[Anima-bootstrap] minor point about malware
Michael Richardson <mcr+ietf@sandelman.ca> Sat, 07 January 2017 15:17 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: anima-bootstrap@ietfa.amsl.com
Delivered-To: anima-bootstrap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7367A1288B8 for <anima-bootstrap@ietfa.amsl.com>; Sat, 7 Jan 2017 07:17:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id phk-iUc2O7kt for <anima-bootstrap@ietfa.amsl.com>; Sat, 7 Jan 2017 07:17:01 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 287DA126579 for <anima-bootstrap@ietf.org>; Sat, 7 Jan 2017 07:17:00 -0800 (PST)
Received: from dooku.sandelman.ca (199-7-157-15.eng.wind.ca [199.7.157.15]) by relay.sandelman.ca (Postfix) with ESMTPS id 22BFE1F8FB for <anima-bootstrap@ietf.org>; Sat, 7 Jan 2017 15:16:58 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 075992593; Sat, 7 Jan 2017 23:56:15 +0900 (KST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: anima-bootstrap@ietf.org
X-Attribution: mcr
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Sat, 07 Jan 2017 09:56:15 -0500
Message-ID: <17208.1483800975@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima-bootstrap/YMSGRc5kSToia99pKZUPStNiig0>
Subject: [Anima-bootstrap] minor point about malware
X-BeenThere: anima-bootstrap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <anima-bootstrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima-bootstrap/>
List-Post: <mailto:anima-bootstrap@ietf.org>
List-Help: <mailto:anima-bootstrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima-bootstrap>, <mailto:anima-bootstrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Jan 2017 15:17:02 -0000
Max, we write: > In a "trust on first use" model, where > this threat is ignored, the attacker has an opportunity to install a > persistent malware component. I wonder if we have confounded two things in this statement. The process by which the pledge trusts the network operator (and therefore provide super-user control and configuratoin credentials to the network) with the process by which the pledge trusts new firmware updates. I can see that for many devices that do not have signed software updates, if an operator has configuation control, then they also have software update control. Even in the context of signed updates, if the choice of update to run includes ability to run an old version with an exploit that malware is possible. I'm not sure what I want to do about the above statement, I am just uncomfortable that we may be confusing some less technical readers into believing that we solve problems we are not (and probably can not). -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Anima-bootstrap] minor point about malware Michael Richardson