Re: [Spud] OS updates on embedded devices
Christian Huitema <huitema@microsoft.com> Fri, 10 April 2015 01:30 UTC
Return-Path: <huitema@microsoft.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id A53381A8980
for <spud@ietfa.amsl.com>; Thu, 9 Apr 2015 18:30:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.602
X-Spam-Level:
X-Spam-Status: No, score=-0.602 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, RCVD_ILLEGAL_IP=1.3, RCVD_IN_DNSWL_NONE=-0.0001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id zTRFB_3lWDqM for <spud@ietfa.amsl.com>;
Thu, 9 Apr 2015 18:30:44 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com
(mail-bl2on0103.outbound.protection.outlook.com [65.55.169.103])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 7DC8B1A896F
for <spud@ietf.org>; Thu, 9 Apr 2015 18:30:44 -0700 (PDT)
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (0.160.96.17) by
DM2PR0301MB0768.namprd03.prod.outlook.com (0.160.97.151) with Microsoft SMTP
Server (TLS) id 15.1.136.25; Fri, 10 Apr 2015 01:30:42 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (0.160.96.17) by
DM2PR0301MB0655.namprd03.prod.outlook.com (0.160.96.17) with Microsoft SMTP
Server (TLS) id 15.1.130.23; Fri, 10 Apr 2015 01:30:42 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([0.160.96.17]) by
DM2PR0301MB0655.namprd03.prod.outlook.com ([0.160.96.17]) with mapi id
15.01.0130.020; Fri, 10 Apr 2015 01:30:42 +0000
From: Christian Huitema <huitema@microsoft.com>
To: Tom Herbert <tom@herbertland.com>
Thread-Topic: [Spud] OS updates on embedded devices
Thread-Index: AQHQcwlwP0NzOv/EcEGx1Vu7wmsnMp1FNQMAgAABtwCAAAEJgIAAJqYAgAAVxlA=
Date: Fri, 10 Apr 2015 01:30:41 +0000
Message-ID: <DM2PR0301MB0655328A941BA288772FF561A8FA0@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <CAMm+LwgQ30qRyQufBTqFvyjTZ0GT6_jvgf0Z0yOPF8SD-N=ujg@mail.gmail.com>
<CALx6S35n6VXOm4WN_efG9e0DQvTZGYpCS+VZ=MZ6BdxoaZrFcw@mail.gmail.com>
<EEFC75DA-31EF-4AB7-8B1B-6CF3E67FDA10@trammell.ch>
<DM2PR0301MB0655F7760BBA44E5807F15BEA8FB0@DM2PR0301MB0655.namprd03.prod.outlook.com>
<CALx6S36Qc1E8_8NkE+VArS2eTt_d3cHGCOMmxFnOD25x=O6_UQ@mail.gmail.com>
In-Reply-To: <CALx6S36Qc1E8_8NkE+VArS2eTt_d3cHGCOMmxFnOD25x=O6_UQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [131.107.192.254]
authentication-results: herbertland.com; dkim=none (message not signed)
header.d=none;
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0655;
UriScan:; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0768;
x-o365ent-eop-header: Message processed by - O365_ENT: Allow from ranges
(Engineering ONLY)
x-forefront-antispam-report: BMV:1; SFV:NSPM;
SFS:(10019020)(6009001)(24454002)(51704005)(377454003)(2900100001)(2950100001)(86362001)(87936001)(93886004)(54356999)(50986999)(76576001)(76176999)(102836002)(110136001)(46102003)(77156002)(106116001)(92566002)(62966003)(33656002)(2656002)(99286002)(74316001)(66066001)(122556002)(40100003);
DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0655;
H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
x-microsoft-antispam-prvs: <DM2PR0301MB0655D5B8B179E83B8119F13FA8FA0@DM2PR0301MB0655.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
RULEID:(601004)(5002010)(5005006); SRVR:DM2PR0301MB0655; BCL:0; PCL:0; RULEID:;
SRVR:DM2PR0301MB0655;
x-forefront-prvs: 054231DC40
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Apr 2015 01:30:41.8548 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0655
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/zty_8Te9sT20p5756W85FtWbGyI>
Cc: Toerless Eckert <eckert@cisco.com>,
Phillip Hallam-Baker <phill@hallambaker.com>, Yoav Nir <ynir.ietf@gmail.com>,
"spud@ietf.org" <spud@ietf.org>, Brian Trammell <ietf@trammell.ch>,
Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: [Spud] OS updates on embedded devices
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Apr 2015 01:30:45 -0000
On Thursday, April 9, 2015, at 5:07 PM, Tom Herbert wrote: > ... > > Agreed. In particular, "no worse than TCP" is a bit of a low bar. We need to be > robust against packet injection attacks. > > > That is a good requirement which is directed more at the transport layer itself > rather than the middleboxes-DPI interaction. Actually, it is also a requirement on the middleboxes. Take the example of the spoofed reset attack. End to end transport can protect themselves easily against that by running on top of DTLS. The spoofed packets will just be dropped because they don't pass authentication. But what if the middleboxes just naively closes the port because it saw the "stop" bit in a spoofed packet? The end systems cannot do anything about that. > ... I don't see that requirements like > this are listed in the SPUD drafts, have they been enumerated somewhere? We could use a security analysis for SPUD. Just collecting the messages exchanged recently would be a start. -- Christian Huitema
- Re: [Spud] OS updates on embedded devices Caitlin Bestler
- Re: [Spud] OS updates on embedded devices Christian Huitema
- Re: [Spud] OS updates on embedded devices Brian Trammell
- Re: [Spud] OS updates on embedded devices Tom Herbert
- [Spud] OS updates on embedded devices Phillip Hallam-Baker
- Re: [Spud] OS updates on embedded devices Christian Huitema
- Re: [Spud] OS updates on embedded devices Tom Herbert
- Re: [Spud] OS updates on embedded devices Eliot Lear