I'm not going to respond in detail, but I think that this quote cuts to the nub.
On Thu, Nov 24, 2016 at 10:09 PM, <drk...@gmail.com> wrote: > [W3C Auto] A number of Automotive Manufacturers and Tier 1 suppliers have > contributed to the ideas in the specification which focusses on exposing > vehicle signals and data to clients in a controlled and secure manner. W3C > Automotive Group members have a very good understanding of vehicle > architectures and signals and this expertise is being supplemented by > security specialists within the Group, but the Group is open to contributions > on how security best practice can best be incorporated and/or referenced from > the spec. [W3C Auto] It's clear that there is sufficient interest in pursuing this work. That's not in question. The concern is with the level of maturity of the security story. My hope is that deferring the formation of the working group will give those involved time to gain or enlist the necessary security expertise to do this work. As it stands, there isn't a strong enough demonstration that the security architecture has been developed to enough depth for formal standards development. A system like this needs a security architecture that has an in-depth authentication and authorization story, doubly for anything connecting to a CAN bus. Some due consideration to privacy aspects wouldn't hurt either. For example, your response talks about security authorities, but provides no details on how those are established, what systems are put in place to ensure that those actors are accountable and trustworthy. You mention shared both certificates and symmetric keys, but not the systems for establishing proof-of-possession, and - for symmetric keys - how those keys are agreed. The details of the identities that are asserted in such a system are critical in assessing a system, but there isn't enough detail in the documents to reach any conclusions. I have the same concerns about the protocol engineering aspects as well, but the security aspects are what are of most concern. > [W3C Auto] The W3C Automotive Working Group was established approx. two years ago and has published a First Public Working Draft of the Vehicle Signal Server Specification. [W3C Auto] I would suggest that this was a mistake on the above grounds. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
