IETF Logo Mail Archive

Re: [arch-d] [Iotops] How old is too old and what this means for product lifecycles? Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Amyas Phillips <amyas@ambotec.org> Sat, 05 December 2020 21:11 UTC

Return-Path: <amyas@ambotec.org>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2FD43A0D64 for <architecture-discuss@ietfa.amsl.com>; Sat, 5 Dec 2020 13:11:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ambotec.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id toq-JE9Zs4ww for <architecture-discuss@ietfa.amsl.com>; Sat, 5 Dec 2020 13:11:08 -0800 (PST)
Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8411B3A0D4B for <architecture-discuss@iab.org>; Sat, 5 Dec 2020 13:11:08 -0800 (PST)
Received: by mail-wm1-x329.google.com with SMTP id a3so10080472wmb.5 for <architecture-discuss@iab.org>; Sat, 05 Dec 2020 13:11:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ambotec.org; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=sfX2XP982QTx+HzDrdiwrUj13f2GMHF59YdyTv/z5uM=; b=K28zYpKBuKg2JhhUeVtkI+mOxsD7SyDum6DdxUw1rmeOyR812j75yDlCVLNGVQ2NtD 8p8ogrSPhZsQLNqsTjL/jZvojXnhfGQyraQUrI9rKvcfpAXp4fXxSEtABjEFu32Nwvvn lk/e8iZPNCtgqrgRQUAJdAnw/qo4Zl1OZWD8IHkqCTCVIB6o8ZD0EPHr2Nm0N8El1QGt gPfu7FUgGYuxxGh07lp42GOAlQXklNeM0Zi123qWby3e/VgDUSiq9UcuH+d5A7riRae4 wJXaY0F/XfIDrlmo2eEkWrld2brmoXRMszqi8X1o4IVgFwpwafMVRLCxEk0j5FhoDd0G S/Pw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=sfX2XP982QTx+HzDrdiwrUj13f2GMHF59YdyTv/z5uM=; b=eJSd9TbU9tM9T/okjmesnzcnrsBXIr22VjwN7CaGeqPEbIuawwnjKz+hZQQEqTL6gm iWfTfRAwww/6ZQL0YZNvATo9AaV4EJo2fVUkFp5+kVo5HrZRIggeN+p/xs1BkRL+Hivz W4FnP/mrRe/rsZH2r1QznFVjxH51LB/c9KCi63AtX3uhnK6CXlLhG2IRgSPT7zEL6rlc UxyEVuIn9uwNfDYvGNOgVsP5cyl69CpydCmnHZDnhjNKyceV+0kssJWht19mi4yBInyo u8NDJaYXW0v4QKUiUx/53fCjsY4lx0Iuq5Dcwtu5tLpt+MRxlZjW9asG5ybXmpw5ZhqK qHfA==
X-Gm-Message-State: AOAM531H1xlab5AjkzygWT0YLHUgpynXIi9G8Z8zpzkMPWo4EpNq0uSd 77wjtAVl4LYuEcgOy2gOWuYZKQ==
X-Google-Smtp-Source: ABdhPJyNMVMTIYjszYFGeuPCt9urpiRE2S4xSSQ5oPyiJi+l28oAfcdyqbYC2QBi6EJHiqyZhN1WlA==
X-Received: by 2002:a1c:6689:: with SMTP id a131mr10686694wmc.33.1607202666512; Sat, 05 Dec 2020 13:11:06 -0800 (PST)
Received: from [192.168.1.4] (3.236.90.146.dyn.plus.net. [146.90.236.3]) by smtp.gmail.com with ESMTPSA id f14sm8802521wme.14.2020.12.05.13.11.05 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 05 Dec 2020 13:11:05 -0800 (PST)
From: Amyas Phillips <amyas@ambotec.org>
Message-Id: <277E5229-EFCC-4758-B4F6-6B159212BA14@ambotec.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_10E9567C-D934-4F48-B2D4-DF65F04E289A"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Date: Sat, 05 Dec 2020 21:11:04 +0000
In-Reply-To: <m2zh2sktty.wl-randy@psg.com>
Cc: Eliot Lear <lear@cisco.com>, architecture-discuss@iab.org, iotops@ietf.org, Ted Lemon <mellon@fugue.com>, "Ackermann, Michael" <MAckermann@bcbsm.com>
To: Randy Bush <randy@psg.com>
References: <160496076356.8063.5138064792555453422@ietfa.amsl.com> <SN6PR02MB4512B95842251AE4C04B199CC3F30@SN6PR02MB4512.namprd02.prod.outlook.com> <BYAPR14MB31765FD24F4DFD90F81AEE2BD7F30@BYAPR14MB3176.namprd14.prod.outlook.com> <SN6PR02MB4512CBA9E4BF6AAC778BC674C3F30@SN6PR02MB4512.namprd02.prod.outlook.com> <DM6PR14MB31789349B737961728B7691ED7F30@DM6PR14MB3178.namprd14.prod.outlook.com> <CACsn0ckvoqZ5-JPRkOXp2Mw2zeTOdyCYLvX1NV1waJ-yidTwMQ@mail.gmail.com> <SN6PR02MB45129E647485BA5794D5CF4EC3F20@SN6PR02MB4512.namprd02.prod.outlook.com> <MWHPR02MB2464CD5D5B7568E9EAC58B26D6F20@MWHPR02MB2464.namprd02.prod.outlook.com> <DM6PR14MB3178EC0521427BF7C3523CACD7F10@DM6PR14MB3178.namprd14.prod.outlook.com> <CAChr6SzvQK+exfgYEwfVNknMjr-Y-UJ4A7k0DkOkL9wmLQ84aQ@mail.gmail.com> <MWHPR02MB246499F35613820D45EB55AAD6F10@MWHPR02MB2464.namprd02.prod.outlook.com> <DM6PR14MB3178A0C152A746E41C6A01C6D7F10@DM6PR14MB3178.namprd14.prod.outlook.com> <f8486514-9726-68d0-2bc8-dccd4293017e@cs.tcd.ie> <DM6PR14MB317843CA2B3D67F6660F4F0DD7F10@DM6PR14MB3178.namprd14.prod.outlook.com> <127BB8C9-679E-48C1-8617-C6092AEE9914@fugue.com> <DM6PR14MB3178C1F8B6E4FD6E9FD9C8C4D7F10@DM6PR14MB3178.namprd14.prod.outlook.com> <8E6EB6FF-E83B-44B5-A0A2-7499678DC6B6@fugue.com> <DM6PR14MB317817FD62369A8E0FF93CA8D7F10@DM6PR14MB3178.namprd14.prod.outlook.com> <77363965-99A5-4790-B40B-011827C8D113@fugue.com> <80F697E4-B225-49E0-8271-CDAB66E42A95@cisco.com> <m2zh2sktty.wl-randy@psg.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/R-tTuMvjyjZk5D2mqRfzfcbcVgs>
Subject: Re: [arch-d] [Iotops] How old is too old and what this means for product lifecycles? Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Dec 2020 21:11:11 -0000

> On 5 Dec 2020, at 18:10, Randy Bush <randy@psg.com> wrote:
> 
> to improve the math one would have to amortize the cost of maintenance
> over many many flavors and makers of thingies.  so the acme thingie mfr,
> and the hackme thingie mfr, and the ... need to have a common code base
> and upgrade infrastructure.  


Exactly right, it’s hard to imagine any other economically viable way of maintaining devices which aren’t sold with a service contract. Even for devices which are sold with a service contract, this is still a cheaper and likely better way of delivering the security maintenance part of that service. 

There’s a few commercial products which do this. They essentially offer modules with an OS and application environment which they maintain for you, to a more or less hands-off degree: msoft Sphere, Balena, Particle, Electric Imp, Ubuntu Core. They don’t maintain your application but that may well be a relatively small part of the attack surface, and possibly defended by features of the maintained environment. 

Microsoft Sphere in particular is interesting because the maintenance is completely hands off and the costs are folded into the initial BOM cost of the module, there’s no service fee.

Amyas

v2.23.0 | Report a Bug | By Email