The systemic risk framing is spot on. The comparison to UPnP really drove it home for me - I rember dealing with the fallout from UPnP vulnerabilities in IoT devices and it was exacty this pattern of convenience-first defaults that nobody could roll back. The MCP baseline stuff in the appendix is practical tho, way better than just more guidance docs that people ignore. Governance primitives baked into distribution is the only thing that actually scales.
Thanks. Glad the UPnP example resonated. Also appreciate the note on the baseline. My goal there is to keep it deployer-usable. If we can make those governance pieces real at the distribution layer (identity/provenance, declared privileges, conformance signals, revocation), we'll hopefully get something that scales better than the pretty amazing but hard to scale work on security teams. If you have examples of what did / didn't work in your UPnP/IoT work, especially around distribution/patching and incentivizing vendors, I’d love to hear them.
The systemic risk framing is spot on. The comparison to UPnP really drove it home for me - I rember dealing with the fallout from UPnP vulnerabilities in IoT devices and it was exacty this pattern of convenience-first defaults that nobody could roll back. The MCP baseline stuff in the appendix is practical tho, way better than just more guidance docs that people ignore. Governance primitives baked into distribution is the only thing that actually scales.
Thanks. Glad the UPnP example resonated. Also appreciate the note on the baseline. My goal there is to keep it deployer-usable. If we can make those governance pieces real at the distribution layer (identity/provenance, declared privileges, conformance signals, revocation), we'll hopefully get something that scales better than the pretty amazing but hard to scale work on security teams. If you have examples of what did / didn't work in your UPnP/IoT work, especially around distribution/patching and incentivizing vendors, I’d love to hear them.