Re: [perpass] Tiny stacks
Richard Barnes <rlb@ipv.sx> Mon, 09 December 2013 23:21 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6A7E1ADE8B for <perpass@ietfa.amsl.com>; Mon, 9 Dec 2013 15:21:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 84UcxuBQKvrt for <perpass@ietfa.amsl.com>; Mon, 9 Dec 2013 15:21:29 -0800 (PST)
Received: from mail-ob0-f171.google.com (mail-ob0-f171.google.com [209.85.214.171]) by ietfa.amsl.com (Postfix) with ESMTP id DD0F01AD8EE for <perpass@ietf.org>; Mon, 9 Dec 2013 15:21:28 -0800 (PST)
Received: by mail-ob0-f171.google.com with SMTP id wp18so4540794obc.30 for <perpass@ietf.org>; Mon, 09 Dec 2013 15:21:23 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=cU6Ci7CCIpPlL5VEN/hn8jw6yBRxJZBweJ4lTaktQM0=; b=SVwIKcUrnOLOt1AZpkYm2hqmp7iCucj8BlD0J8chABixYLN3AeBzU68zyVZ4OollF+ boZEc7SG8ijKlxZs62KTt2O2BL0+mIyhlGF0WKbmWtfylHI+y8Z5oW9ygXzvmw/7LJ/Z Ha03n15A897Qwi2D02QCGf1fGrDmfsAzChB7vNBpELGq41CQuIV7oIdl9889jhixqUBg VZiYVVdwFUp3wDRKpdSUKMLlyuelNzc1FUPpJorqva+bgqnX2TLW4XhIGpc25HB8QQkZ jXTDp5zBGJf/Lwapo0mYxF10WJSetGeZ2K6rugqKQniFVDrNXVZnkveRubrChVoKv0/w ZoGQ==
X-Gm-Message-State: ALoCoQkFI6fQXDumQGdsnXeD5yrJHdnCn2+pbOVArBh3cqCcOztuTjaNB+uCezM2+E/l06bCUCe0
MIME-Version: 1.0
X-Received: by 10.182.107.164 with SMTP id hd4mr4523359obb.58.1386631283755; Mon, 09 Dec 2013 15:21:23 -0800 (PST)
Received: by 10.60.31.74 with HTTP; Mon, 9 Dec 2013 15:21:23 -0800 (PST)
In-Reply-To: <CABkgnnWX+=7Ui28RKNhN5_mwg9Sd3SbE1d4gvj7mUUXFO-ze3w@mail.gmail.com>
References: <290E20B455C66743BE178C5C84F1240847E5103799@EXMB01CMS.surrey.ac.uk> <2C66A416-5F07-4803-A4C0-BB61734BA42E@nominum.com> <290E20B455C66743BE178C5C84F1240847E510379A@EXMB01CMS.surrey.ac.uk> <529F7690.2050302@gmx.net> <290E20B455C66743BE178C5C84F1240847E510379C@EXMB01CMS.surrey.ac.uk> <52A1BBBC.9090509@cs.tcd.ie> <290E20B455C66743BE178C5C84F1240847E510379D@EXMB01CMS.surrey.ac.uk> <52A4D7D9.9000603@cs.tcd.ie> <52A4E412.4030804@gmail.com> <72B86100-E73E-46BD-ABD6-8E35D56DBDDA@cisco.com> <52A61E4C.6020403@gmail.com> <52A62E98.2060705@gmx.net> <52A63CF9.7020303@gmail.com> <CAL02cgRYNNC7Emx=98a621PTPHDweLRTc=wjVhpRo-5yhVD=-Q@mail.gmail.com> <CABkgnnWX+=7Ui28RKNhN5_mwg9Sd3SbE1d4gvj7mUUXFO-ze3w@mail.gmail.com>
Date: Mon, 09 Dec 2013 18:21:23 -0500
Message-ID: <CAL02cgRs69O4NueRCBjea1tdCw5mXNUQcfNeZFhGN58HjS4dvQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="089e01175e4d1a608404ed2241df"
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] Tiny stacks
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2013 23:21:31 -0000
On Mon, Dec 9, 2013 at 6:07 PM, Martin Thomson <martin.thomson@gmail.com>wrote: > On 9 December 2013 15:03, Richard Barnes <rlb@ipv.sx> wrote: > > In point of fact, most of the interesting IoT vulnerabilities we've seen > so > > far have not been due to either of the above problems, but rather to > > manufacturers making stupid decisions that couldn't have been fixed by > any > > number of RFCs. > > Do you mean to say that RFCs are not the place to address this > introduction problem, or that people ignore RFCs? The latter is > something we already deal with; the former seems doable, were there > the will to do so. > I'm thinking of things like these... < http://thehackernews.com/2013/08/hacking-HP-printers-Vulnerability-wifi-password.html# > <http://bgr.com/2013/11/20/lg-smart-tv-spying/> ... which do not seem like RFC-able things (so, the latter). Both are poor design decisions; the first not applying authentication/authorization, and the second, well, just epically failing. What are you going to do, require someone to set a jumper for DNT?
- [perpass] Commnets on draft-farrell-perpass-attac… l.wood
- Re: [perpass] Commnets on draft-farrell-perpass-a… Ted Lemon
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Phillip Hallam-Baker
- Re: [perpass] Commnets on draft-farrell-perpass-a… l.wood
- Re: [perpass] Commnets on draft-farrell-perpass-a… Ted Lemon
- Re: [perpass] Commnets on draft-farrell-perpass-a… Theodore Ts'o
- Re: [perpass] Commnets on draft-farrell-perpass-a… Hannes Tschofenig
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Mark Nottingham
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Jacob Appelbaum
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Jacob Appelbaum
- Re: [perpass] Commnets on draft-farrell-perpass-a… Phillip Hallam-Baker
- Re: [perpass] Commnets on draft-farrell-perpass-a… Bruce Perens
- Re: [perpass] Commnets on draft-farrell-perpass-a… Stephane Bortzmeyer
- Re: [perpass] Commnets on draft-farrell-perpass-a… Josh Howlett
- Re: [perpass] Commnets on draft-farrell-perpass-a… Stephen Farrell
- Re: [perpass] Commnets on draft-farrell-perpass-a… Josh Howlett
- Re: [perpass] Commnets on draft-farrell-perpass-a… Stephen Farrell
- Re: [perpass] Commnets on draft-farrell-perpass-a… Josh Howlett
- Re: [perpass] Commnets on draft-farrell-perpass-a… Stephen Farrell
- [perpass] Tiny stacks Brian E Carpenter
- Re: [perpass] Tiny stacks Richard Barnes
- Re: [perpass] Tiny stacks Robin Wilton
- Re: [perpass] Tiny stacks Paul Ferguson
- Re: [perpass] Tiny stacks Hannes Tschofenig
- [perpass] Way forward? [Was: Tiny stacks] Martin Millnert
- Re: [perpass] Tiny stacks Brian E Carpenter
- Re: [perpass] Tiny stacks Phillip Hallam-Baker
- Re: [perpass] Tiny stacks Richard Barnes
- Re: [perpass] Tiny stacks Martin Thomson
- Re: [perpass] Tiny stacks Stephen Farrell
- Re: [perpass] Tiny stacks Richard Barnes
- Re: [perpass] Tiny stacks Bjoern Hoehrmann
- Re: [perpass] Tiny stacks Richard Barnes
- Re: [perpass] Tiny stacks Stephen Farrell
- Re: [perpass] Tiny stacks Stephen Farrell
- Re: [perpass] Tiny stacks Brian E Carpenter
- Re: [perpass] Tiny stacks Phillip Hallam-Baker
- Re: [perpass] Tiny stacks Stephen Farrell
- Re: [perpass] Tiny stacks Phillip Hallam-Baker
- Re: [perpass] Tiny stacks Robin Wilton
- Re: [perpass] Tiny stacks Joseph Lorenzo Hall
- Re: [perpass] Tiny stacks Scott Brim
- Re: [perpass] Tiny stacks Scott Brim
- Re: [perpass] Tiny stacks Phillip Hallam-Baker
- Re: [perpass] Tiny stacks Dean Willis