IETF Logo Mail Archive

Re: [Spud] SPUD's open/close are unconvincing

Toerless Eckert <eckert@cisco.com> Thu, 09 April 2015 17:46 UTC

Return-Path: <eckert@cisco.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9927F1B2FFF for <spud@ietfa.amsl.com>; Thu, 9 Apr 2015 10:46:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zD7HaVyzI2K9 for <spud@ietfa.amsl.com>; Thu, 9 Apr 2015 10:46:06 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FC861B2FFE for <spud@ietf.org>; Thu, 9 Apr 2015 10:46:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2972; q=dns/txt; s=iport; t=1428601566; x=1429811166; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=stGsGOo14fZPzEYPwRK4MmL4gbmnWUybaogV5tElq20=; b=HLOC3/TuhRTJ0xDVyymZZEUJL4Wu83u9qpI+zpVHSwnAOw4ZKfoDLaQi 6ZhEXmns4+swrl/T5TKfeD54sPyeIlAbP8gGikgJIRi85r/NJ+NPpCQVL 5tuJzyl6fCTZPU38ordjGANrwZAoHFxt/DmnMBgozpS4Do4Gf8h/J/JUe k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BOBADwuSZV/4wNJK1cgwhSXMRHCYFVhXsCgUQ4FAEBAQEBAQF9hCABAQQ6PxALGAklDwVJE4gqDc5DAQEBAQEBAQEBAQEBAQEBAQEBAQEBEwSLK4QjBwEBB0kHhC0FiyePXQGBHYM6kA4ihA8eMQGBAQEIF4EhAQEB
X-IronPort-AV: E=Sophos;i="5.11,551,1422921600"; d="scan'208";a="139784754"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-2.cisco.com with ESMTP; 09 Apr 2015 17:46:05 +0000
Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id t39Hk4xi027577 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 9 Apr 2015 17:46:05 GMT
Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id t39Hk4Zh024894; Thu, 9 Apr 2015 10:46:04 -0700
Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id t39Hk3hJ024892; Thu, 9 Apr 2015 10:46:03 -0700
Date: Thu, 9 Apr 2015 10:46:03 -0700
From: Toerless Eckert <eckert@cisco.com>
To: Tom Herbert <tom@herbertland.com>
Message-ID: <20150409174603.GX24286@cisco.com>
References: <87iod631nv.fsf@alice.fifthhorseman.net> <DM2PR0301MB06555C7D7F32A69214405D44A8FC0@DM2PR0301MB0655.namprd03.prod.outlook.com> <20150408193920.GD24286@cisco.com> <871tju2rdq.fsf@alice.fifthhorseman.net> <20150409012229.GG24286@cisco.com> <CALx6S35NH9yPZxeARTic10b0jFEi8aC4Gmt79cxuzF_VpYYqLA@mail.gmail.com> <20150409041507.GJ24286@cisco.com> <CAMm+LwgD8Foe=JdJvZ4oeuhGkJJvUaNOsCJATGDsRmBwN4en_w@mail.gmail.com> <CALx6S37PO+1_iqv44-QtNT_=ThMBbffOa-vNtG8wLSyFoGYU4A@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CALx6S37PO+1_iqv44-QtNT_=ThMBbffOa-vNtG8wLSyFoGYU4A@mail.gmail.com>
User-Agent: Mutt/1.4.2.2i
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/NOOMyzNtwGxmhwAF0XzTQdRFuW0>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, "spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] SPUD's open/close are unconvincing
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Apr 2015 17:46:12 -0000

Glad you didn't ask how SPUD can solve world peace, because i am
still researching that aspect.

There is a lot of work going on wit security models of device deployment,
you may want to look at 6LO, 6TISCH, ACE, DICE, ANIMA and there is a
lot more outside the IETF. I would see that work as prerequisites
to move forward.

IN general, i think there is one good and sane device operations method,
in IoT which is to NOT upgrade the OS after initial device deployment,
but just upgrade/modify applications. And with SPUD, that means you
now can upgrade/fix/improve transport layer.

Just think of the problem of network based self-upgrade of OS SW in a
reliable fashion with limited Flash/NAND storage or the operational
issues in IoT for a PXE/AMT Sw upgrade workflow. Lots of challenges with that.

Just strip down the OS to the bare minimum for operations with a strong
security perimeter, do the rest at the app-level.

Cheers
    Toerless

On Thu, Apr 09, 2015 at 10:22:59AM -0700, Tom Herbert wrote:
> On Thu, Apr 9, 2015 at 6:09 AM, Phillip Hallam-Baker
> <phill@hallambaker.com> wrote:
> > On Thu, Apr 9, 2015 at 12:15 AM, Toerless Eckert <eckert@cisco.com> wrote:
> >> On Wed, Apr 08, 2015 at 08:46:24PM -0700, Tom Herbert wrote:
> >>> I think the kernel/user-land argument is a red herring.
> >>
> >> Elaborate please. To me its probably the biggest motivator for
> >> SPUD. Otherwise we could design all we need into IP and TCP.
> >
> > TCP should probably not happen in the kernel either. Nor should
> > printer drivers be in the kernel or anything that does not require the
> > intermediation of the security monitor.
> >
> > Looking at the shoot-yourself-in-the-foot opportunities in the IPv6
> > encoding, I am not exactly anxious to put all those untrusted code
> > paths in a position where they can root the machine.
> >
> > One of the main reasons the current generation of O/S are chronically
> > insecure is that 90% of the stuff that is inside the security
> > perimeter has no business being there.
> >
> The major Internet security problem now is in embedded systems which
> are not maintained (which notably includes middleboxes  like home
> routers) (https://www.schneier.com/essays/archives/2014/01/the_internet_of_thin.html).
> This is not a OS, userspace, or firmware issue, or even protocol a
> issue-- but this is an issue with the software deployment model of a
> wide array of products. I don't know how SPUD will be able to help
> solve this, but it should at least not make things less secure.
> 
> >
> > At this point TCP is water under the bridge. But that does not mean we
> > are obliged to remake the mistake.
> >
> > When TCP was designed, the mantra was 'everything is a stream'. That
> > was the right abstraction for Telnet and FTP and Mail. It is probably
> > not the right abstraction for real time web where an unreliable
> > sequence of chunks seems a better fit.

v2.8.7 | Report a Bug | By Email