LGTM On Fri, Nov 4, 2016 at 5:22 PM, L. David Baron <dba...@dbaron.org> wrote:
> OK, here's a reformulation that takes a somewhat stronger position > (mainly by checking the other box, and adding the paragraph at the > end). > > -David > > > [X] opposes this Charter and requests that this group not be > created [Formal Objection] (your details below). > > We're concerned enough about the security and privacy aspects of > this charter and the associated work that we believe this effort is > not currently ready to begin development on the Recommendation > track. > > We have a number of concerns about the security aspects of this > work. It's not clear how exposing vehicle information through > WebSockets will work in a secure way. Will connections to parts of > the car be exposed to the Internet? If not, how will access be > limited to allowed clients? How will integration with the DNS-based > CA system and with the same origin policy be handled? The proposals > to use fixed hostnames don't appear workable, since they don't > establish unique identities for which certificates can be issued. > Similarly, it's not clear how the V2X server described verifies that > the connection it receives is from a vehicle with the VIN that the > client claims to have. Security is critical, as security > vulnerabilities in systems within cars have already led to serious > safety problems; see http://www.autosec.org/publications.html . > > It seems that privacy needs to be a core aspect of this working > group, given the level of private data involved in this space, and > given deeper consideration from the beginning than a note that the > working group will secure reviews from the Privacy Interest Group. > > It's also not OK to use a new GTLD (as this proposes using wwwivi); > see https://tools.ietf.org/html/rfc6761 . > > These concerns are apparent after only a brief review. Given that, > we believe that the best path forward in this area is for the > community to take some time to consider security and privacy more > carefully, and come back later with a charter that reflects that > consideration. > > -- > π L. David Baron http://dbaron.org/ π > π’ Mozilla https://www.mozilla.org/ π > Before I built a wall I'd ask to know > What I was walling in or walling out, > And to whom I was like to give offense. > - Robert Frost, Mending Wall (1914) > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
