IETF Logo Mail Archive

Re: [homenet] standard way of configuring homenets

"STARK, BARBARA H" <bs7652@att.com> Wed, 25 July 2018 16:41 UTC

Return-Path: <bs7652@att.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EDA7130E0C for <homenet@ietfa.amsl.com>; Wed, 25 Jul 2018 09:41:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a7hp1C5ZvUZK for <homenet@ietfa.amsl.com>; Wed, 25 Jul 2018 09:41:12 -0700 (PDT)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A757126BED for <homenet@ietf.org>; Wed, 25 Jul 2018 09:41:12 -0700 (PDT)
Received: from pps.filterd (m0049458.ppops.net [127.0.0.1]) by m0049458.ppops.net-00191d01. (8.16.0.22/8.16.0.22) with SMTP id w6PGZCCc029717; Wed, 25 Jul 2018 12:41:07 -0400
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0049458.ppops.net-00191d01. with ESMTP id 2kev5u1ag3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 25 Jul 2018 12:41:07 -0400
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id w6PGf6pQ014386; Wed, 25 Jul 2018 12:41:06 -0400
Received: from zlp30483.vci.att.com (zlp30483.vci.att.com [135.47.91.189]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id w6PGf18A014298; Wed, 25 Jul 2018 12:41:01 -0400
Received: from zlp30483.vci.att.com (zlp30483.vci.att.com [127.0.0.1]) by zlp30483.vci.att.com (Service) with ESMTP id 47D724014665; Wed, 25 Jul 2018 16:41:01 +0000 (GMT)
Received: from GAALPA1MSGHUBAA.ITServices.sbc.com (unknown [130.8.218.150]) by zlp30483.vci.att.com (Service) with ESMTPS id 327AC4014663; Wed, 25 Jul 2018 16:41:01 +0000 (GMT)
Received: from GAALPA1MSGUSRBF.ITServices.sbc.com ([169.254.5.81]) by GAALPA1MSGHUBAA.ITServices.sbc.com ([130.8.218.150]) with mapi id 14.03.0408.000; Wed, 25 Jul 2018 12:41:00 -0400
From: "STARK, BARBARA H" <bs7652@att.com>
To: 'Brian E Carpenter' <brian.e.carpenter@gmail.com>, 'Ted Lemon' <mellon@fugue.com>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: homenet <homenet@ietf.org>
Thread-Topic: [homenet] standard way of configuring homenets
Thread-Index: AQHUI5gcP53omUcFxUqCducdRw8FHKSfLkiAgAAQ+ICAAFHigIAAW8MQ
Date: Wed, 25 Jul 2018 16:40:59 +0000
Message-ID: <2D09D61DDFA73D4C884805CC7865E6114DE526ED@GAALPA1MSGUSRBF.ITServices.sbc.com>
References: <27765.1532468911@localhost> <CAPt1N1mO8KFH+M-bq7LKqQcjtyigUPwdchMA11U_vPXYTzcNSw@mail.gmail.com> <2D09D61DDFA73D4C884805CC7865E6114DE51281@GAALPA1MSGUSRBF.ITServices.sbc.com> <d7e85f2a-b613-7e8a-a18a-c6ae79bd8d79@gmail.com>
In-Reply-To: <d7e85f2a-b613-7e8a-a18a-c6ae79bd8d79@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.61.166.63]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-07-25_03:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1807250176
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/M89IfJHwSJqRt0W2uk31J4afOr0>
Subject: Re: [homenet] standard way of configuring homenets
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jul 2018 16:41:15 -0000

> > <individual hat> Since homenet is supposed to be about an unmanaged
> > network, and configuration via a management protocol requires somebody
> > who knows what they’re doing,
> 
> Traditionally, yes, but we do actually want to get away from that.
> (It's our explicit goal to do that in ANIMA, for which homenets are out of
> scope, but we assume that the starting point is a NOC staffed by people who
> know what they are doing.)
> 
> The idea of capturing a homenet config and saving it for future use doesn't
> seem outlandish to me, and using tools developed for managed networks,
> but operated robotically instead of manually, doesn't seem crazy either. But
> it might be a big effort and a distraction.

<as individual contributor>
Using tools developed for managed networks in amateurishly-managed (or unmanaged) home network environments has historically turned out very badly.
Poorly implemented management protocols and "backdoors" are a leading cause of security vulnerabilities. These poor implementations are common and prevalent. 
Improperly secured, but (otherwise) well-implemented management protocols are another leading cause of security vulnerabilities. This is also common and prevalent.
And I'm not just talking about the device's or home network's security. I'm talking about Internet security -- this is how DDoS attacks are enabled.
As a data point: providers like Comcast actively block SNMP ports because SNMP is so easy to use in DDoS attacks. (https://www.xfinity.com/support/articles/list-of-blocked-ports)
I realize netconf and restconf aren't SNMP. But please don't think that if these protocols were to be deployed in millions of consumer devices and placed under the control of end users we would discover them to be magically immune to poor implementations and being improperly secured. I have yet to see a management protocol that is immune to either of these issues.

Which isn't to say it couldn't be done or there might not be a good use case for it. I'm saying that it is a huge effort that would need to be done with extreme foresight and care. We would need to understand extremely well exactly what we do and don't want from such a management solution -- exactly what problems we are trying to solve and what our requirements are. Does it need to be a single management protocol to solve everything, or do we separate reporting of statistics from configuration backup from UI for user configuration? We would have to be rock-solid on requirements for securing any such management interface, understand what our strategy is for minimizing occurrence of poor implementations, and understand what our strategy is for minimizing occurrence of improperly-secured implementations.

On the plus side -- maybe if we were able to do this, it would keep developers from creating their own custom vulnerabilities (aka management interfaces) by giving them a viable properly secured solution.
Barbara

v2.23.0 | Report a Bug | By Email