IETF Logo Mail Archive

Re: [homenet] write up of time without clocks

JORDI PALET MARTINEZ <jordi.palet@consulintel.es> Fri, 04 November 2016 15:30 UTC

Return-Path: <prvs=1116d822b0=jordi.palet@consulintel.es>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 264D81294E9 for <homenet@ietfa.amsl.com>; Fri, 4 Nov 2016 08:30:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102
X-Spam-Level:
X-Spam-Status: No, score=-102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=consulintel.es; domainkeys=pass (1024-bit key) header.from=jordi.palet@consulintel.es header.d=consulintel.es
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dMop9JklncDo for <homenet@ietfa.amsl.com>; Fri, 4 Nov 2016 08:30:05 -0700 (PDT)
Received: from mail.consulintel.es (mail.consulintel.es [217.126.185.215]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15AB9129563 for <homenet@ietf.org>; Fri, 4 Nov 2016 08:29:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=consulintel.es; s=MDaemon; t=1478273389; x=1478878189; q=dns/txt; h=DomainKey-Signature: Received:User-Agent:Date:Subject:From:To:CC:Message-ID: Thread-Topic:References:In-Reply-To:Mime-version:Content-type: Content-transfer-encoding:Reply-To; bh=swx7CzvyRrsPxSk+k5OgueKNS nejRFyHTI8eZmxS+eU=; b=MwKvJOurlgTyPVGVjJq66gk80VTzzvyrYCz+7nXpg 32/5jWkFFdWXI8c4mRrOOtJFjZSrQLX/mzeIuxGZoNNL0YU9DL0+yo+g0Im/me6P Puvi2YVoKtVHOD2zv55CnJfE19HBjzfat51tUnQz6N707BPTb5QNNxeJFfv3xjEg oM=
DomainKey-Signature: a=rsa-sha1; s=MDaemon; d=consulintel.es; c=simple; q=dns; h=from:message-id; b=c1O+yHXnhevhjoeVDJbDXDrKeKBWVSIob9dF4p0iR2a7NuatPo8dZbp0QqUZ B0KH9b2gdIhNcHAk0HXsiGnG9mrXRFdfGILjWnSDPlvrrrhq8cvGWBXHD dUgZlsZ0SZ5iLLtc5jAGOw/AuZdRS4rBxavvEPACZxECPQBVmf+NZo=;
X-MDAV-Processed: mail.consulintel.es, Fri, 04 Nov 2016 16:29:49 +0100
X-Spam-Processed: mail.consulintel.es, Fri, 04 Nov 2016 16:29:45 +0100
Received: from [10.10.10.99] by mail.consulintel.es (MDaemon PRO v11.0.3) with ESMTP id md50005195875.msg for <homenet@ietf.org>; Fri, 04 Nov 2016 16:29:44 +0100
X-MDOP-RefID: re=0.000,fgs=0 (_st=1 _vt=0 _iwf=0)
X-Authenticated-Sender: jordi.palet@consulintel.es
X-HashCash: 1:20:161104:md50005195875::sRCWrmj3V59MJ+oO:00000hRr
X-Return-Path: prvs=1116d822b0=jordi.palet@consulintel.es
X-Envelope-From: jordi.palet@consulintel.es
X-MDaemon-Deliver-To: homenet@ietf.org
User-Agent: Microsoft-MacOutlook/f.1b.0.161010
Date: Fri, 04 Nov 2016 16:29:42 +0100
From: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>
To: Lee.Howard@charter.com, Tim Chown <Tim.Chown@jisc.ac.uk>, "homenet@ietf.org" <homenet@ietf.org>
Message-ID: <CBFEFD41-41E6-4A0C-A77E-E67F8AAFE76E@consulintel.es>
Thread-Topic: [homenet] write up of time without clocks
References: <24389.1477921009@obiwan.sandelman.ca> <8737jbe53w.wl-jch@pps.univ-paris-diderot.fr> <m1c1aQj-0000HHC@stereo.hq.phicoh.net> <f0c09d91-cb58-5568-d2d6-810131bc450e@gmail.com> <m1c1snP-0000HpC@stereo.hq.phicoh.net> <a7bdc36e-1567-defd-3346-31e30d88db26@gmail.com> <871syt32c1.wl-jch@pps.univ-paris-diderot.fr> <m1c2GGL-0000GMC@stereo.hq.phicoh.net> <2D09D61DDFA73D4C884805CC7865E6114DA2EEBF@GAALPA1MSGUSRBF.ITServices.sbc.com> <c22476f6-a4c9-4b45-846b-e1adf89aaf0b@gmail.com> <B41B07F4-2337-4D9F-B225-CEA584025C81@iki.fi> <2D09D61DDFA73D4C884805CC7865E6114DA2F297@GAALPA1MSGUSRBF.ITServices.sbc.com> <A9415A12-62D5-4AFF-BCB4-341C28BF7C9A@consulintel.es> <7A9F770B-CED5-4562-8165-DE1C51435EA7@jisc.ac.uk> <E8216856-25DF-4AE9-8818-61CC7F2E3FBF@consulintel.es> <BB999C93-0DB7-4B7C-A645-CCF60363EA04@charter.com>
In-Reply-To: <BB999C93-0DB7-4B7C-A645-CCF60363EA04@charter.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/XX5WlO64dWHB1fwiMoDM7pUEBFg>
Cc: "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>, Keith Moore <moore@network-heretics.com>, "rbarnes@mozilla.com" <rbarnes@mozilla.com>
Subject: Re: [homenet] write up of time without clocks
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: jordi.palet@consulintel.es
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2016 15:30:09 -0000

I think we are talking about different issues here, the point is security requirement to avoid the CPEs to be easily “controlled” for attacks …

Regards,
Jordi


-----Mensaje original-----
De: homenet <homenet-bounces@ietf.org> en nombre de "Howard, Lee L" <Lee.Howard@charter.com>
Responder a: <Lee.Howard@charter.com>
Fecha: viernes, 4 de noviembre de 2016, 15:42
Para: JORDI PALET MARTINEZ <jordi.palet@consulintel.es>, Tim Chown <Tim.Chown@jisc.ac.uk>, "homenet@ietf.org" <homenet@ietf.org>
CC: "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>, Keith Moore <moore@network-heretics.com>, "rbarnes@mozilla.com" <rbarnes@mozilla.com>
Asunto: Re: [homenet] write up of time without clocks

    
    
    
    
    
    On 11/4/16, 8:11 AM, "homenet on behalf of JORDI PALET MARTINEZ" <homenet-bounces@ietf.org on behalf of jordi.palet@consulintel.es> wrote:
    
    >I guess the problem is that this document is NOT targeted to CPEs:
    >
    >      In principle these requirements apply to all hosts that connect to
    >      the Internet, but this list of requirements is specifically
    >      targeted at devices that are constrained in their capabilities,
    >      more than general-purpose programmable hosts (PCs, servers,
    >      laptops, tablets, etc.), routers, middleboxes, etc.  While this is
    >      a fuzzy boundary, it reflects the current understanding of IoT.  A
    >      more detailed treatment of some of the constraints of IoT devices
    >      can be found in [RFC7228].
    >
    >Not sure if we want a separate document, as it seems to me that the requirements are very close or we may need to reword a bit the text above to make it more clear, etc.
    
    We already have a separate document: https://tools.ietf.org/html/rfc7084 "IPv6 CE Router Requirements"
    
    It says CPE router SHOULD support 6rd and SHOULD support DS-Lite.
    
    
    Lee
    
    
    >
    >Also is BCP the way if we want authorities to mandate it?
    >
    >Saludos,
    >Jordi
    >
    >
    >-----Mensaje original-----
    >De: homenet <homenet-bounces@ietf.org> en nombre de Tim Chown <Tim.Chown@jisc.ac.uk>
    >Responder a: <Tim.Chown@jisc.ac.uk>
    >Fecha: viernes, 4 de noviembre de 2016, 12:43
    >Para: "homenet@ietf.org" <homenet@ietf.org>
    >CC: "hannes.tschofenig@gmx.net" <hannes.tschofenig@gmx.net>, Keith Moore <moore@network-heretics.com>, "rbarnes@mozilla.com" <rbarnes@mozilla.com>
    >Asunto: Re: [homenet] write up of time without clocks
    >
    >    
    >    
    >    
    >    Hi,
    >    
    >    
    >    On 4 Nov 2016, at 08:34, JORDI PALET MARTINEZ <jordi.palet@consulintel.es> wrote:
    >    
    >    Exactly. Same as we have regulations like UL, FCC, EC, etc., the same certifications must care about a minimum set of security, upgradeability, etc., features.
    >    
    >    So the extra cost for the vendors is almost cero if we are talking about the same certifications entities, just new test added to the actual sets.
    >    
    >    If you don’t comply the certification, your products will not be accepted in customs from a very high number of countries, so you will be somehow forced to follow them.
    >    
    >    The question here, is homenet the right venue for creating those minimum requirements?
    >    
    >    
    >    
    >    
    >    
    >    
    >    Perhaps contribute to draft-moore-iot-security-bcp-00?
    >    
    >    
    >    See https://tools.ietf.org/html/draft-moore-iot-security-bcp-00
    >    
    >    
    >    This was submitted at the Seoul deadline.  Authors copied.
    >    
    >    
    >    Tim
    >    
    >    
    >    
    >    Regards,
    >    Jordi
    >    
    >    
    >    -----Mensaje original-----
    >    De: homenet <homenet-bounces@ietf.org> en nombre de "STARK, BARBARA H" <bs7652@att.com>
    >    Responder a: <bs7652@att.com>
    >    Fecha: jueves, 3 de noviembre de 2016, 21:19
    >    Para: Markus Stenberg <markus.stenberg@iki.fi>, Brian E Carpenter <brian.e.carpenter@gmail.com>
    >    CC: Philip Homburg <pch-homenet-2@u-1.phicoh.com>, "homenet@ietf.org" <homenet@ietf.org>, Juliusz Chroboczek
    >     <jch@pps.univ-paris-diderot.fr>
    >    Asunto: Re: [homenet] write up of time without clocks
    >    
    >    
    >    Yes, I agree it's possible to do better, but what's the incentive for
    >    a bottom-feeding vendor of cheap devices to bother?
    >    
    >    
    >    
    >    I hate to say this, but how about legal solutions? 
    >    
    >    
    >    
    >       My reading of the tea leaves: either the industry creates its own certification plan, or the regulators will do it for us.
    >       Here is a data point:
    >       https://www.euractiv.com/section/innovation-industry/news/commission-plans-cybersecurity-rules-for-internet-connected-machines/
    >       In the US, both the FCC and FTC are showing keen interest.
    >       I'd rather the industry get there first.
    >       And, BTW, it's also been suggested that devices list their "end of life" date when they're sold. After which no updates may be provided. And remotely-triggered "kill switch" may be used if a bad vulnerability is discovered after that date.
    >    
    >       Another recommendation is default passwords be unique per device, and not easily determined from MAC address, firmware revision, etc., and be changeable.
    >    
    >       That is, it's not just about upgradability. It is also passwords, encryption, and messaging/promises/guarantees that are made.
    >       Just like cars now have seatbelts, front and side airbags, crumple zones, and lemon laws.
    >       There are a number of industry whitepapers coming out on this topic, and conferences/meetings being held. It's all the rage right now.
    >    
    >    
    >       Barbara
    >       _______________________________________________
    >       homenet mailing list
    >       homenet@ietf.org
    >       https://www.ietf.org/mailman/listinfo/homenet
    >    
    >    
    >    
    >    
    >    
    >    **********************************************
    >    IPv4 is over
    >    Are you ready for the new Internet ?
    >    http://www.consulintel.es
    >    The IPv6 Company
    >    
    >    This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or
    >     use of the contents of this information, including attached files, is prohibited.
    >    
    >    
    >    
    >    _______________________________________________
    >    homenet mailing list
    >    homenet@ietf.org
    >    https://www.ietf.org/mailman/listinfo/homenet
    >    
    >    
    >    
    >    
    >    
    >    
    >    
    >    
    >    
    >    _______________________________________________
    >    homenet mailing list
    >    homenet@ietf.org
    >    https://www.ietf.org/mailman/listinfo/homenet
    >    
    >
    >
    >
    >**********************************************
    >IPv4 is over
    >Are you ready for the new Internet ?
    >http://www.consulintel.es
    >The IPv6 Company
    >
    >This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
    >
    >
    >
    >_______________________________________________
    >homenet mailing list
    >homenet@ietf.org
    >https://www.ietf.org/mailman/listinfo/homenet
    _______________________________________________
    homenet mailing list
    homenet@ietf.org
    https://www.ietf.org/mailman/listinfo/homenet
    



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.

v2.23.0 | Report a Bug | By Email