From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mcr@sandelman.ca>
Received: from relay.sandelman.ca (relay.cooperix.net
 [IPv6:2a01:7e00::f03c:91ff:feae:de77])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by lists.bufferbloat.net (Postfix) with ESMTPS id F0BA13BA8E
 for <cerowrt-devel@lists.bufferbloat.net>;
 Wed, 28 Nov 2018 04:17:51 -0500 (EST)
Received: from dooku.sandelman.ca (ipv6.dooku.sandelman.ca
 [IPv6:2607:f0b0:f:6::1])
 by relay.sandelman.ca (Postfix) with ESMTPS id 23A741F8BC;
 Wed, 28 Nov 2018 09:17:51 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179)
 id B0797150E; Wed, 28 Nov 2018 04:17:16 -0500 (EST)
From: Michael Richardson <mcr@sandelman.ca>
To: Mikael Abrahamsson <swmike@swm.pp.se>
cc: "David P. Reed" <dpreed@deepplum.com>,
 cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>
In-reply-to: <alpine.DEB.2.20.1811271204250.7766@uplift.swm.pp.se>
References: <CAA93jw54urN1Gh731zg0MGsyCiWPOLNa2p__GXZMJd=ODMWLiw@mail.gmail.com>
 <6F8CDBFF-8B8A-4B6B-BCE9-918A69354626@gmx.de>
 <CAA93jw4La1v=tQOFPZGr6QZ04yfcu2Z+pVQegyLpQwSaFevyEw@mail.gmail.com>
 <13EA268F-994D-45FF-A0B2-1CAF4C530B4F@gmx.de>
 <1543278579.232231705@apps.rackspace.com>
 <alpine.DEB.2.20.1811271204250.7766@uplift.swm.pp.se>
Comments: In-reply-to Mikael Abrahamsson <swmike@swm.pp.se>
 message dated "Tue, 27 Nov 2018 12:07:51 +0100."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Wed, 28 Nov 2018 09:17:16 -0000
Message-ID: <24484.1543396636@dooku.sandelman.ca>
Subject: Re: [Cerowrt-devel] security guidelines for home routers
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
 <cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
 <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
 <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Wed, 28 Nov 2018 09:17:52 -0000

--=-=-=
Content-Type: text/plain


Mikael Abrahamsson <swmike@swm.pp.se> wrote:
    >> Personally, I think it's time to move "security" out of the military
    >> sector of government..

    > I think we need some kind of international cooperation body that
    > develops guidelines that vendors can then slap their "approved
    > by"-sticker on the box by complying to these guidelines. Problem here

There are multiple efforts:

I'm involved with this one: https://www.iotsecurityfoundation.org/best-practice-guidelines/
(and there are more documents in progress)

There are other efforts, and there are attempts to coordinate, and there is
interest in the testing labs (EULabs, UL, and others) in doing evaluations
with prices from $ to $$$$$.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEERK+9HEcJHTJ9UqTMlUzhVv38QpAFAlv+XRwACgkQlUzhVv38
QpCqlAf+PmXpcoSXjFQVGcNdIVxA+yXiViSOWi+dN48AkhWXp6FHOTWjn8Fl1qyP
ZiYJ3Dsf8k3r21qIpxePxMdyOYdhFihuCmOMIoBXqvoJoxjkMqcqK3R8/ORSaRN7
fT8+Eh6VwqcSGFaZvvHipy7AKCDsYBHr3JjNkWbivdRGhaurV/iYL8+99tkqjbCn
TEGHWFGM3af2yCynCC0fEy2JYbq8IQ+iUwB5D82RmEgrGZ+5jooF3SthOsqkNTXL
r25VMPnGgzJTrJWmgrKlTzcBOG30Wp/5ol6fPIVZNoeNqgilWbsk9wF7o8s4Hlju
qHB3waNesV0EZ9w2MFVAbZOFhoz+UQ==
=hPgD
-----END PGP SIGNATURE-----
--=-=-=--