2022-11-10T15:31:15Z"}, {"author": "Lorenzo Miniero", "text": ":)
", "time": "2022-11-10T15:31:25Z"}, {"author": "Ira McDonald", "text": "DANCE Arch draft is marked Informational currently
", "time": "2022-11-10T15:49:02Z"}, {"author": "Michael Richardson", "text": "Ben's point is well taken, but OTH, call-home-with-private-PKI is actually just as bad :-)
", "time": "2022-11-10T15:54:12Z"}, {"author": "Brendan Moran", "text": "+1 to Ben
", "time": "2022-11-10T15:54:46Z"}, {"author": "Brendan Moran", "text": "But that said, failure of IoT devices due to out-of-business companies is a massive problem that is not as simple as just an authentication system.
", "time": "2022-11-10T15:55:43Z"}, {"author": "Shumon Huque", "text": "On implementations, AFNIC has one, that I suspect Sandoche may mention that when he speaks.
", "time": "2022-11-10T15:56:09Z"}, {"author": "Benjamin Schwartz", "text": "@Brendan I think there is an argument that \"mutual authentication\" (not just the client side) is the key prerequisite for solving that problem. If the device can authenticate to my replacement service, _and_ I can replace the device's trust anchor so it accepts my replacement service, then I can rewrite the firmware, etc.
", "time": "2022-11-10T15:58:09Z"}, {"author": "Brendan Moran", "text": "@Benjamin Schwartz I think we both agree on this, but are approaching it from opposite ends. My thought was \"If I replace the device firmware, I can fix the authentication problem.\"
", "time": "2022-11-10T15:59:33Z"}, {"author": "Jabber", "text": "mcr: @Brendan, I still prefer Dan Geer's 2014 manifesto for out-of-business IoT.
", "time": "2022-11-10T15:59:56Z"}, {"author": "Olle Johansson", "text": "https://www.rfc-editor.org/rfc/rfc6920
", "time": "2022-11-10T16:01:00Z"}, {"author": "Brendan Moran", "text": "@mcr, I'll have to read it, but the synopsis sounds good.
", "time": "2022-11-10T16:02:22Z"}, {"author": "Jabber", "text": "mcr: https://www.darkreading.com/vulnerabilities-threats/dan-geer-touts-liability-policies-for-software-vulnerabilities and https://duo.com/blog/black-hat-2014-keynote-cybersecurity-as-realpolitik and https://www.blackhat.com/us-14/speakers/Dan-Geer.html I can't find the actual video.
", "time": "2022-11-10T16:07:07Z"}, {"author": "Jabber", "text": "mcr: https://www.youtube.com/watch?v=nT-TGvYOBpI&t=8s
\n", "time": "2022-11-10T16:07:43Z"}, {"author": "Jim Fenton", "text": "What is name of this speaker?
", "time": "2022-11-10T16:10:00Z"}, {"author": "Shumon Huque", "text": "Sandoche Balakrishnan
", "time": "2022-11-10T16:10:42Z"}, {"author": "Jim Fenton", "text": "thx
", "time": "2022-11-10T16:11:24Z"}, {"author": "Shumon Huque", "text": "Spelling correction :) \"Sandoche Balakrichenan\"
", "time": "2022-11-10T16:12:53Z"}, {"author": "Shumon Huque", "text": "I'm glad to see a new application using the TLS DNSSEC Chain extension!
", "time": "2022-11-10T16:17:35Z"}, {"author": "Olle Johansson", "text": "Happy Dancing!
", "time": "2022-11-10T16:30:32Z"}]