Am 22.10.2018 um 23:38 schrieb Michael Richardson <mcr@sandelman.ca>:
The SHG crew are looking towards some kind of crowd-sourced service where people collaborate to improve MUD files. It would be as simple as a github repo on which people can send pull requests, but the curration activitiy would require too much human resources in such a simple situation. In particular, we'd want a MUD-diff program that presented the changes in a much easier to understand format. With voting up/down... so think stackexchange.com/serverfault/uservoice/etc. instead.
having currated MUD files would make a lot of sense, indeed
Another concern is how far CPE/home gateway manufacturers would adopt related technical proposals. So far most firmwares are based upon chipset maker’s SDKs that serve the purpose of selling chipsets instead of providing reliable and secure solutions. The lastest FCC and ETSI rulings (=> RED discussion) did also not make it easier to provide alternative firmware solutions (i.e. OpenWRT), let’s see how the RED ruling goes.
I'd say a lot depends upon whether or not ISPs will put out an RFP that asks for an IoT firewall based upon MUD in future products. Maybe some one here would like to test the waters with an RFI.
What I’ve seen with ISPs is that - unfortunately - they are mostly concerned about cost. We had several cases where ISPs chose inferior solutions which cost them more money in the long run. But somebody in the purchase department got a raise. As long as the ISPs do not understand the cost that can result from hacked IoT devices I doubt will ask for something that doesn’t bring them additional revenue. Another issue are the ODMs. The software development here is rarely focused on longevity - it’s important to get the products out of the doors with minimum effort. So even if an ISP is requiring an IoT firewall they will build something that works somehow. Maybe providing an OpenWRT package as reference might help...