You can't secure what you can't update

Hi all,

here’s an interesting presentation from EclipseCon about open source tools for firmware updates (and related considerations on where the IoT is at currently).

As far as I can tell, the main take-away message is a confirmation that we’ll be in good shape if we combine upcoming RIOT work on:

  • implementing LwM2M,
  • finalizing DTLS,
  • work planned within the OTA task-force




Oh good, thanks, this is a nice slide set that is very light on technical details but strong in content. Something that can be shown to nontechies so that they too will have some kind of grasp of things.

At ELL-i, Jori is working on initial key exchange semantics on top of CoAP and DTLS is definitely considered as there is already almost-ready implementation in the RIOT tree. How much of the key/cert exchange is already specified in the LwM2M?

Jori, if you’re not yet on the RIOT-OS Development list, please join.

I know of several “lets just ship the damn thing and worry about enabling security later” -approaches and I’m terrified. Mostly they’re just automagical apartment lighting solutions, but still.

  • t