IETF Logo Mail Archive

Re: [Spud] SPUD's open/close are unconvincing

Toerless Eckert <eckert@cisco.com> Thu, 09 April 2015 18:51 UTC

Return-Path: <eckert@cisco.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CD881A8827 for <spud@ietfa.amsl.com>; Thu, 9 Apr 2015 11:51:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r9M25GrLkHtf for <spud@ietfa.amsl.com>; Thu, 9 Apr 2015 11:51:27 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E7A31A882F for <spud@ietf.org>; Thu, 9 Apr 2015 11:51:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4294; q=dns/txt; s=iport; t=1428605484; x=1429815084; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=fYatKimSngwhuDQWn2Vrtx0CidF6ZXx9oKn3QjWLEIk=; b=fST2w430ixjzZC4gLAeUTtlZQ5Bm+aH6RDPzOaCiGY6kbDVN77PPZnIP oI3tk7FXrTZG8Qq1+DY2un6KoSRBT3bU0FjD5l/+GPW4yxB2IFMsc7Nnx E5VtRZEgoFbBeJl83vI+NL0tVOhimZfdYL6rg+T4NbE2NGeIHYrP7k6Z8 E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CKBQCxySZV/4sNJK1cgwhSXMYohX8CgUVMAQEBAQEBfoQgAQEEOj8QCxgJJQ8FSROIKg3OTgEBAQEBAQEBAQEBAQEBAQEBAQEBARMEiyuEIwcBAQcHQgeELQWLK49gAYEdgzeMQ4NLIoIDHIFwHjEBgQEBAQcXgSEBAQE
X-IronPort-AV: E=Sophos;i="5.11,551,1422921600"; d="scan'208";a="410566313"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-3.cisco.com with ESMTP; 09 Apr 2015 18:51:23 +0000
Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id t39IpN0m004594 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 9 Apr 2015 18:51:23 GMT
Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id t39IpMlp029362; Thu, 9 Apr 2015 11:51:22 -0700
Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id t39IpL6n029361; Thu, 9 Apr 2015 11:51:21 -0700
Date: Thu, 9 Apr 2015 11:51:21 -0700
From: Toerless Eckert <eckert@cisco.com>
To: Tom Herbert <tom@herbertland.com>
Message-ID: <20150409185121.GZ24286@cisco.com>
References: <DM2PR0301MB06555C7D7F32A69214405D44A8FC0@DM2PR0301MB0655.namprd03.prod.outlook.com> <20150408193920.GD24286@cisco.com> <871tju2rdq.fsf@alice.fifthhorseman.net> <20150409012229.GG24286@cisco.com> <CALx6S35NH9yPZxeARTic10b0jFEi8aC4Gmt79cxuzF_VpYYqLA@mail.gmail.com> <20150409041507.GJ24286@cisco.com> <CAMm+LwgD8Foe=JdJvZ4oeuhGkJJvUaNOsCJATGDsRmBwN4en_w@mail.gmail.com> <CALx6S37PO+1_iqv44-QtNT_=ThMBbffOa-vNtG8wLSyFoGYU4A@mail.gmail.com> <20150409174603.GX24286@cisco.com> <CALx6S35ihypT_QGAaf08bmk3_P7XGLVbss0sgASkTuv+_e9NSg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CALx6S35ihypT_QGAaf08bmk3_P7XGLVbss0sgASkTuv+_e9NSg@mail.gmail.com>
User-Agent: Mutt/1.4.2.2i
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/Af7MigA4jCub6s7JhtAsgQRvceE>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, "spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] SPUD's open/close are unconvincing
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Apr 2015 18:51:29 -0000

If all IoT devices could hace a touchscreen and personal operator
bringing them to places for failed upgrade help and 70% of them
would be 48 monthly throwaways that never get upgraded anyhow,
i would certainly want to clone the smartphone operational model
to those IoT devices. 

Just look at the uproar generated recently for security attacks
against BIOSs. You need clear security perimeters, and the
question is why a reliable transport stack for an app would
need to be in a more secure perimeter than the app itself.


On Thu, Apr 09, 2015 at 11:40:20AM -0700, Tom Herbert wrote:
> On Thu, Apr 9, 2015 at 10:46 AM, Toerless Eckert <eckert@cisco.com> wrote:
> > Glad you didn't ask how SPUD can solve world peace, because i am
> > still researching that aspect.
> >
> > There is a lot of work going on wit security models of device deployment,
> > you may want to look at 6LO, 6TISCH, ACE, DICE, ANIMA and there is a
> > lot more outside the IETF. I would see that work as prerequisites
> > to move forward.
> >
> > IN general, i think there is one good and sane device operations method,
> > in IoT which is to NOT upgrade the OS after initial device deployment,
> > but just upgrade/modify applications. And with SPUD, that means you
> > now can upgrade/fix/improve transport layer.
> >
> Well, there's already over a billion smartphones in the world which
> are already regularly updating their OS and this hasn't yet led to
> mass anarchy. You can certainly make avoiding OS updates and avoiding
> OS in general a design point for your products, but this is not a
> relevant design point or requirement for a networking protocol. As I
> said, it's a red herring wrt SPUD.
> 
> > Just think of the problem of network based self-upgrade of OS SW in a
> > reliable fashion with limited Flash/NAND storage or the operational
> > issues in IoT for a PXE/AMT Sw upgrade workflow. Lots of challenges with that.
> >
> > Just strip down the OS to the bare minimum for operations with a strong
> > security perimeter, do the rest at the app-level.
> >
> > Cheers
> >     Toerless
> >
> > On Thu, Apr 09, 2015 at 10:22:59AM -0700, Tom Herbert wrote:
> >> On Thu, Apr 9, 2015 at 6:09 AM, Phillip Hallam-Baker
> >> <phill@hallambaker.com> wrote:
> >> > On Thu, Apr 9, 2015 at 12:15 AM, Toerless Eckert <eckert@cisco.com> wrote:
> >> >> On Wed, Apr 08, 2015 at 08:46:24PM -0700, Tom Herbert wrote:
> >> >>> I think the kernel/user-land argument is a red herring.
> >> >>
> >> >> Elaborate please. To me its probably the biggest motivator for
> >> >> SPUD. Otherwise we could design all we need into IP and TCP.
> >> >
> >> > TCP should probably not happen in the kernel either. Nor should
> >> > printer drivers be in the kernel or anything that does not require the
> >> > intermediation of the security monitor.
> >> >
> >> > Looking at the shoot-yourself-in-the-foot opportunities in the IPv6
> >> > encoding, I am not exactly anxious to put all those untrusted code
> >> > paths in a position where they can root the machine.
> >> >
> >> > One of the main reasons the current generation of O/S are chronically
> >> > insecure is that 90% of the stuff that is inside the security
> >> > perimeter has no business being there.
> >> >
> >> The major Internet security problem now is in embedded systems which
> >> are not maintained (which notably includes middleboxes  like home
> >> routers) (https://www.schneier.com/essays/archives/2014/01/the_internet_of_thin.html).
> >> This is not a OS, userspace, or firmware issue, or even protocol a
> >> issue-- but this is an issue with the software deployment model of a
> >> wide array of products. I don't know how SPUD will be able to help
> >> solve this, but it should at least not make things less secure.
> >>
> >> >
> >> > At this point TCP is water under the bridge. But that does not mean we
> >> > are obliged to remake the mistake.
> >> >
> >> > When TCP was designed, the mantra was 'everything is a stream'. That
> >> > was the right abstraction for Telnet and FTP and Mail. It is probably
> >> > not the right abstraction for real time web where an unreliable
> >> > sequence of chunks seems a better fit.

-- 
---
Toerless Eckert, eckert@cisco.com

v2.8.7 | Report a Bug | By Email