From justin at madirish.net Tue Dec 1 13:55:13 2015 From: justin at madirish.net (Justin Klein Keane) Date: Tue, 01 Dec 2015 08:55:13 -0500 Subject: [Owasp_internet_of_things_project] How not to do PKI Message-ID: Hello all, Not sure if folks saw this posting on the Sophos blog but it's a great breakdown of how not to do PKI for IoT. TLDR: "Millions of Internet Things are ?secured? by the same ?private? keys" https://nakedsecurity.sophos.com/2015/11/30/millions-of-internet-things-are-secured-by-the-same-private-keys/ The suggestions at the bottom of the list are really good ones, and probably things we should include in the framework assessment (https://www.owasp.org/index.php/IoT_Framework_Assessment). Cheers, -- Justin C. Klein Keane http://www.MadIrish.net