Re: [perpass] Tiny stacks

Phillip Hallam-Baker <hallam@gmail.com> Tue, 10 December 2013 00:43 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 070AF1AE027 for <perpass@ietfa.amsl.com>; Mon, 9 Dec 2013 16:43:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ngl0pTmseS2q for <perpass@ietfa.amsl.com>; Mon, 9 Dec 2013 16:43:27 -0800 (PST)
Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com [IPv6:2a00:1450:400c:c00::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 242AD1AE021 for <perpass@ietf.org>; Mon, 9 Dec 2013 16:43:26 -0800 (PST)
Received: by mail-wg0-f47.google.com with SMTP id n12so4265353wgh.14 for <perpass@ietf.org>; Mon, 09 Dec 2013 16:43:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=m179xwrckmr6OyW4xZ840XHldrQoQHZ4/05UZGeP7c4=; b=R7csohqwPlJfUmjCj4wFlRYHthvKZJ6KCtFoVGH5Y9anjhWepHaWGPD2j+97Hun06A 0z6VLvuz9AhRT1hMmdcCQY4XTx+RzpBzZylKO/FZQw2VHgPyfgLtLCDnih1fKhGcohK7 j9gRmqo/CBYquREfVyfJdep4y1FApkNx8n/uJcRAvQ/SPdzUDk+nGtP2k4PX327+qsoX yVLLmLlvjONFmB+F1gkBqryUZiEaHqF6opmZyIkDoRYVvIbi67vXgi4mcY8gtuai6QuF ox1c9Kld0wcbM2eLhbECT3bxh/ZoeS9Vlfc4JeSxLIZcgnfWt7T1kxkHwhtZ+naewG/L Bzjw==
MIME-Version: 1.0
X-Received: by 10.194.94.167 with SMTP id dd7mr38034874wjb.43.1386636201635; Mon, 09 Dec 2013 16:43:21 -0800 (PST)
Received: by 10.194.243.136 with HTTP; Mon, 9 Dec 2013 16:43:21 -0800 (PST)
In-Reply-To: <52A66042.9060801@gmail.com>
References: <290E20B455C66743BE178C5C84F1240847E5103799@EXMB01CMS.surrey.ac.uk> <2C66A416-5F07-4803-A4C0-BB61734BA42E@nominum.com> <290E20B455C66743BE178C5C84F1240847E510379A@EXMB01CMS.surrey.ac.uk> <529F7690.2050302@gmx.net> <290E20B455C66743BE178C5C84F1240847E510379C@EXMB01CMS.surrey.ac.uk> <52A1BBBC.9090509@cs.tcd.ie> <290E20B455C66743BE178C5C84F1240847E510379D@EXMB01CMS.surrey.ac.uk> <52A4D7D9.9000603@cs.tcd.ie> <52A4E412.4030804@gmail.com> <72B86100-E73E-46BD-ABD6-8E35D56DBDDA@cisco.com> <52A61E4C.6020403@gmail.com> <52A62E98.2060705@gmx.net> <52A63CF9.7020303@gmail.com> <CAL02cgRYNNC7Emx=98a621PTPHDweLRTc=wjVhpRo-5yhVD=-Q@mail.gmail.com> <52A65049.2070903@cs.tcd.ie> <52A66042.9060801@gmail.com>
Date: Mon, 09 Dec 2013 19:43:21 -0500
Message-ID: <CAMm+LwhQXewmAX4-uAVABRs64cTcS3jiNx1nReUh+Q6B9HCH-w@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Content-Type: multipart/alternative; boundary="047d7bb03c463b35fe04ed236671"
Cc: Richard Barnes <rlb@ipv.sx>, "Stewart Bryant (stbryant)" <stbryant@cisco.com>, perpass <perpass@ietf.org>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] Tiny stacks
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2013 00:43:30 -0000

On Mon, Dec 9, 2013 at 7:28 PM, Brian E Carpenter <
brian.e.carpenter@gmail.com> wrote:

> On 10/12/2013 12:20, Stephen Farrell wrote:
> ...
> > Its not directly relevant to pervasive monitoring, but IMO the
> > worst security thing about tiny devices is the lack of s/w or
> > firmware update. Without that, we're basically screwed istm. And
> > we don't look like we're getting that, not even in proprietary
> > flavours. Or maybe I'm out of date on that? Would love to be.
>
> We're not screwed if (and only if) such devices can only communicate
> with the rest of the world via some larger box. That needs to
> include all forms of communication, of course, including near-field,
> to avoid walk-by snooping.
>
> Indeed I am not sure that's possible. At some point we'll need
> to start suspecting give-away pens of being surveillance devices
> distributed by the thousand.


We are already at that point with USB memory sticks. Quite a few have ended
up being corrupted with malware.

There is certainly a need here and it is significant. But I think the
answers are going to have to be regulation and audits and the like.

What we can do about this in the IETF is quite limited. What we could do is
to have some sort of device registration protocol whereby the device gains
access to the network by first proposing a 'contract' specifying all the
ports and protocols it is going to speak. The network infrastructure could
then default-deny any access outside that contract.

This would then reduce the audit task from observing the behavior of the
device to checking the facilities it asks for and seeing if they are
acceptable.




-- 
Website: http://hallambaker.com/