[v6ops] Re: Traffic control protocols (PCP and UPnP IGD)

[Ted Lemon <mellon@fugue.com>]

I hear you, Gert. I’m not saying that you are wrong to be concerned with
that. What I’m saying is that this isn’t a protocol problem. Further, at
present nobody is doing what you are afraid they will do, and I think the
authors of openssh would be quite offended at your characterization of how
they think although given that “PasswordAuthentication yes” is still
standard in sshd_config, perhaps your cynicism isn’t misplaced.

But the mistake I’m trying to point out is a bit different.

The mistake is thinking that PCP is creating a new problem. That’s not so.
You are already vulnerable to attacks via network programming errors. They
just happen in the other direction: zero click attacks, mal-adware, etc.

Meanwhile, the loss of functionality caused by firewalls is obvious: there
are a whole class of things people should be able to do with their internet
connection that they can’t because of firewalls.

The way we typically deal with this issues is with value added software: eg
your eero router comes with an app that you can use to control this stuff.
PCP just makes the app easier to use: rather than having to know how to
open up a hole in your firewall for an app, the app just asks for what it
needs and you say yes or no.

On an iOS device we might handle this with an entitlement, and make the
author that you think is such an idiot actually justify why they want a
listener.

You seem to be  arguing that it’s better for there to be no way at all for
me to have a listener on my network than for the firewall provided by my
ISP that I can’t control to completely prevent me from having a listener.

Is that actually what you mean?

Op zo 28 jul 2024 om 03:03 schreef Gert Doering <gert@space.net>

> Hi,
>
> On Sat, Jul 27, 2024 at 04:56:44PM -0700, Ted Lemon wrote:
> > Gert, this is /precisely/ what PCP is for: to tell the firewall which
> ports
> > to allow through. My speaker doesn???t tell PCP to allow anyone on the
> > outside to play music to my speakers because that wouldn???t make sense.
> My
> > ssh server isn???t very useful if I can???t get to it from the outside.
> But
> > only that one ssh server???there are other ssh servers on my network that
> > would not make sense to expose.
> >
> > This is what PCP enables: fine-grained control over ingress.
>
> I totally understand the *idea* behind it.
>
> Implementors of, say, "speakers" might not get that their device is not
> supposed to be accessible by, say, their nice cloud service and still do
> add PCP to their speakers.  Because someone thinks it's a good idea.
>
> Which is exactly my point that you try to not see - PCP, as a protocol,
> used for exactly those services that are a) intended to be reachable, and
> b) securely so, is a nice tool.  PCP as a default action for "everything
> that opens a listening socket" contradicts having a firewall by default.
>
> I expect implementors to do "PCP as a default action for everything",
> because that's much easier than adding a config knob to let the informed
> user do the right thing.
>
> Also, of course, all software developers that add a listen socket will
> assume that their software is the most important you run, will need to
> be talked to, AND is totally secure.
>
> Real life vs. protocol design.
>
> Gert Doering
>         -- NetMaster
> --
> have you enabled IPv6 on something today...?
>
> SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Ingo
> Lalla,
>                                            Karin Schuler, Sebastian Cler
> Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
> Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279
>