[192278] in North American Network Operators' Group
Re: Death of the Internet, Film at 11
daemon@ATHENA.MIT.EDU (Ca By)
Mon Oct 24 10:10:47 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <0354f8a1-081e-e662-d6f6-956eb3a07bd9@cisco.com>
From: Ca By <cb.list6@gmail.com>
Date: Mon, 24 Oct 2016 07:03:14 -0700
To: Eliot Lear <lear@cisco.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Mon, Oct 24, 2016 at 6:22 AM, Eliot Lear <lear@cisco.com> wrote:
> Hi,
>
>
> On 10/24/16 3:06 PM, Ca By wrote:
> >
> > Assuming MUD is successful in the ietf, the cpe lifecycle is 10 years
> > before the needle moves. At which point the target will have morphed
> > to something else. Also, nobody is going to pay for that feature. Just
> > like the early days of ipv6, the economics were misaligned.
>
> We know of those who are planning to build, so maybe not so much. The
> function doesn't NEED to be in CPE, but it helps. And again, the CPE
> market is changing right now, so be careful about your assumptions.
>
>
Please elaborate on concrete evidence to support your claim the CPE market
is changing.
> >
> > in 10 years, the CPE will also be running PCP, where the bot tells the
> > CPE to ignore all of MUD and open any arbitrary port it wants.
>
> One of the hidden villains in these attacks, by the way, is uPnP. The
> point is not for the device to self-assert, but for the manufacturer to
> assert. Apart from that PCP actually solves a slightly different
> problem. MUD can tackle interior connectivity, which PCP doesn't really
> address. And really that's what we need to address reflection attacks.
>
> Eliot
>
>
