Re: Getting on with Things
Eliot Lear <lear@cisco.com> Wed, 09 March 2016 18:14 UTC
Return-Path: <lear@cisco.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9C8512D90D for <ietf@ietfa.amsl.com>; Wed, 9 Mar 2016 10:14:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.521
X-Spam-Level:
X-Spam-Status: No, score=-14.521 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([127.0.0.1]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jRppPOpX2WsE for <ietf@ietfa.amsl.com>; Wed, 9 Mar 2016 10:14:48 -0800 (PST)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD4BC12D911 for <ietf@ietf.org>; Wed, 9 Mar 2016 10:14:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7775; q=dns/txt; s=iport; t=1457547283; x=1458756883; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=gRhDRiBc1kJo2KD/aWTOz/1YwMzmiNriwJGdKojpcbg=; b=f21+XvzeTxXj7RrPS1XdzyZQzWRcf66Ua37LoiofXzKbO3Tsxmv+HZ1l ubqCso5YoVwLPgA2mz4rfrJ6bXGbeeCcnSNiqDphSPkTNDIbxuudLF0xZ 8LP+DDYy7ENeSy34qKetRag58HJ45GqsJ+5RJy+6+NtzkCVQ6Vyu2r1AC 8=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CqBACfZ+BW/xbLJq1UCYQNvTyGDwKCFgEBAQEBAWUnhEIBAQQjVQEQCwQUCRYLAgIJAwIBAgFFBgEMCAEBiCCwEo8lAQEBAQEBAQEBAQEBAQEBAQEBAQEBDQiKWoQRA4MmgToFh2GPVoMTgWWIeokrhVGOXmKBfoFnO4hGgTsBAQE
X-IronPort-AV: E=Sophos;i="5.24,312,1454976000"; d="asc'?scan'208,217";a="633745172"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 09 Mar 2016 18:14:07 +0000
Received: from [10.61.82.223] (ams3-vpn-dhcp4832.cisco.com [10.61.82.223]) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id u29IE5Co031728; Wed, 9 Mar 2016 18:14:06 GMT
Subject: Re: Getting on with Things
To: adrian@olddog.co.uk, 'Michael Richardson' <mcr@sandelman.ca>, 'Phillip Hallam-Baker' <phill@hallambaker.com>
References: <E83FC2B4-867D-44C9-AE1B-F4C414ABD041@piuha.net> <4A95BA014132FF49AE685FAB4B9F17F657DF2330@dfweml701-chm> <EDFB7D0B-2A49-46BD-A84C-0E1FA07793FA@piuha.net> <20160307133944.GB25576@gsp.org> <56DD876C.6050008@cs.tcd.ie> <CAMm+LwiBT9S-twGVzC-7yVBZ9dHA3+8f4ffPv3LyoZ_8+kdqmw@mail.gmail.com> <9059.1457534150@obiwan.sandelman.ca> <56E043FA.5060205@cisco.com> <00e301d17a24$2d48eba0$87dac2e0$@olddog.co.uk>
From: Eliot Lear <lear@cisco.com>
Message-ID: <56E067EC.5010804@cisco.com>
Date: Wed, 09 Mar 2016 19:14:04 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <00e301d17a24$2d48eba0$87dac2e0$@olddog.co.uk>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="kRdjp3xa1J5AwO4IKnqakrVo3O8Hi3MiV"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/zLEgSMy2E8kio1IJddSagGvvFsc>
Cc: 'IETF' <ietf@ietf.org>, 'Rich Kulawiec' <rsk@gsp.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2016 18:14:49 -0000
Hi Adrian and thanks for your comment. On 3/9/16 5:53 PM, Adrian Farrel wrote: > Eliot, > > Picking one piece out of your MUD... > >> I've floated an idea in draft-lear-mud-framework-00.txt which talks a >> little about this. The idea is to learn what the Thing is and then have >> its manufacturer communicate to a deployment how the thing is intended >> to be used. > This approach worries me. While the manufacturer might not object to this, the user and the system integrator should. The fact that a device was manufactured for foo should not stop it being used for bar. > I imagine you'll not be surprised to know that you're not the first to raise this concern. And it plays in at least two directions: devices are given too little or too much access. Some time ago, Cullen pointed me to the case of a television that he would like not to have access to the Internet, lest its microphone send stuff upstream to the manufacturer. That is actually the harder problem because the manufacturer will offer other services, perhaps some of them vital, that the network will not be able to distinguish from the unwanted services, perhaps through HTTP2/TLS. But let's stick to your concern for the moment. First, a great many devices will have a limited number of uses. In these cases, there is little if any tussle, as Carsten put it. Printers print. They may accept numerous protocols to accomplish this task (such as LPD, IPP, etc). Limiting inbound access to those protocols seems reasonable and addresses the cases where- * someone accidentally left the SSH (or some other) code in; * the device is misbehaving (e.g., stepping out of that profile); * someone is attempting to talk to that device that has no business printing (this might be the null set as far as the example of printing is concerned, but you can envision many cases where that would not be true). Moreover, in this case, because these rules are intended as guidance to the router, it should be possible for the administrator to override or modify them. The administrator might want to apply different rules based on the class of device. The approach taken separates identity of the type of device from the usage description itself, and the former may be used without the latter if that is desired. Eliot
- Getting off Things - namely this mailing list tom p.
- Observations on (non-technical) changes affecting… Jari Arkko
- RE: Observations on (non-technical) changes affec… Linda Dunbar
- Re: Observations on (non-technical) changes affec… Jari Arkko
- RE: Observations on (non-technical) changes affec… Dave Cridland
- Re: Observations on (non-technical) changes affec… Randy Bush
- Re: Observations on (non-technical) changes affec… Melinda Shore
- Re: Observations on (non-technical) changes affec… Joel M. Halpern
- Re: Observations on (non-technical) changes affec… Rich Kulawiec
- Re: Observations on (non-technical) changes affec… Stephen Farrell
- Re: Observations on (non-technical) changes affec… Randy Bush
- Re: Observations on (non-technical) changes affec… Phillip Hallam-Baker
- Security for the Internet of Things and Other Thi… Jari Arkko
- RE: Observations on (non-technical) changes affec… Dirk Kutscher
- Re: Observations on (non-technical) changes affec… Jari Arkko
- Re: Observations on (non-technical) changes affec… Michael Richardson
- Re: Security for the Internet of Things and Other… Michael Richardson
- Re: Security for the Internet of Things and Other… Carsten Bormann
- Getting on with Things Eliot Lear
- Re: Security for the Internet of Things and Other… Theodore V Faber
- RE: Getting on with Things Adrian Farrel
- Re: Getting on with Things Carsten Bormann
- Re: Getting on with Things Stewart Bryant
- Re: Getting on with Things Carsten Bormann
- Re: Getting on with Things Stewart Bryant
- Re: Getting on with Things Eliot Lear
- Re: Observations on (non-technical) changes affec… Brian E Carpenter
- Re: Getting on with Things Michael Richardson
- Re: Getting on with Things Carsten Bormann
- Re: Getting on with Things Medel Ramirez
- Re: Security for the Internet of Things and Other… Phillip Hallam-Baker
- Re: Getting on with Things Gmail
- Re: Security for the Internet of Things and Other… Livingood, Jason
- Re: Security for the Internet of Things and Other… Scott Kitterman
- Re: Security for the Internet of Things and Other… Eliot Lear
- Re: Security for the Internet of Things and Other… Stewart Bryant
- Re: Observations on (non-technical) changes affec… Charles Eckel (eckelcu)
- Re: Observations on (non-technical) changes affec… Dave Crocker
- Re: Observations on (non-technical) changes affec… Phillip Hallam-Baker
- Re: Observations on (non-technical) changes affec… Jari Arkko
- Re: Observations on (non-technical) changes affec… Phillip Hallam-Baker
- Re: Observations on (non-technical) changes affec… Charles Eckel (eckelcu)
- Re: Observations on (non-technical) changes affec… l.wood
- Re: Observations on (non-technical) changes affec… George Michaelson
- Re: Observations on (non-technical) changes affec… Eggert, Lars
- Re: Observations on (non-technical) changes affec… Phillip Hallam-Baker
- Re: Observations on (non-technical) changes affec… lloyd.wood
- Re: Observations on (non-technical) changes affec… Eggert, Lars
- Re: Observations on (non-technical) changes affec… S Moonesamy
- Re: Observations on (non-technical) changes affec… Joseph Lorenzo Hall
- Re: Observations on (non-technical) changes affec… Joseph Lorenzo Hall
- Re: Observations on (non-technical) changes affec… S Moonesamy
- Re: Observations on (non-technical) changes affec… Randy Bush
- RE: Observations on (non-technical) changes affec… Russ White
- Re: Observations on (non-technical) changes affec… Melinda Shore
- Re: Observations on (non-technical) changes affec… Eliot Lear