IETF Logo Mail Archive

Re: [arch-d] [Iotops] How old is too old and what this means for product lifecycles? Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Toerless Eckert <tte@cs.fau.de> Mon, 07 December 2020 16:57 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E05793A12E7 for <architecture-discuss@ietfa.amsl.com>; Mon, 7 Dec 2020 08:57:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.87
X-Spam-Level:
X-Spam-Status: No, score=-0.87 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SQhDFhIqKUBn for <architecture-discuss@ietfa.amsl.com>; Mon, 7 Dec 2020 08:57:01 -0800 (PST)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F0EC3A139A for <architecture-discuss@iab.org>; Mon, 7 Dec 2020 08:57:00 -0800 (PST)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id A5BA2549B45; Mon, 7 Dec 2020 17:56:54 +0100 (CET)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id 9F974440041; Mon, 7 Dec 2020 17:56:54 +0100 (CET)
Date: Mon, 07 Dec 2020 17:56:54 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: Henning Schulzrinne <hgs@cs.columbia.edu>
Cc: Amyas Phillips <amyas@ambotec.org>, iotops@ietf.org, Ted Lemon <mellon@fugue.com>, architecture-discuss@iab.org, Randy Bush <randy@psg.com>, "Ackermann, Michael" <MAckermann@bcbsm.com>
Message-ID: <20201207165654.GF44833@faui48f.informatik.uni-erlangen.de>
References: <127BB8C9-679E-48C1-8617-C6092AEE9914@fugue.com> <DM6PR14MB3178C1F8B6E4FD6E9FD9C8C4D7F10@DM6PR14MB3178.namprd14.prod.outlook.com> <8E6EB6FF-E83B-44B5-A0A2-7499678DC6B6@fugue.com> <DM6PR14MB317817FD62369A8E0FF93CA8D7F10@DM6PR14MB3178.namprd14.prod.outlook.com> <77363965-99A5-4790-B40B-011827C8D113@fugue.com> <80F697E4-B225-49E0-8271-CDAB66E42A95@cisco.com> <m2zh2sktty.wl-randy@psg.com> <277E5229-EFCC-4758-B4F6-6B159212BA14@ambotec.org> <20201207091854.GD44833@faui48f.informatik.uni-erlangen.de> <CACgrgBa+JMDBWWBotfQeJMc=LMbkH+JbkbQ_YkXS4GuccnbrVA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CACgrgBa+JMDBWWBotfQeJMc=LMbkH+JbkbQ_YkXS4GuccnbrVA@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/6jiTb9jF07OgU4h1iHu8pR-0tyQ>
Subject: Re: [arch-d] [Iotops] How old is too old and what this means for product lifecycles? Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Dec 2020 16:57:04 -0000

When i buy a glass or marmelade, the packaging indicates all the ingredients
and epecially also all aditives. So i can kinda be an educated consumer.

I i am always thinking that i would like similar labelling for equivalent,
especially about the (external) dependencies to continue operating the device.

Yes, there are all type of devices, and you mention one extreme, which are
general purpose devices (mobile phones). Even when i have an embedded device
with android, the dependencies to keep it running will typically be much more
constrained but difficult to understand for most users.

Maybe an organization like IETF could first start to document the problem of
such external dependencies. Taxonomy etc. pp. Starting with the most obvious
problem of certificate management. Then dependencies against external protocol
peers, possible cloud-services, crypto-agility...

E.g.: If you had to decide between two different options for one type of
device and you where worried about longevity: whats all the stuff you would
need to know about it, and which pieces would make a difference.

IMHO, this is all way too much in its infancy to think about regulation i think.
Once three is a better and broader agreement as to what the best practices
are for apsects in support of longevity... then one could think about
supportive measures to encourage vendors.

Cheers
    Toerless


On Mon, Dec 07, 2020 at 09:43:07AM -0500, Henning Schulzrinne wrote:
> It used to be that vendors announced end-of-life for products years after
> introduction. For example, there was no way for a purchaser of Windows NT
> to know, at purchase time, how long Microsoft was intending to support the
> operating system. Now, better vendors seem to have started to make some
> commitments, e.g., "this Android phone will receive new versions of the OS
> for three releases and security updates until 2025". All the major Linux
> distributions now have some kind of an LTS version, with long-term
> stability and security/bug upgrades planned. There have been proposals (in
> the UK?) of making vendors of IoT equipment state their support commitment,
> so that a purchaser can choose "cheap" or "lasts a lifetime".
> Unfortunately, industry advocacy is often for minimal regulation - there's
> an opportunity here for ISOC and others to make a difference.
> 
> One reason for not upgrading: OS dependencies. Apple Big Sur (and Catalina)
> broke a lot of printer drivers, so I had a choice: Upgrade my OS or keep my
> printer working. Dell, the distributor of the printers (made by Fuji-Xerox,
> apparently) simply states that "due to circumstances beyond their control",
> they won't be providing any Catalina/Big Sur printer drivers.
> 
> Given that most commercial systems are now assembled out of open-source
> components, with customization or glue on top, you'd want some kind of
> automated component checker. "17 of your components have not committed to
> long-term support. Are you prepared to fix them yourselves?"
> 
> I don't know if this is feasible in all cases, but I suspect we often know
> that certain technologies are getting long in the tooth. They are not quite
> obsolete (historic) yet, but there's no active development or community and
> they probably shouldn't be components that can't be replaced in the field.
> No need (or resources) to do this for every RFC, but identifying critical
> pieces of technology and providing a support roadmap would be helpful, I
> think.
> 
> On Mon, Dec 7, 2020 at 4:19 AM Toerless Eckert <tte@cs.fau.de> wrote:
> 
> > Great pportunity for a rant:
> >
> > Its easy to understand how the mayority of participants in these
> > discussions are
> > from either a commercial supplier side, or from a commercial user side. In
> > either
> > case, a clearly time restricted use case scenario is easily be most
> > important default.
> > This btw. also applies to where my pay check comes from (i think).
> >
> > Nevertheless, i would highly recommend to no limit our design decisions to
> > this
> > scenarios.
> >
> > Personally, i for once would be happy as an individual to see any
> > standards be
> > blackmailed in the press and in public as an evil conspiracy for planned
> > obsolescence
> > that does not consider the ability for devices to operate as long as their
> > hardware can
> > without being constrained by 'security' software.
> >
> > Obviously, there are also significant commercial applications undetermined
> > long
> > life cycles are required. Just think of any deep space exploration NASA
> > satellites
> > go dark because of their non-crypto agility. Or the non-desire to upgrade
> > nuclear
> > missile control systems to new HW/SW because overall system security
> > analysis
> > shows how new HW/SW more likely than not will be MORE susceptible to
> > attacks than
> > simpler older SW/HW around for 50 years. Just two extreme examples.
> >
> > I am not 10% sure about generic approaches to solve this problem, but one
> > approach
> > could be the following:
> >
> > - A device communications is designed to be able to operate solely within a
> >   "walled garden" environment. Not as the ONLY option, but as one option.
> >
> > - Walled garden means that all communication channels of the device can be
> > directed
> >   to go through other nodes of the "walled garden".
> >
> > - "Walled garden" should IMHO also mean that the higher layer semantic of
> >   all communications is well enough defined/documented, so that another
> > device
> >   in the walled-garden can be set up to convert/proxy the communications.
> >
> > - Aka: If the crypto starts to become obsolete, then the obsolete crypto
> > would
> >   be possible to constrain to the walled-carden (physical security)
> > environment,
> >   and be proxied, and if the original remote communication parties do not
> > exist
> >   anymore, but the data to be exchanged exists, then such a proxy could
> > also
> >   proxy/convert the data into the 'legacy' format.
> >
> > The ability to understand all the information communicated well enough to
> > be able
> > to re-recreate the format is also necessary for any type of higher-layer
> > security
> > filtering, so this type of communications design is not only good for
> > longevity,
> > but also for security beyond transit confidentiality.
> >
> > Cheers
> >     Toerless
> >
> > On Sat, Dec 05, 2020 at 09:11:04PM +0000, Amyas Phillips wrote:
> > >
> > > > On 5 Dec 2020, at 18:10, Randy Bush <randy@psg.com> wrote:
> > > >
> > > > to improve the math one would have to amortize the cost of maintenance
> > > > over many many flavors and makers of thingies.  so the acme thingie
> > mfr,
> > > > and the hackme thingie mfr, and the ... need to have a common code base
> > > > and upgrade infrastructure.
> > >
> > >
> > > Exactly right, it???s hard to imagine any other economically viable way
> > of maintaining devices which aren???t sold with a service contract. Even
> > for devices which are sold with a service contract, this is still a cheaper
> > and likely better way of delivering the security maintenance part of that
> > service.
> > >
> > > There???s a few commercial products which do this. They essentially
> > offer modules with an OS and application environment which they maintain
> > for you, to a more or less hands-off degree: msoft Sphere, Balena,
> > Particle, Electric Imp, Ubuntu Core. They don???t maintain your application
> > but that may well be a relatively small part of the attack surface, and
> > possibly defended by features of the maintained environment.
> > >
> > > Microsoft Sphere in particular is interesting because the maintenance is
> > completely hands off and the costs are folded into the initial BOM cost of
> > the module, there???s no service fee.
> > >
> > > Amyas
> >
> > > --
> > > Iotops mailing list
> > > Iotops@ietf.org
> > > https://www.ietf.org/mailman/listinfo/iotops
> >
> >
> > --
> > ---
> > tte@cs.fau.de
> >
> > _______________________________________________
> > Architecture-discuss mailing list
> > Architecture-discuss@ietf.org
> > https://www.ietf.org/mailman/listinfo/architecture-discuss
> >

-- 
---
tte@cs.fau.de

v2.23.0 | Report a Bug | By Email