IETF Logo Mail Archive

Re: [Spud] SPUD's open/close are unconvincing

Eliot Lear <lear@cisco.com> Thu, 09 April 2015 17:36 UTC

Return-Path: <lear@cisco.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 105951B2FC3 for <spud@ietfa.amsl.com>; Thu, 9 Apr 2015 10:36:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ao248bHU56ql for <spud@ietfa.amsl.com>; Thu, 9 Apr 2015 10:36:54 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B9751B2FC6 for <spud@ietf.org>; Thu, 9 Apr 2015 10:36:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2173; q=dns/txt; s=iport; t=1428601011; x=1429810611; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to; bh=EFj1mufhzHUxS508q203E9cBAAiWNbdfUSjPyKWfens=; b=grWqp16Rmv3KHwswTML+o0WrKPBDua67aheZK1TBwmE/9aUUqM/TSjwK CI5nnId2sHgFcajuhWUryEWWhGyHAIVYxTFxSM/FNkDqQQkJ64pobEsh3 4mhWSx9L3LrhjMuiBwMDSUBVoNChO78kkPFG5/aWQJEG2KQOAwBJc3BN0 E=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D7AwA3uCZV/xbLJq1cg1pcgxXBMQmBVYV7AoF7FAEBAQEBAQF9hCABAQMBI1UBBQsLIRYLAgIJAwIBAgFFBg0BBwEBiB4IDbdpllwBAQEBAQEBAQEBAQEBAQEBAQEBFQSLK4R8B4JogUUBBJJogTOGaoEdhX6GRYcFIoNxPDEBgkIBAQE
X-IronPort-AV: E=Sophos;i="5.11,551,1422921600"; d="asc'?scan'208";a="419431122"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP; 09 Apr 2015 17:36:49 +0000
Received: from [10.61.75.38] (ams3-vpn-dhcp2854.cisco.com [10.61.75.38]) by aer-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id t39HamRK014712; Thu, 9 Apr 2015 17:36:48 GMT
Message-ID: <5526B8B0.7050905@cisco.com>
Date: Thu, 09 Apr 2015 19:36:48 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Tom Herbert <tom@herbertland.com>
References: <87iod631nv.fsf@alice.fifthhorseman.net> <DM2PR0301MB06555C7D7F32A69214405D44A8FC0@DM2PR0301MB0655.namprd03.prod.outlook.com> <20150408193920.GD24286@cisco.com> <871tju2rdq.fsf@alice.fifthhorseman.net> <20150409012229.GG24286@cisco.com> <CALx6S35NH9yPZxeARTic10b0jFEi8aC4Gmt79cxuzF_VpYYqLA@mail.gmail.com> <20150409041507.GJ24286@cisco.com> <CAMm+LwgD8Foe=JdJvZ4oeuhGkJJvUaNOsCJATGDsRmBwN4en_w@mail.gmail.com> <CALx6S37PO+1_iqv44-QtNT_=ThMBbffOa-vNtG8wLSyFoGYU4A@mail.gmail.com>
In-Reply-To: <CALx6S37PO+1_iqv44-QtNT_=ThMBbffOa-vNtG8wLSyFoGYU4A@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="L3UIiJE131lVumufiCMFCqQkHFSwdRo9K"
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/o5akpgeQtHDfi6NveYReLZOJGsw>
Cc: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, "spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] SPUD's open/close are unconvincing
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Apr 2015 17:36:56 -0000

Hi,

On 4/9/15 7:22 PM, Tom Herbert wrote:

> The major Internet security problem now is in embedded systems which
> are not maintained (which notably includes middleboxes  like home
> routers) (https://www.schneier.com/essays/archives/2014/01/the_internet_of_thin.html).

While it's true home routers get 0wned, they are actually not the
biggest problem.  The biggest problem will be the orders of magnitude
more boxes that are behind those boxes (for those keeping score, home
routers= O(1), and a house full might very quickly rise to O(100).  Of
those, maybe O(10) will ever see an update, and those will be general
purpose computing devices, and they will only get an update under the
best of circumstances.  This wouldn't normally be germane to SPUD, but
the "I hate middleboxes" mentality only gets you so far.
> This is not a OS, userspace, or firmware issue, or even protocol a
> issue-- but this is an issue with the software deployment model of a
> wide array of products. I don't know how SPUD will be able to help
> solve this, but it should at least not make things less secure.

It is all of the above, but the fact is that it is also a UI issue, a
trust problem, and an economics problem.

Eliot

v2.8.7 | Report a Bug | By Email