[192277] in North American Network Operators' Group
Re: Death of the Internet, Film at 11
daemon@ATHENA.MIT.EDU (Eliot Lear)
Mon Oct 24 09:22:13 2016
X-Original-To: nanog@nanog.org
To: Ca By <cb.list6@gmail.com>
From: Eliot Lear <lear@cisco.com>
Date: Mon, 24 Oct 2016 15:22:03 +0200
In-Reply-To: <CAD6AjGTD5RKvCcNQ7DJp3zr0kfv1gvKSzKP7zsq29yTQ_1HL3Q@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--MdPOTtavor1cUNbTNVGPhh5iABO8WatGv
From: Eliot Lear <lear@cisco.com>
To: Ca By <cb.list6@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Message-ID: <0354f8a1-081e-e662-d6f6-956eb3a07bd9@cisco.com>
Subject: Re: Death of the Internet, Film at 11
References: <85864.1477115622@segfault.tristatelogic.com>
<430335629.3600.1477139691877.JavaMail.mhammett@ThunderFuck>
<20161022125335.GA84013@ussenterprise.ufp.org>
<b453f392-5984-0c5f-609f-cfab546e6954@cisco.com>
<CAD6AjGTD5RKvCcNQ7DJp3zr0kfv1gvKSzKP7zsq29yTQ_1HL3Q@mail.gmail.com>
In-Reply-To: <CAD6AjGTD5RKvCcNQ7DJp3zr0kfv1gvKSzKP7zsq29yTQ_1HL3Q@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hi,
On 10/24/16 3:06 PM, Ca By wrote:
>
> Assuming MUD is successful in the ietf, the cpe lifecycle is 10 years
> before the needle moves. At which point the target will have morphed
> to something else. Also, nobody is going to pay for that feature. Just
> like the early days of ipv6, the economics were misaligned.
We know of those who are planning to build, so maybe not so much. The
function doesn't NEED to be in CPE, but it helps. And again, the CPE
market is changing right now, so be careful about your assumptions.
>
> in 10 years, the CPE will also be running PCP, where the bot tells the
> CPE to ignore all of MUD and open any arbitrary port it wants.
One of the hidden villains in these attacks, by the way, is uPnP. The
point is not for the device to self-assert, but for the manufacturer to
assert. Apart from that PCP actually solves a slightly different
problem. MUD can tackle interior connectivity, which PCP doesn't really
address. And really that's what we need to address reflection attacks.
Eliot
--MdPOTtavor1cUNbTNVGPhh5iABO8WatGv
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
iQEcBAEBCAAGBQJYDgr7AAoJEIe2a0bZ0nozuZ0H/iIhTntZypnc0oOkJa9wnAZk
VDnhYa2C9ATnLNVxX97TlcKyocctA0QKKmOPWYS1rD4LrOwlj1MpktuWy6hS2CcY
mQWM97DLiafHq8dyVuIylJldRjVey4j9RvXTM1fiOalU6ws2tgHmFmzffUVeGX1h
sGN0wemxKeCPjw88qcNEASdWeXyh1h6djNx4UpVgvmQrjib7o413cvL1gp/+Q/bP
hrwTeeXX+vp4Q/kXr4JyVhkylCAS4K8BP9uwP55YCef5ZgvNATXriJpmuNHIwmAw
StG6V7s++4AJWDh1WgvaXuv7njQ6rJsTPPGVdJHTP3lTzHLq0OkwazrJdLx7LMQ=
=oWay
-----END PGP SIGNATURE-----
--MdPOTtavor1cUNbTNVGPhh5iABO8WatGv--
