On Fri, Jul 04, 2025 at 12:21:59AM +0200, Michael De Roover wrote: > I love the way you think here! Cost-benefit, yeah, customer service departments > are the ones to face the angry customers whose data and/or networks have been > breached. If we can offer guidance on how to prevent that outcome, why wouldn't > they consider it? I think this is something worth doing. It's not just about the technical issues about networking protocols and the software stack, but also about the business model of who will pay for the initial implementation on the client and the servers; who will pay for the on-going maintenance on the client and servers (including security updates); what happens when newer versions of the software no longer "fit" on hardwre which is a few years older than the bleeding edge? (Example: what ihe latest version of the software no longer works on your very expensive car containing the Tesla Full-Self Driving Computer 3.0, but only on the 4.0 version of the hardware? Worse, cars are expected to last at least 5 to 10 years; but thermostats are expected to last for 15 or 25 years....) And then, of course, there are the problems on the social and political layer of the 9 layer OSI model. What if the business model to pay the on-going software support involves using advertising, or monetizing information about the user or their generated content (e.g., selling demographic, activity, and/or identity data to companies, government law enforcement or intelligence agencies, or selling user-generated content to AI startups)? And if that gets outlawed in certain legal jourisdictions, gets replaced by an monthly subscription model which users refuse to pay because they don't see the value (or they take the value for granted)? Most of the people in the IETF are folks who specialize on the technical side of things, about without addressing these buiness and financial issues, it's very likely that the a most fancy and comprehency architecture will end up getting ignored and end up being irrelevant. It's not our area of expertise, and unfortunately, sometimes people who do have more domain expertise in this area (e.g. product managers) are either not welcome, or have an agenda based on the needs of the company or companies which employ them. And of course, the costs of hardware and software can change radically over time (e.g., 145% tariffs) and new business models might pop up (such as selling user generated content to AI startups). So a technical architecture which is optimized for 2005 might not work as well in 2015, which in turn might not work well in 2025. And if we consider how long it takes for the sorts of devices such as thermostats, light switches, garage door openers, washers, refridgerators, etc., to get replaced, this gets especially challenging. As a result, I tend to be very skeptical over solutions which require radical rearchitecture. By the time it is implemented, and deployed, it may be that it has been overtaken by events. Sure, this can happen with incremental changes, but at least the time and cost to implement can be much less, which mitigates this risk. - Ted
