[iot-discussion] What role does the SP play in protecting consumers re IoT?
Hi everyone, Marco and I have been talking. There is a discussion forming about the role of the consumer and the role of the manufacturer around protecting against invasions of privacy, and other security faux pas. What about the role of the service provider? Can the service provider take a more direct part in assisting the consumer in protecting themselves, and if so, what help is needed from manufacturers, CPE vendors, and yes, companies like mine (Cisco)? What role does/should the government play? These are some pretty hefty questions. My question to you: is there interest in such a dialog? Eliot
Hi Eliot, This is very much in line with what I have in mind for the BoF session in Prague. Many people keep referring to “seat belts”. And while the analogy might not hold, this was also flagged during the IGF in Guadalajara in relation to the regulation of road access. While very open, in the end access to roads is regulated in a sense that in order to drive on them, people are required to have a driving license but also the vehicle they use needs to adhere to a number of safety and registration requirements. More, in a lot of countries, the vehicle needs to have some “clean bill of health” in the form of M.O.T equivalent regular mandatory checks. As I said, the analogy does not hold, but if it would the access provider is the most likely party to control access as they are the ones providing the drive way from your own yard to the public road system. So I think your question is a very valid one. With all the issues and attacks to the infrastructure on which we all, including those access providers, depend. How much interest, pending technical feasible options, is there amongst the operators to act as this “filter”, preventing unsafe devices to harm others or the “road” itself. Regards, Marco Hogewoning -- External Relations - RIPE NCC
On 10 Apr 2017, at 13:08, Eliot Lear <lear@cisco.com> wrote:
Hi everyone,
Marco and I have been talking. There is a discussion forming about the role of the consumer and the role of the manufacturer around protecting against invasions of privacy, and other security faux pas. What about the role of the service provider? Can the service provider take a more direct part in assisting the consumer in protecting themselves, and if so, what help is needed from manufacturers, CPE vendors, and yes, companies like mine (Cisco)? What role does/should the government play?
These are some pretty hefty questions. My question to you: is there interest in such a dialog?
Eliot
_______________________________________________ iot-discussion mailing list iot-discussion@ripe.net https://lists.ripe.net/mailman/listinfo/iot-discussion
Gents, I read two different issues, where Eliot mentioned "invasions of privacy" where Marco points to the "solution du jour" of ex-ante regulation of access of devices. Both topics are, in the end, connected, but also have different sets of stakeholders involved. If the two of you could elaborate a bit further, please ... -Peter
Hi Peter, I didn't mean to be so focused on privacy. I think you would agree that there are a plethora of security problems with Things. Pick your favorite: toilet, refrigerator, baby monitor, light bulb, or other. The attacks are varied and can be indirect (use the device to attack others) or indirect (exfiltrate private information, cause the device to cause harm to the owner, etc). It's clear that manufacturers have a role to play in securing their devices. The network also has a role to play. And surely governments will establish their own roles (and have done in some cases). I clearly have my own views, but I am curious what you and others believe these various roles to be. Eliot On 4/10/17 1:48 PM, Peter Koch wrote:
Gents,
I read two different issues, where Eliot mentioned "invasions of privacy" where Marco points to the "solution du jour" of ex-ante regulation of access of devices. Both topics are, in the end, connected, but also have different sets of stakeholders involved. If the two of you could elaborate a bit further, please ...
-Peter
_______________________________________________ iot-discussion mailing list iot-discussion@ripe.net https://lists.ripe.net/mailman/listinfo/iot-discussion
On 10 Apr 2017, at 12:48, Peter Koch <pk@DENIC.DE> wrote:
Both topics are, in the end, connected, but also have different sets of stakeholders involved. If the two of you could elaborate a bit further, please ...
Isn’t that the very sort of discussion which would take place during this IoT session?
On 10 Apr 2017, at 12:48, Peter Koch <pk@DENIC.DE> wrote:
Both topics are, in the end, connected, but also have different sets of stakeholders involved. If the two of you could elaborate a bit further, please ...
Isn’t that the very sort of discussion which would take place during this IoT session?
That was what I had in mind :) But also don’t mind having a preliminary discussion here. Maybe not everybody has yet decided to come to Budapest and I certainly wouldn’t mind to read some initial views or ideas which can help me shape and moderate the session. But yes, please all do come along to Budapest and join the BoF to discuss this face to face. Marco
Hi Peter, I think I am in the “other security faux pas” area :) Knowing a device is already compromised or a very likely candidate to be compromised can have a number of implications ranging from compromised privacy for the users of the device or the users/devices behind the device to potential serious damage to others, including elements of the Internet infrastructure. Whereas of course parts of Eliot’s points can expand into things like encryption of transport and data storage and the ability for devices to generate or collect data in the first place. What you end up with in the end is something that is deemed “unsafe” from a consumers point of view. With the likelihood of the provider being more knowledgeable about what is safe/unsafe than the average user, would you whether ex-post or ex-ante be able to willing to take measures to protect that customer from (self inflicted) harm and what could be the extend to of these measures? As a more Internet related example, many ISPs by default block outbound mail connections to other than their own outgoing mail servers. I also know a number who still have basic filters on SQL ports to curtail things like slammer or direct connections to poorly maintained databases. Could or would you extend this to the broader landscape of IoT? Groet, MarcoH
On 10 Apr 2017, at 13:48, Peter Koch <pk@DENIC.DE> wrote:
Gents,
I read two different issues, where Eliot mentioned "invasions of privacy" where Marco points to the "solution du jour" of ex-ante regulation of access of devices. Both topics are, in the end, connected, but also have different sets of stakeholders involved. If the two of you could elaborate a bit further, please ...
-Peter
_______________________________________________ iot-discussion mailing list iot-discussion@ripe.net https://lists.ripe.net/mailman/listinfo/iot-discussion
On 10 Apr 2017, at 14:11, Marco Hogewoning <marcoh@ripe.net> wrote:
As a more Internet related example, many ISPs by default block outbound mail connections to other than their own outgoing mail servers. I also know a number who still have basic filters on SQL ports to curtail things like slammer or direct connections to poorly maintained databases.
Could or would you extend this to the broader landscape of IoT?
I just thought about you can also take the inverse…. For many, if not all, providers the current mitigation to abuse (and non-payment) is a full disconnect of the service. With more and more dependencies on connectivity for a range of (critical) functions in and around the house, is that model sustainable or does it need a different, more selective, approach? Marco
On 10-04-17 14:28, Marco Hogewoning wrote:
For many, if not all, providers the current mitigation to abuse (and non-payment) is a full disconnect of the service.
Yes, and that works both ways too. Do I really want my house thermostat to stop working because my ISP doesn't like me running a tor node, and do I really want to lose my whole Internet connectivity because someone hacked my toaster? Julf
On 10 Apr 2017, at 13:31, Johan Helsingius <julf@julf.com> wrote:
Do I really want my house thermostat to stop working because my ISP doesn't like me running a tor node, and do I really want to lose my whole Internet connectivity because someone hacked my toaster?
I’d be surprised if your ISP’s T&Cs don’t already have an over-arching clause which covers this sort of thing. “You agree we can cut you off whenever we feel like it for blah, blah, blah...” Unsecured IoT devices (whatever that may mean) will be just another thing an ISP would add to that list. Assuming it wasn’t already covered by a “causing damage to the network” clause or some such. Oh and if your hacked toaster was damaging my interwebs, I’d *want* your ISP to pull the plug.
Hi Jim, On 4/10/17 2:49 PM, Jim Reid wrote:
On 10 Apr 2017, at 13:31, Johan Helsingius <julf@julf.com> wrote:
Do I really want my house thermostat to stop working because my ISP doesn't like me running a tor node, and do I really want to lose my whole Internet connectivity because someone hacked my toaster? I’d be surprised if your ISP’s T&Cs don’t already have an over-arching clause which covers this sort of thing. “You agree we can cut you off whenever we feel like it for blah, blah, blah...” Unsecured IoT devices (whatever that may mean) will be just another thing an ISP would add to that list. Assuming it wasn’t already covered by a “causing damage to the network” clause or some such.
Oh and if your hacked toaster was damaging my interwebs, I’d *want* your ISP to pull the plug.
The question is whether there is something more that an ISP can do besides simply pulling the plug? Would a provider want to help the consumer protect him or herself, and would the consumer want that? Eliot
On 10 Apr 2017, at 13:31, Johan Helsingius <julf@julf.com> wrote:
Do I really want my house thermostat to stop working because my ISP doesn't like me running a tor node, and do I really want to lose my whole Internet connectivity because someone hacked my toaster?
I’d be surprised if your ISP’s T&Cs don’t already have an over-arching clause which covers this sort of thing. “You agree we can cut you off whenever we feel like it for blah, blah, blah...” Unsecured IoT devices (whatever that may mean) will be just another thing an ISP would add to that list. Assuming it wasn’t already covered by a “causing damage to the network” clause or some such.
(Devil’s advocate) Most of these T&C were drafted in an era when the Internet was mostly “entertainment”. Are these still proportional when I even can’t pay my taxes without access to the Internet?
Oh and if your hacked toaster was damaging my interwebs, I’d *want* your ISP to pull the plug.
Agree, but it would be nice if you can just disconnect my toaster and leave my bank account, air conditioning and wine fridge in a working state :) Marco (who doesn’t own a toaster)
On 10 Apr 2017, at 14:21, Marco Hogewoning <marcoh@ripe.net> wrote:
I’d be surprised if your ISP’s T&Cs don’t already have an over-arching clause which covers this sort of thing. “You agree we can cut you off whenever we feel like it for blah, blah, blah...” Unsecured IoT devices (whatever that may mean) will be just another thing an ISP would add to that list. Assuming it wasn’t already covered by a “causing damage to the network” clause or some such.
(Devil’s advocate)
Most of these T&C were drafted in an era when the Internet was mostly “entertainment”. Are these still proportional when I even can’t pay my taxes without access to the Internet?
Probably. For one thing, the toaster in your house wouldn’t be the only device/link that could be used to pay your taxes. Other household appliances are available. :-) And there should be plenty of coffee shops with wifi and the like who could shift those tax-paying bits for you too.
Oh and if your hacked toaster was damaging my interwebs, I’d *want* your ISP to pull the plug.
Agree, but it would be nice if you can just disconnect my toaster and leave my bank account, air conditioning and wine fridge in a working state :)
OTOH if all these things got switched off, I'd have your undivided attention and you’d have have a very strong incentive to get that broken toaster fixed. :-)
Hello all of you, Interesting thoughts. I made me think. Jim Reid wrote:
Probably. For one thing, the toaster in your house wouldn’t be the only device/link that could be used to pay your taxes. Other household appliances are available. :-) And there should be plenty of coffee shops with wifi and the like who could shift those tax-paying bits for you too.
Oh and if your hacked toaster was damaging my interwebs, I’d *want* your ISP to pull the plug.
Agree, but it would be nice if you can just disconnect my toaster and leave my bank account, air conditioning and wine fridge in a working state :)
OTOH if all these things got switched off, I'd have your undivided attention and you’d have have a very strong incentive to get that broken toaster fixed. :-)
But how do I buy a new toaster or how do I get advice without Internet. I am against the blocking of connections. Water or electricity are utilities that can't be block by the provider (and internet connectivity looks to go in that direction also) <says someone who does not have a smart/mobile phone> We had once the idea of an Internet driving license (but that was in the past when governments had the idea to be able to control access). I see the Internet as the road system. But the aspect of MOT is something I had not realised earlier. So a new point for me. So perhaps we need stricter protocols/rules before putting something on the market that needs to be connected. So a better conformance test (even when the devices gets a new software version!). A little like drug testing.... Of course we have misuse of the roads (like we see with these trucks driving around into place that they should not!). So how do we guard us from such things on the Internet? The electricity network has a customer managed fuse (perhaps the water systems also has something like that), do we need a proper NTE in the Internet? But the road system/provider is not really checking minute by minute if someone has MOT! So should the Internet Service provider do that? Interesting discussion, before the e-mails had not thought of this MOT idea, so that is new for my mind;-) Thanks for this new thought, but in some way I don't like that the ISP has to do these real-time checks. I think an ISP has the obligation to educate their user (together with the state, the family, etc.). So not finished with my thinking!!! All the best, Victor
_______________________________________________ iot-discussion mailing list iot-discussion@ripe.net https://lists.ripe.net/mailman/listinfo/iot-discussion
-- Victor Reijs Network Development Manager and International Relations HEAnet CLG, Ireland’s National Education and Research Network 1st Floor, 5 George’s Dock, IFSC, Dublin D01 X8N7, Ireland +353 (0)1 6609040 victor.reijs@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 (w)
Hi Victor, On 4/11/17 11:32 AM, Victor Reijs wrote:
But the road system/provider is not really checking minute by minute if someone has MOT! So should the Internet Service provider do that?
That would be taking the MOT analogy a bit far, but what if the operating certificate stated clearly the parameter by which the device is intended to function? That could very much be monitored packet by packet. Eliot
On Mon, Apr 10, 2017 at 03:21:21PM +0200, Marco Hogewoning wrote:
(Devil???s advocate)
well, important questions.
Most of these T&C were drafted in an era when the Internet was mostly ???entertainment???. Are these still proportional when I even can???t pay my taxes without access to the Internet?
or operate your heating or lock your front door ...
Oh and if your hacked toaster was damaging my interwebs, I???d *want* your ISP to pull the plug.
Agree, but it would be nice if you can just disconnect my toaster and leave my bank account, air conditioning and wine fridge in a working state :)
Welcome to the "assisted" Internet experience! So, could be a bit more critical about the quality and quantity of "insecure devices"? It isn't that large populations of not-so-well reputed OSes being abused for "something" were a new phenomenon. Admitted, numbers were smaller those days, but so was the infrastructure. Not neglecting the issue, but sceptical of knee-jerk policy making and too loud calls for regulations that remind me of the constrained (from the customers perspective) telco networks of 30+ years ago. Late victories ... -Peter
On 10 Apr 2017, at 14:44, Peter Koch <pk@DENIC.DE> wrote:
Most of these T&C were drafted in an era when the Internet was mostly ???entertainment???. Are these still proportional when I even can???t pay my taxes without access to the Internet?
or operate your heating
Thanks to the EU’s enthusiasm for smart meters, this is going happen with or without IoT pixie dust. The shiny new meters allow utility company computers cut you off if they think you’ve not paid your bill on time. The power companies won’t need to send someone round to physically cut the supply. For bonus points, now imagine the possibilities when customers switch energy providers or tariffs. What could possibly go wrong?
On 10 Apr 2017, at 16:00, Jim Reid <jim@rfc1035.com> wrote:
Thanks to the EU’s enthusiasm for smart meters, this is going happen with or without IoT pixie dust. The shiny new meters allow utility company computers cut you off if they think you’ve not paid your bill on time. The power companies won’t need to send someone round to physically cut the supply. For bonus points, now imagine the possibilities when customers switch energy providers or tariffs.
At least in NL their is some soft regulation that energy companies agree to not cut off people when it is freezing outside. My best bet is that the lawyers don’t want to end up defending proportionality between a death and an unpaid bill in a court room. Of course as soon as the temperature is above 0C you are out of luck and in the dark. Also it only applies to new cases, if they already switched you off they maintain that state, which sadly has led to incidents even this winter involving CO poisoning because of a make shift indoor fire. On the topic at hand, with more and more people generating their own electricity and feeding surplus back onto the grid, you probably also want a reliable way to make sure you can cut off those installations and properly neutralise the grid before doing any work. As much as I do not like them to switch me off remotely, I also would like to make sure that when an installation is ’safe” to work, it remains that way. Marco (and we haven’t even talked about tornado sirens yet)
Hi, in my (humble) opionion we've all to cooperate to preserve the "End-to-end" principle of "the" internet. Any middleware or filter *imposed* by SPs violates this principle. Indeed, a "rule" to fully disconnect a connection service because of compromised "things" would never be probably accepted by regulation. The internet has evolved till now because intelligence has migrated in the edges, outside the core network. The devices have to be secure, and security has to be implemented on the end point (CPEs ?, user protection devices ?, virual protection devices ?). Yes, it can be a security service given by customer's SP, but it *has* to be a security service which can be deactivated or activated by demand of the customer. The customer has to be able to buy a connection service *without* the protection service. Many SPs blocking, for example, port 25, generally do not allow any way to bypass this filter. This is not acceptable. An access service with blocked ports is *not* an internet access service. Moreover compromised devices may arise issues also at a local level... things have to be fixed, not filtered. End-to-end is the mantra. Giuliano ----- Messaggio originale ----- Da: "Jim Reid" <jim@rfc1035.com> A: "Peter Koch" <pk@DENIC.DE> Cc: iot-discussion@ripe.net Inviato: Lunedì, 10 aprile 2017 16:00:13 Oggetto: Re: [iot-discussion] What role does the SP play in protecting consumers re IoT?
On 10 Apr 2017, at 14:44, Peter Koch <pk@DENIC.DE> wrote:
Most of these T&C were drafted in an era when the Internet was mostly ???entertainment???. Are these still proportional when I even can???t pay my taxes without access to the Internet?
or operate your heating
Thanks to the EU’s enthusiasm for smart meters, this is going happen with or without IoT pixie dust. The shiny new meters allow utility company computers cut you off if they think you’ve not paid your bill on time. The power companies won’t need to send someone round to physically cut the supply. For bonus points, now imagine the possibilities when customers switch energy providers or tariffs. What could possibly go wrong? _______________________________________________ iot-discussion mailing list iot-discussion@ripe.net https://lists.ripe.net/mailman/listinfo/iot-discussion -- -- Giuliano Peritore - g.peritore@panservice.it Direzione Generale - Panservice Servizi professionali per Internet ed il Networking Telefono: +39 0773 410020 - Fax +39 0773 470219 Numero verde: 800 901492 - http://www.panservice.it
Hi Giuliano, On 4/11/17 11:07 AM, Giuliano Peritore wrote:
Hi,
in my (humble) opionion we've all to cooperate to preserve the "End-to-end" principle of "the" internet. Any middleware or filter *imposed* by SPs violates this principle. Indeed, a "rule" to fully disconnect a connection service because of compromised "things" would never be probably accepted by regulation.
The internet has evolved till now because intelligence has migrated in the edges, outside the core network.
The devices have to be secure, and security has to be implemented on the end point (CPEs ?, user protection devices ?, virual protection devices ?). Yes, it can be a security service given by customer's SP, but it *has* to be a security service which can be deactivated or activated by demand of the customer. The customer has to be able to buy a connection service *without* the protection service.
I think there are two cases: 1. The consumer is creating a negative externality. Where does responsibility rest with remedying it (if anywhere)? 2. The consumer is motivated to protect him- or herself. These are not mutually exclusive, and it is possible that (2) will Trump (1) over time, where it hasn't in the past. A reasonable question for this group is how they view (1) and (2) in the context of provider policies and responsibilities. Based on that, what capabilities should CPE and PE devices have? And what further network management capabilities should they have? Going to your other point, preserving end-to-end doesn't mean that we can't throw breakers on unwanted communications where the network can easily detect them (say L3/L4 info), and where they are clearly understood to be unwanted. Is that of interest? Eliot
Hi, I get yout point. I was focusing only on customer issues and not on negative externalities... they were not part of my reasoning hand they also have to be addressed. ----- Messaggio originale ----- Da: "Eliot Lear" <lear@ofcourseimright.com> A: "Giuliano Peritore" <g.peritore@panservice.it>, iot-discussion@ripe.net Inviato: Martedì, 11 aprile 2017 11:29:43 Oggetto: Re: [iot-discussion] What role does the SP play in protecting consumers re IoT? Hi Giuliano, On 4/11/17 11:07 AM, Giuliano Peritore wrote: Hi, in my (humble) opionion we've all to cooperate to preserve the "End-to-end" principle of "the" internet. Any middleware or filter *imposed* by SPs violates this principle. Indeed, a "rule" to fully disconnect a connection service because of compromised "things" would never be probably accepted by regulation. The internet has evolved till now because intelligence has migrated in the edges, outside the core network. The devices have to be secure, and security has to be implemented on the end point (CPEs ?, user protection devices ?, virual protection devices ?). Yes, it can be a security service given by customer's SP, but it *has* to be a security service which can be deactivated or activated by demand of the customer. The customer has to be able to buy a connection service *without* the protection service. I think there are two cases: 1. The consumer is creating a negative externality. Where does responsibility rest with remedying it (if anywhere)? 2. The consumer is motivated to protect him- or herself. These are not mutually exclusive, and it is possible that (2) will Trump (1) over time, where it hasn't in the past. A reasonable question for this group is how they view (1) and (2) in the context of provider policies and responsibilities. Based on that, what capabilities should CPE and PE devices have? And what further network management capabilities should they have? Going to your other point, preserving end-to-end doesn't mean that we can't throw breakers on unwanted communications where the network can easily detect them (say L3/L4 info), and where they are clearly understood to be unwanted. Is that of interest? Eliot -- -- Giuliano Peritore - g.peritore@panservice.it Direzione Generale - Panservice Servizi professionali per Internet ed il Networking Telefono: +39 0773 410020 - Fax +39 0773 470219 Numero verde: 800 901492 - http://www.panservice.it
Hello Jim, Jim Reid wrote:
Thanks to the EU’s enthusiasm for smart meters, this is going happen with or without IoT pixie dust. The shiny new meters allow utility company computers cut you off if they think you’ve not paid your bill on time. The power companies won’t need to send someone round to physically cut the supply. For bonus points, now imagine the possibilities when customers switch energy providers or tariffs.
I understand that they gave the technology to cut, but in many countries the cutting of utility services is just not allowed (even if the bill is not paid)... We saw it here in Ireland, were the government wanted people to pay their water bill (less than 50% of the house holds did not pay the bill: and now they going to abolish water bills [again]... Grrr: politics... [Sorry for my rambling!]) All the best, Victor -- Victor Reijs Network Development Manager and International Relations HEAnet CLG, Ireland’s National Education and Research Network 1st Floor, 5 George’s Dock, IFSC, Dublin D01 X8N7, Ireland +353 (0)1 6609040 victor.reijs@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 (w)
On 11 Apr 2017, at 10:36, Victor Reijs <victor.reijs@heanet.ie> wrote:
I understand that they gave the technology to cut, but in many countries the cutting of utility services is just not allowed (even if the bill is not paid)...
That’s not the issue. Smart meters make it possible for a utility company’s computers to switch off the power, irrespective of what the national law is. [Prevailing national law will be implementation detail in this context. Just provide the necessary configuration hooks in the IT systems.] Now maybe those computer systems will enforce safeguards to comply with prevailing national law or regulation. Maybe they won’t. However the underlying concern is (or should be) smart meters introduce a new set of vulnerabilities that previously didn’t exist. There’s now a remote controlled kill switch that’s managed by some utility company's IT systems. If those IT systems misbehave or get compromised -- something that never, ever happens to any IT system, right? -- people are going to be literally frozen out or kept in the dark. This is part of a bigger concern with IoT stuff more generally. What’s the fall-back for these devices and IT systems when they misbehave or when the interwebs break? Will Marco be able to have toast for breakfast when his Internet connection is down? That particular example doesn’t matter much -- sorry Marco -- but suppose the IoT failure affects a city’s street lighting or a hospital’s pharmacy.
Hello Jim, Jim Reid wrote:
On 11 Apr 2017, at 10:36, Victor Reijs <victor.reijs@heanet.ie> wrote:
I understand that they gave the technology to cut, but in many countries the cutting of utility services is just not allowed (even if the bill is not paid)...
That’s not the issue.
Smart meters make it possible for a utility company’s computers to switch off the power, irrespective of what the national law is. [Prevailing national law will be implementation detail in this context. Just provide the necessary configuration hooks in the IT systems.] Now maybe those computer systems will enforce safeguards to comply with prevailing national law or regulation. Maybe they won’t.
As we are talking in general about regulation, we are also taking about keep up to regulation. So if there is a law, there is a law... If we don't respect that rule (in society) lets not make rules. If a company still does it wrong: There will also the effect that people/law will objecting a lot: so there is a kind of 'self' (law) regulation (but that is the whole mechanism of [societal] rules). I know that the impact that that slow societal process can be (or is already) too late for some cases. But if people indeed don't obey rules, everything is possible (and that is what we try to overcome;-): even trucks running into pedestrian areas.
However the underlying concern is (or should be) smart meters introduce a new set of vulnerabilities that previously didn’t exist. There’s now a remote controlled kill switch that’s managed by some utility company's IT systems. If those IT systems misbehave or get compromised -- something that never, ever happens to any IT system, right? -- people are going to be literally frozen out or kept in the dark.
I see that as another aspect: any device will add new threads by definition, but I thought we were not talking about that. I thought we were talking about: if there is a thread, how do we park/isolate it. We have protocols, procedures, fuses (or in case of individual power generation: other type of 'NTE's). We might need proper Internet NTEs (edge devices: but who manages that... the ISP or the user...). Of course we also need to handle the aspects of vulnerabilities.
This is part of a bigger concern with IoT stuff more generally. What’s the fall-back for these devices and IT systems when they misbehave or when the interwebs break? Will Marco be able to have toast for breakfast when his Internet connection is down? That particular example doesn’t matter much -- sorry Marco -- but suppose the IoT failure affects a city’s street lighting or a hospital’s pharmacy.
Agree. And that is beside the ethical, non-existence of anonymity in the dataworld, etc. But that is not only related to IOT of course: that is due to deep analytics/search machines available (with [cloud] processing capacity). So there are many layers/areas in IOT: some are very known/old issues (hopefully can use existing solutions that can scale up); some are due to bad design (non/difficult/unmanageable upgradability); some are due to bad security design/procedures (bad userid/password management), etc. And of course there is the sheer amount of future/present IOT devices expected. I hope we can use some kind of layered/segmented approach... All the best, Victor -- Victor Reijs Network Development Manager and International Relations HEAnet CLG, Ireland’s National Education and Research Network 1st Floor, 5 George’s Dock, IFSC, Dublin D01 X8N7, Ireland +353 (0)1 6609040 victor.reijs@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 (w)
On 11 Apr 2017, at 16:11, Victor Reijs <victor.reijs@heanet.ie> wrote:
But if people indeed don't obey rules, everything is possible
You clearly have not understood what I said. So, one more time... "the underlying concern is (or should be) smart meters introduce a new set of vulnerabilities that previously didn’t exist” Whether “the law” allows or prevents these vulnerabilities is simply irrelevant. The vulnerabilities exist. What’s going to be done about that? Society has laws which criminalise murder, theft and all sorts of things. That doesn’t stop them happening.
For anyone not already there. . . The Twitter thing on the Internet of Shit? And the cover of the Economist last week: Why computers will never be safe. And I remember being on the RISKS Forum mailing list moderated by Peter G. Neumann a long time ago. Anybody here still following it? And I remember being in an operating theatre with the gamma counters when the guy upstairs with the computer got bored and played with buttons he should not have been playing with and "could not see the data anymore”. We replaced him with a button that I could control. And I was on that flight to the IETF in Seoul when our seats “crashed”. Way up in the sky above Siberia and the “blue screen of thingie” on the seat back in front of me. And my new car wants to be on the Internet! And so on and so on. I suppose though I feel part of the old school to whom stuff, things, whatever, were always connected to computers and computers were connected to networks. No, I was never in a place that had the coffee machine hooked up. But what is new? Time to quote Philip Larkin? "Sexual intercourse began In nineteen sixty-three (which was rather late for me) - Between the end of the "Chatterley" ban And the Beatles' first LP." I now think though that what is “new” is that it is no longer just ”us” but it is more and more “them”. And that is probably the most important distinction. I think I first came across the notion of an “Internet driving licence” in an exchange I had way back with Robert Cailliau. I did not see how it could work then and I still don’t. On the other hand I remember the Scottish Law Commission looking at computer crime. https://www.scotlawcom.gov.uk/files/1013/1419/8499/cm68.pdf The lesson I took I think still holds valid. The law is an ecosystem and you are so much better first seeing what you can do with current law before looking to see if current law needs to be modified, even just in interpretation, before trying to justify brand new laws. So consumer protection - truth in advertising? - and product liability and privacy / data protection and so on. This community could help out in that direction by being clearer on roles - and so possible responsibilities? But I have been struck by a couple of things mentioned where I feel we have to be much clearer towards the outside world, particularly policy people and legislators. I feel more and more uncomfortable with the term "end-to-end principle”. Don’t get me wrong. I am very much in favour of the the dumb middle, the simplifying, the non-interfering, non-discrimatory middle. And the more we all encrypt the more that may be how it will be. But the end-to-end idea seems to take us back to a connection - a circuit? - between two end points. Maybe two end networks makes a little bit more sense? And yet we here know that is not the case. A few years back Patrik Fältström and I wrote a little paper on what happened when I, sitting at home in Brussels, accessed his web-site in Sweden. With a little bit of thought you can imagine what we saw. The number of networks involved. The number of name servers involved. The number of content servers involved. Patrik was a bit surprised to see - to be reminded? - that one machine was acting as both a name server and a content server? I am not sure if Patrik is on this list but I have copied him in. So if anyone wants the paper he can give a pointer on his site. So a “thing” on a network may be having quite a rich conversation with very many servers out there. It is not simple end-to-end, device to server. And then your access provider - many provide services only some provide access! — may not be as obvious as you think. You will have more than one. I am not sure how many. I remember watching a video of a presentation by Mark Townsley at UKNOF27 (available on YouTube of course). I invite you to go and have a look at it. But for me there were two key points. Your home network will have multiple external connections, multiple external IP connections if not full Internet connections. And as Mark points out home networks will have to deal with that. And at the same time we all already have things - smart phones! - that move back and forwards between different styles of connectivity. My phone does WiFi in my living room and “only” 4G down the corridor in my bedroom. So some apps only work when I am on WiFi and not when I am on 4G. And they have just installed remote water meters which I hope will stay where they are I will pause here. :-) Gordon @ TDRS
On 11 Apr 2017, at 22:37, Gordon Lennox wrote:
A few years back Patrik Fältström and I wrote a little paper on what happened when I, sitting at home in Brussels, accessed his web-site in Sweden. With a little bit of thought you can imagine what we saw. The number of networks involved. The number of name servers involved. The number of content servers involved. Patrik was a bit surprised to see - to be reminded? - that one machine was acting as both a name server and a content server? I am not sure if Patrik is on this list but I have copied him in. So if anyone wants the paper he can give a pointer on his site.
Yes, I am on this list, and the link to the paper is: <https://stupid.domain.name/node/1720> I think too many people do look at using regulation and what not to get this right. That might help but look at the issues wth the CE mark for electric gear. That is hard enough, and is something people KNOW they should look for, and is a REQUIREMENT all over the place. And we still have fake stuff. I think we need in the case of IoT much more clearly: A. Tools and software packages that are correct, that do the right thing, so that whoever want to do an internet connected toothbrush can do so by downloading the right software. There are very very few packages that everyone uses (OpenWRT, DNSMasq, Curl etc) and I am still waiting EU Commission and similar organisations put in serious money to have those packages, open source, do the right thing. B. An agreement from manufacturers that their gear are to do the right thing. Like a gentlemans agreement. Will not help at all, but still a good thing. Enable and make it easy for companies to be signatories of things like MANRS. ISOC? C. Make it much more clear in the various pan european legislations that an ISP do have the ability to cut off customers from which bad packets come from. Today ISPs should forward packets but also protect the network (handwaving, handwaving). I do not see ISPs be afraid of cutting customers off, and the main reason for not doing it has to do with increased support cost (why would an ISP invest money in helping a customer they already do not make money on configuring their toothbrush correctly?). D. Public sector must buy only correct internet connected toothbrushes. To see public sector buy a single thing that do not do IPv6, that do not do DHCP correctly or what not should be punished in some way. Here is where the whip should be applied. Big time! And of course to whoever delivers an internet connected x-ray with open port 22. Full refund, replace the gear, and up to 4% of the turnaround in economical fees if not remediated quickly (i.e. in months). But, as I see little to no interest in "correct Internet access" from for example the Commission, I do not understand how this (A+D) will be implemented. Patrik
On 4/12/17 6:00 AM, Patrik Fältström wrote:
I think too many people do look at using regulation and what not to get this right. That might help but look at the issues wth the CE mark for electric gear. That is hard enough, and is something people KNOW they should look for, and is a REQUIREMENT all over the place. And we still have fake stuff.
The first thing people counterfeit is the CE mark...
I think we need in the case of IoT much more clearly:
A. Tools and software packages that are correct, that do the right thing, so that whoever want to do an internet connected toothbrush can do so by downloading the right software. There are very very few packages that everyone uses (OpenWRT, DNSMasq, Curl etc) and I am still waiting EU Commission and similar organisations put in serious money to have those packages, open source, do the right thing.
B. An agreement from manufacturers that their gear are to do the right thing. Like a gentlemans agreement. Will not help at all, but still a good thing. Enable and make it easy for companies to be signatories of things like MANRS. ISOC?
I think we could do this. I think it would be a good idea. But it cannot be onerous to manufacturers, onerous being, of course, in the eye of the beholder. To me that means, by the way, using only the code you need, maintaining it through updates, advertising the support lifetime of the device, providing for secure onboarding, and explaining how the device is supposed to behave on the network.
C. Make it much more clear in the various pan european legislations that an ISP do have the ability to cut off customers from which bad packets come from. Today ISPs should forward packets but also protect the network (handwaving, handwaving). I do not see ISPs be afraid of cutting customers off, and the main reason for not doing it has to do with increased support cost (why would an ISP invest money in helping a customer they already do not make money on configuring their toothbrush correctly?).
That's why I asked my first question as I did: what can ISPs do to facilitate the RIGHT thing happening? Cutting people off is the most extreme form of answer. Surely there is more that can be done before that point. Eliot
On 12 Apr 2017, at 12:55, Eliot Lear wrote:
B. An agreement from manufacturers that their gear are to do the right thing. Like a gentlemans agreement. Will not help at all, but still a good thing. Enable and make it easy for companies to be signatories of things like MANRS. ISOC?
I think we could do this. I think it would be a good idea. But it cannot be onerous to manufacturers, onerous being, of course, in the eye of the beholder. To me that means, by the way, using only the code you need, maintaining it through updates, advertising the support lifetime of the device, providing for secure onboarding, and explaining how the device is supposed to behave on the network.
It must be a simple easy self-certification. But it must because of this be based on simple rules. "I hereby promise that my gear follow these rules". What are the rules? 1. No default passwords admin/admin 2. Default no open ports (on upstream interface) 3. If forwarding packets, BCP38 4. Automatic software updates 5. ...
C. Make it much more clear in the various pan european legislations that an ISP do have the ability to cut off customers from which bad packets come from. Today ISPs should forward packets but also protect the network (handwaving, handwaving). I do not see ISPs be afraid of cutting customers off, and the main reason for not doing it has to do with increased support cost (why would an ISP invest money in helping a customer they already do not make money on configuring their toothbrush correctly?).
That's why I asked my first question as I did: what can ISPs do to facilitate the RIGHT thing happening? Cutting people off is the most extreme form of answer. Surely there is more that can be done before that point.
Well, they can do BCP38 and other things in MANRS. They can do DNSSEC validation in whatever recursive resolver service they include in the internet access service. They can also ship gear (if something is included) that supports the simple rules above. But not much more. I would be very nervous if the ISP becomes responsible for content of IP packets of customers. Most attacks I see today also do not come from ISPs (i.e. traditional eyeball providers) but PHP based web sites with unpatched wordpress and what not. Which leads back to the need for more stable and secure software packages that people can use. Patrik
On 12-04-17 13:29, Patrik Fältström wrote:
I would be very nervous if the ISP becomes responsible for content of IP packets of customers.
Indeed - a situation the intellectual property lobby and many governments would really love. Julf
On Apr 12, 2017, at 13:55, Eliot Lear <lear@lear.ch> wrote:
C. Make it much more clear in the various pan european legislations that an ISP do have the ability to cut off customers from which bad packets come from. Today ISPs should forward packets but also protect the network (handwaving, handwaving). I do not see ISPs be afraid of cutting customers off, and the main reason for not doing it has to do with increased support cost (why would an ISP invest money in helping a customer they already do not make money on configuring their toothbrush correctly?).
That's why I asked my first question as I did: what can ISPs do to facilitate the RIGHT thing happening? Cutting people off is the most extreme form of answer. Surely there is more that can be done before that point.
From my point of view ISP has the right to disconnect client that cause harm by some device. But big enough ISP can made rating list of devices on their site. It is almost impossible that top devices from rating can cause problems in the net. The further from top device (manufacturer, class of devices from manufacturer) is the greater possibility of problems caused by device. Some big ISP can start to keep such list. Other can join later. Every line in the list can contain link to list of possible problems from this device. If list will become popular than manufacturer will try to keep higher place in the list. They can do it by creating better software for devices. It is not list of better devices but it is list of safer devices and this list can affect on the device selling and this can bring us to safer devices.
Eliot
_______________________________________________ iot-discussion mailing list iot-discussion@ripe.net https://lists.ripe.net/mailman/listinfo/iot-discussion
-- Best regards Taras Heychenko tasic@hostmaster.ua
Patrik Fältström wrote:
Yes, I am on this list, and the link to the paper is:
Thanks for this document. It show that end-to-end (end-to-multi-end) is the basis of the Internet.
I think we need in the case of IoT much more clearly:
I like these four areas of thinking!
A. Tools and software packages that are correct, that do the right thing, so that whoever want to do an internet connected toothbrush can do so by downloading the right software. There are very very few packages that everyone uses (OpenWRT, DNSMasq, Curl etc) and I am still waiting EU Commission and similar organisations put in serious money to have those packages, open source, do the right thing.
B. An agreement from manufacturers that their gear are to do the right thing. Like a gentlemans agreement. Will not help at all, but still a good thing. Enable and make it easy for companies to be signatories of things like MANRS. ISOC?
C. Make it much more clear in the various pan european legislations that an ISP do have the ability to cut off customers from which bad packets come from. Today ISPs should forward packets but also protect the network (handwaving, handwaving). I do not see ISPs be afraid of cutting customers off, and the main reason for not doing it has to do with increased support cost (why would an ISP invest money in helping a customer they already do not make money on configuring their toothbrush correctly?).
D. Public sector must buy only correct internet connected toothbrushes. To see public sector buy a single thing that do not do IPv6, that do not do DHCP correctly or what not should be punished in some way. Here is where the whip should be applied. Big time! And of course to whoever delivers an internet connected x-ray with open port 22. Full refund, replace the gear, and up to 4% of the turnaround in economical fees if not remediated quickly (i.e. in months).
But, as I see little to no interest in "correct Internet access" from for example the Commission, I do not understand how this (A+D) will be implemented.
So we must help all involved entities in the above areas to achieve this common goal: assuming that we value to opportunities van the present Internet. The above aspects are quite technical (and I see security even as quite technical). We also have the ethical, the non-existence of anonymity in the data world, etc. That is more a philosophical issues that we need to try to solve: as deep analytics/search machines is emerging everywhere (with [cloud] processing capacity). 'Luckily' this is a general issues, so not only in IOT. All the best, Victor -- Victor Reijs Network Development Manager and International Relations HEAnet CLG, Ireland’s National Education and Research Network 1st Floor, 5 George’s Dock, IFSC, Dublin D01 X8N7, Ireland +353 (0)1 6609040 victor.reijs@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 (w)
Item: https://www.theregister.co.uk/2017/04/13/aga_oven_iot_insecurity/ Miscreants can remotely turn off and on posh Aga ovens via unauthenticated text messages, security researchers have warned. Going back to Eliot’s original questions: ** What about the role of the service provider? Can the service provider take a more direct part in assisting the consumer in protecting themselves, and if so, what help is needed from manufacturers, CPE vendors, and yes, companies like mine (Cisco)? Upfront I ought to say that I am still not clear if everybody agrees on what a “thing” is in this context. And what is not a “thing”? I am not even clear that everybody is referring to the same internet when they are talking about the IoT. And what is the “problem” we are trying to solve? Is it that “things” are participating in dDoS attacks elsewhere? Is it that a DoS attack on a domestic network would now have significant bad effects given the increasing reliance we have on our “things"? Is it that our “things" are being used to breach privacy? Are there safety issues? I am though making the presumption that Eliot is talking about access providers and not about those who manufacture or sell “things” or provide services related to specific things. The basic problems seem clear. We don’t produce quality software, quality systems, not even when it concerns safety and security. And the Economist seemed to suggest recently we never will. We don’t even do life-cycle management that well, if at all. There seem to be two modes of operation: "ship and patch" or "ship and forget”. And given the increasing inter-relationships within and between systems it is not clear which is preferable in general. I must be far from the only person who put off and put off and put off upgrading - migrating? - to the latest version of macOS, despite being nagged and nagged by Apple, because GPG was not compatible with it. We do know however that “things” have been connected to the Internet since like forever - which is why some very experienced people in our community prefer talking about the “so-called IoT”? We also know however that the number of network connected devices is increasing. And that the number of services / apps involved with any particular device is often increasing. And the interactions between different devices/services/apps is increasing. And the number of organisations and individuals “inventing” new stuff is increasing. And of course the number of users is certainly increasing. But do the issues vary between a health/fitness app on my phone and me wearing a device providing similar functions that connects to my phone? My phone listens to me and tracks me. And my TV both listens to me and watches me. Of course my content and information suppliers - what were newspapers, books, tv and cinema - know what I look at and when, no matter what device I use. And my next watch may log where I go on public transport while hopefully also telling me the local time. And the building security system watches me come and go. And my camera already talks WiFi. And somehow my headphones just needed a software update. And my next car may have multiple SIM cards which will track me in detail and yet also also have safety implications. Happily my fridge still tends mostly towards cold beer. What I see around me is that people are having significant problems keeping track of their multiple devices, including their multiple logins and services which work on one network and not another, and how various devices and services interact. But the idea of using Facebook to provide the unique authenticated ID seems scary. And then we share or sell or pass on devices to others. Anyway I am very wary of giving more control to access providers, of allowing them to take more control, for a number of reasons. Both individuals and increasingly households have multiple access providers. People with their crossover phones - are they still phones? - are continually moving between networks - WiFi, 3G, 4G - at home, at work, while commuting, travelling, roaming and so on. Sometimes they are on more than one network at the same time. For the domestic environment see the HomeNet presentation by Mark Townsley previously mentioned. And of course the workspace is similar. Except I would presume there that many organisations have long accepted that, given the nomadic nature of user devices, relying only on a corporate firewall is a touch naive. However even just the traffic associated with one device going through one access provider to, as the user sees it, one service is more complex than many people realise. See the little paper that Patrik and I produced and we did not delve too deep. So we have increasing local complexity and external complexity. But if we ignore that for the moment we will obviously see the usual candidate solutions. At the device level we have been through a lot of the arguments. See Hush-a-Phone, the Carterfone and more for old US history. And in the EU we had the Terminal Equipment Directive. Until the incumbents started to impose their “Box's”? And now more recently the discussions on Network Neutrality. The idea that you have to ask permission from your access provider to use a networked device seems very old school. In addition it now takes me a bit of effort - not yet too much? - to identify all the networked devices in my home. And then of course we have the Raspberry Pi community! We still believe in "permission-free innovation” don’t we? So I don’t see how we could expect users to notify their multiple access providers of their devices. But I also don't expect access providers to be allowed to keep track of those devices. Even if that, without SIMs, was to some extent possible it would now be seen as just too damn intrusive. We seem not entirely happy accepting this kind of thing for terrorism: I don’t see us doing it for rogue refrigerators. Indeed the IETF has identified significant surveillance as an attack. I find it difficult to see how we can now try and reclassify that kind of “attack” just because we cannot code air-conditioning systems properly. Going up a level we have the notion of blocking certain IP addresses or port numbers or domain names. Again we have been there before. It has worked when, for well-known reasons, there has been enough of a consensus and acceptable alternatives. I am thinking of course of port 25. But when it has been a question of trying to restrict access to certain content - whether copyrighted material or content related to child abuse - blocking, filtering or redirecting has not been the panacea that some legislators expected. If the issue is that a domestic network is “participating” in some kind of more widespread network-related problem then blocking all traffic from that network - all traffic to that network? - may have been a solution. But given that some form of connectivity is now seen as so important - essential for normal participation in society, if not a human right - then that may tend to be seen as too extreme. Rate limiting or throttling plus a clear indication being sent for the motive may still be seen as acceptable. If the access provider can, with the minimum of intrusion, identify when traffic is abnormal? But given that applications and services will more and more have health and safety implications then serious care is needed. If we are though in the area of blocking, redirecting or rate capping then there still has to be a reasonable way for an access provider to communicate with the user. We seem to be in a process whereby we have to give more and more information to do stuff. To read a newspaper we need to give an email address. To manage an email account we need to give a phone number. Increasing the number of players who need more and more information may not be the way to go. And yet how can we be sure the message gets through? When my access provider had a problem a while back I lost not only internet connectivity through them but also my TV connection and my fixed telephone service. Of course I had alternative ways of finding out what was happening and reporting the problem. I am not sure all my neighbours were the same. I hope that many of them do not spend as much time as I do with a screen and a keyboard. Going up another layer we might envisage blocking certain applications or services, for security reasons or safety reasons. But I think we know where that tends to lead. All in all, given the richness and complexity of connected activities, surveillance and interference of domestic traffic by access providers is not going to be well regarded in general - and it may simply be illegal. Nor is it liable to be that effective? Even if it was ever going to be feasible? The more we take surveillance as a “bad thing” the more we will encrypt, with the resulting loss of transparency in the core. Maybe the IP layer is just not where we should be looking for the solution to specific problems. ** What role does/should the government play? Governments, here, there, everywhere, will do whatever. And is this really one of the better moments to talk about governments given that we will now have a series of elections in major EU countries? I accept there are contradictions in what governments do. See “The Organization of Hypocrisy” by Nils Brunsson or "Why Leaders Lie” by John Meersheimer or so many more. I accept that it can get complicated. Anyone for some new free trade negotiations? But governments are still just about people, people who are not always that much brighter than you, people who in any case tend to lack magical powers. They can help. But they cannot easily help with a problem that we as stakeholders - horrible term - have not begun to properly define. I sometimes think about it as going to see your general practitioner. Go with an ill-defined “feeling” and you may be in for some "tests” - too many tests? Go with some signs and symptoms and be ready for a conversation and you might come out cured. I was invited though to talk at EuroIX some years back about the “government” in Brussels. I said there were three things that they did. *** Policy. Talk about stuff. See if there is a consensus. Try and develop a consensus. Push certain ideas. Fund groups. Organise meetings. Not to be underestimated. But it takes time, effort, resources to get really involved. There are very many specialists, lobbyists, in Brussels. And in the end of course you can disagree with government policy. *** Make rules. Regulate and legislate. It takes time - and what goes into the sausage-making machine often does not resemble what come out: you may not like that sausage, a sausage you are now expected to eat. And once rules are agreed it can take a long time to change them. The resources to fully enforce the “rules” though may simply not always be there. But ignoring the rules tends not to be an option for most folk. *** And funding... There is a continuum between policy and rules and funding. Policy helps define the rules to be agreed and policy helps decide how strongly rules will be enforced or not. But funding, in one form or another, tends to be what makes it happen. So what should we expect from governments? I would rather ask what we could or should ask from governments, how can we and should we engage. I think we could engage in any policy discussions. Primarily to bring in some reality? Stop them killing the internet? I would so much hope we can avoid things like the Y2K disaster games. I still have the scars. There is a downside of course in that by just being there you may bring credibility to the issue. NCC and ISOC were there and so obviously they agree with the importance of the issues and endorse the outcome? We should also be wary of the “problem” being punted off to some organisation. The choice of organisation - ITU, ETSI, ENISA, ICANN and not the IETF or the RIRs - sort of defines the answers we might expect in so many ways. When it come to wanting rules. Be careful. Be very careful. Not least because if we get it wrong it will stay wrong for a while! - - - And responding to Patrik’s bullets - because I have too! ;-) A. Sort the quality problem. Yes please. But how come big resource-rich companies - make your own list - are patching and patching and then patching again. Until end-of-life? I am not clear what we ought to be able to expect from the rest. B. Stickers, seals, logos, MoUs have been popular for a long time. One more? Some more? C. I don’t think the Parliament is going to be that happy recommending that an access provider can cut off a domestic customer suddenly and completely. An awful lot of safeguards would be required. And even then. D. Public procurement? It would be nice if that was done better from an internet engineering perspective. But public procurement is political. The big battles have tended to be around local preference rather than IPv6. Looking back though we have tried to make the technical rules clearer, both in terms of interconnection and security. GOSIP? Common Criteria? And much more. And we have had national successes which were both good and bad - good for a time and then bad? But if you want to enforce rules then you need a body to make those rules. Sorry Patrik but just asking you is not an option. ;-) So who? ETSI? CENELEC? And I feel not the IETF. RFCs provide “advice to consenting engineers": they are not always ideal procurement specs. - - - The IoT, for any soft definition of IoT, is going to pervasive and ubiquitous. The devil is though going to be in the detail. Potentially in every line of code? I don’t think there will be a single solution, a single set of rules. I am not even sure if yet another set of principles - maybe however some OECD guidelines? - would be useful at this stage. But maybe. And if not that then one problem at a time? I am still not clear where the human rights activities in the IRTF may go. I say that while thinking human rights are important - apparently some people, some states do not? I say that though having watched how the IETF security directorate worked over the years. And protocol security clearly involves more engineering considerations? But the evolving IoT will involve human rights considerations. Privacy, the new surveillance, safety and so on. But if I had a wish from industry it would be for some clarity on what the IoT toys we buy are doing. I don’t buy some stuff because I don’t know enough about what is happening. I have stopped using stuff because I felt that the device was being too intrusive. When asked for advice I have found myself doing some kind of reverse engineering to try and figure out what might be going on. (They sprinkled Golden Crypto Dust on it. So everything is OK? Well maybe not…!) And of course I don’t always have an indication that something has gone wrong. And alongside that maybe some tools that I could use on my network that would help me understand what my network is doing? But that is probably too much to ask right now. Pause… See you at 74. :-) Gordon @ TDRS
On 19 Apr 2017, at 11:02, Gordon Lennox wrote:
Anyway I am very wary of giving more control to access providers, of allowing them to take more control, for a number of reasons.
For me one reason is enough: The basic rule for anyone carrying communication is to carry that communication to the intended destination. As soon as we want exceptions to that rule and responsibility it really really really must be viewed as such. And implemented as such. Who makes the decision on when where and why to act, how to ensure the pointy tool used is pointy enough, secondary effect, false positives and such. Once again: the main task for a carrier of communication is to do their job to carry the communication. Can we agree on that?
Maybe the IP layer is just not where we should be looking for the solution to specific problems.
Maybe, maybe not?
And responding to Patrik’s bullets - because I have too! ;-)
:-D
A. Sort the quality problem. Yes please. But how come big resource-rich companies - make your own list - are patching and patching and then patching again. Until end-of-life? I am not clear what we ought to be able to expect from the rest.
Bingo!
B. Stickers, seals, logos, MoUs have been popular for a long time. One more? Some more?
I do not know, thats why I asked! :-D
C. I don’t think the Parliament is going to be that happy recommending that an access provider can cut off a domestic customer suddenly and completely. An awful lot of safeguards would be required. And even then.
Yes, agree. See above on the role of the communication provider.
D. Public procurement? It would be nice if that was done better from an internet engineering perspective. But public procurement is political. The big battles have tended to be around local preference rather than IPv6. Looking back though we have tried to make the technical rules clearer, both in terms of interconnection and security. GOSIP? Common Criteria? And much more. And we have had national successes which were both good and bad - good for a time and then bad? But if you want to enforce rules then you need a body to make those rules. Sorry Patrik but just asking you is not an option. ;-) So who? ETSI? CENELEC? And I feel not the IETF. RFCs provide “advice to consenting engineers": they are not always ideal procurement specs.
Well, I would not mind having some wrong requirements sometimes. That is why I rather see requirements in procurements than in legislation... And we should not mix up historical bad regulation with procurement requirements.
See you at 74.
Not me :-( paf
So keeping the frame in mind: potential problems relate to “things” attached to your home network and what your access provider can and should do about those problems.
On 19 Apr 2017, at 23:37, Patrik Fältström <paf@frobbit.se> wrote:
On 19 Apr 2017, at 11:02, Gordon Lennox wrote:
Anyway I am very wary of giving more control to access providers, of allowing them to take more control, for a number of reasons.
For me one reason is enough:
The basic rule for anyone carrying communication is to carry that communication to the intended destination. As soon as we want exceptions to that rule and responsibility it really really really must be viewed as such. And implemented as such.
Who makes the decision on when where and why to act, how to ensure the pointy tool used is pointy enough, secondary effect, false positives and such.
Once again: the main task for a carrier of communication is to do their job to carry the communication.
Can we agree on that?
But your access provider does not and cannot provide end-to-end communication. That is not what it says in your contract with them. As a way of moving conversations forward I used to ask people what their ISP did for them. The set of elements I had in mind then has changed. Which is why, in addition to various discussions on "network neutrality”, I now tend to talk about access providers. My access provider forwards packets “best effort”. They do not do email for example. Nor chat. Nor… But even with email we both now somebody who has configured their mail server to refuse connections from the email provider I use. (They also try to run my home network which is irritating.) So an access provider’s prime role is to do what is written on the tin: forward packets without discrimination or interference or monitoring? Except various groups want some of those “features" implemented. It is a real pity that RFC 3514 did not get more uptake. ;-)
Maybe the IP layer is just not where we should be looking for the solution to specific problems.
Maybe, maybe not?
I think not in general, and probably not in this case. But I would be happy to hear of informed opinions going in another direction.
And responding to Patrik’s bullets - because I have too! ;-)
:-D
A. Sort the quality problem. Yes please. But how come big resource-rich companies - make your own list - are patching and patching and then patching again. Until end-of-life? I am not clear what we ought to be able to expect from the rest.
Bingo!
And then what?
B. Stickers, seals, logos, MoUs have been popular for a long time. One more? Some more?
I do not know, thats why I asked! :-D
C. I don’t think the Parliament is going to be that happy recommending that an access provider can cut off a domestic customer suddenly and completely. An awful lot of safeguards would be required. And even then.
Yes, agree. See above on the role of the communication provider.
D. Public procurement? It would be nice if that was done better from an internet engineering perspective. But public procurement is political. The big battles have tended to be around local preference rather than IPv6. Looking back though we have tried to make the technical rules clearer, both in terms of interconnection and security. GOSIP? Common Criteria? And much more. And we have had national successes which were both good and bad - good for a time and then bad? But if you want to enforce rules then you need a body to make those rules. Sorry Patrik but just asking you is not an option. ;-) So who? ETSI? CENELEC? And I feel not the IETF. RFCs provide “advice to consenting engineers": they are not always ideal procurement specs.
Well, I would not mind having some wrong requirements sometimes. That is why I rather see requirements in procurements than in legislation... And we should not mix up historical bad regulation with procurement requirements.
There are always restrictions in procurement. Offering bribes tends to be always out. But here we are talking about public procurement and here the barriers are a bit higher. And if you are going to write rules for public procurement then it can be useful to have a reference base of technical standards from recognised standards organisations. Which is why I cited ETSI and CENELEC. There have been attempts to get around this by talking about “pre-competitive procurement” as a fellow countryman of yours proposed. But, wonderful as it could be, you cannot just say: propose stuff that the internet community, including the IETF and W3C and the RIRs and Patrik and all, think is fine.
See you at 74.
Not me :-(
paf
Pity. Gordon
On 20 Apr 2017, at 09:45, Gordon Lennox <gordon.lennox.13@gmail.com> wrote:
So keeping the frame in mind: potential problems relate to “things” attached to your home network and what your access provider can and should do about those problems.
Minor nit perhaps: "what your access provider can and should be allowed to do about these problems"? I'm not sure we'd want access providers to have control over what web cams (or whatever) someone wants to install on their home network.
On 4/20/17 11:03 AM, Jim Reid wrote:
I'm not sure we'd want access providers to have control over what web cams (or whatever) someone wants to install on their home network.
If the SP is facilitating an intelligent decision by consumer, I would suggest there is value. If the SP is making the decision without consumer having the opportunity to decide for him- or herself, that would be quite a different matter. Eliot
Minor nit perhaps: "what your access provider can and should be allowed to do about these problems"?
I'm not sure we'd want access providers to have control over what web cams (or whatever) someone wants to install on their home network.
But you probably would he offended if they do not cut off that spammer or the person that is sending your DNS server a few million queries a second. They should not have an opinion about connecting a webcam, but what about me hosting a Command & Control server? Marco (Devil’s advocate speaking here)
On 20 Apr 2017, at 10:53, Marco Hogewoning <marcoh@ripe.net> wrote:
Minor nit perhaps: "what your access provider can and should be allowed to do about these problems"?
I'm not sure we'd want access providers to have control over what web cams (or whatever) someone wants to install on their home network.
But you probably would he offended if they do not cut off that spammer or the person that is sending your DNS server a few million queries a second.
Indeed. Though that's not the same thing as giving access providers some influence or stake in their CPE customers can install.
They should not have an opinion about connecting a webcam, but what about me hosting a Command & Control server?
Nuke it from orbit. Just to be sure. :-) But suppose that webcam is the c&c server. And how would anyone know that?
On 20 Apr 2017, at 12:01, Jim Reid <jim@rfc1035.com> wrote:
But you probably would he offended if they do not cut off that spammer or the person that is sending your DNS server a few million queries a second.
Indeed. Though that's not the same thing as giving access providers some influence or stake in their CPE customers can install.
They should not have an opinion about connecting a webcam, but what about me hosting a Command & Control server?
Nuke it from orbit. Just to be sure. :-)
But suppose that webcam is the c&c server. And how would anyone know that?
Okay, so assume “notice and takedown” procedures would apply, once the ISP is notified about particular (illegal) behaviour that is harmful to others, they are assumed to take action? Under that umbrella, knowing that a particular class of devices is vulnerable and very likely to be compromised unless the user takes action (software upgrade, provided that is available), would it be allowable to take preventive measures such as filtering access to those devices? Alternatively, knowing these devices are a likely source of “bad things” should I wait for a 3rd party notice before I take them down, or should I be able to rely on my own monitoring (netflow, DPI) and make the call myself? Marco
On 20 Apr 2017, at 10:45, Gordon Lennox wrote:
Once again: the main task for a carrier of communication is to do their job to carry the communication.
Can we agree on that?
But your access provider does not and cannot provide end-to-end communication. That is not what it says in your contract with them.
I do not wrote end-to-end-communication. Their job is to carry the communication. They are your transit provider. Default is to carry the communication. Other things (failure in doing so, blocking and what not) are exceptions to the general rule. Ok?
Maybe the IP layer is just not where we should be looking for the solution to specific problems.
Maybe, maybe not?
I think not in general, and probably not in this case. But I would be happy to hear of informed opinions going in another direction.
Agree, but as you wrote yourself, there are situations where there is agreement (and hopefully in the fine print) that certain things are blocked. And under some circumstances ISPs under the various implementations of the electronic communication directive have the responsibility to act. Normally to protect their network and minimize damage for third parties etc etc. Still exceptions.
A. Sort the quality problem. Yes please. But how come big resource-rich companies - make your own list - are patching and patching and then patching again. Until end-of-life? I am not clear what we ought to be able to expect from the rest.
Bingo!
And then what?
Does not matter how this is resolved. "Better quality" is relative. We need better things. And part of that might very well be with patching. Or by default all ports closed (instead of default open). Etc.
Well, I would not mind having some wrong requirements sometimes. That is why I rather see requirements in procurements than in legislation... And we should not mix up historical bad regulation with procurement requirements.
There are always restrictions in procurement. Offering bribes tends to be always out. But here we are talking about public procurement and here the barriers are a bit higher. And if you are going to write rules for public procurement then it can be useful to have a reference base of technical standards from recognised standards organisations. Which is why I cited ETSI and CENELEC.
There have been attempts to get around this by talking about “pre-competitive procurement” as a fellow countryman of yours proposed.
But, wonderful as it could be, you cannot just say: propose stuff that the internet community, including the IETF and W3C and the RIRs and Patrik and all, think is fine.
What I am talking about is to have public sector just asking for well functioning stuff. This has to do with clue. Not change the rules. paf
Unfortunately all too often, we the tax-payers, only pressure public sector to keep it cheap and get it done quickly :( It can be many things: good, fast, cheap, but we can't have it all. While I agree that public sector can be of great influence, even outside the use of traditional instruments, by simply asking for and spending money on "good things", the reality is often quite different. We do need a shift in the public mindset that quality (security, privacy, safety) costs money and that in the end you get what you pay for. Secondly, we the collective industry sector, might also want to rethink our priorities in product design and delivery and consider the consumer's or user's general well being and safety a bit more. There are reasons why certain heavy equipment takes two hands to operate, maybe there is something for the I** industry to learn from. Groet, MarcoH -- Sent from a small touch screen, apologies for typos
On 20 Apr 2017, at 18:59, Patrik Fältström <paf@frobbit.se> wrote:
What I am talking about is to have public sector just asking for well functioning stuff. This has to do with clue. Not change the rules.
Hi Gordon, I think we are looking at this through different lenses. You are considering the risks of inhibiting permissionless innovation, and mine is the inability of the consumer to actually manage access. Here's a little graphic I like to use in this context... It is inline with a presentation Andrew Sullivan gave in November at the IETF over what happened with Mirai. My goal is to thread the needle in the middle. We need to give consumers a meaningful way to address security considerably more holistically than has been done in the past. Certainly CPE gear today don't begin to cover the gap. And consider this- DDOS attacks we are now seeing are beginning to be dominated not by PCs and servers, but by Things. In answer to your question, “What is a thing?” everyone has their own definition, but as an engineer let me give you mine, and my logic: a Thing is a device that has a single or small number of uses and has a transceiver. The Internet of Things is the collection of those Things that have some form of Internet access. My logic is simple: if we include general purpose computing, the problem is entirely unconstrained. If we use a definition such as mine, then we can say that because a Thing has a single or small number of uses, those uses are easy (easier?) to authorize. This doesn't harm permissionless innovation so long as the designer of the Thing can communicate to the network its intentions. To put a cherry on the Sundae, however, the consumer needs to remain the ultimate arbiter of what is allowed or not allowed. The challenge is that the consumer must be presented with decisions that he or she can comprehend. Asking the consumer about which ports to open on a firewall isn't helpful. “A port? What's a port?” THAT is where I believe the SP has a role. But just because *I* believe it doesn't mean any SP believes it. And making my view of the future reality would require a lot of service providers to really Step Up. Finally, let me add one regulatory thought. Consumers might rightly be concerned about trusting a service provider to handle all of this. Consumers might want choices to handle all of this. Service providers must earn that trust, and an appropriate regulatory framework can help. That doesn't mean NO regulation, nor does it mean lot's of regulation. But the goal should be to instill trust. Cooperative security, which this is, hinges on that. Eliot On 4/19/17 11:02 AM, Gordon Lennox wrote:
Item: https://www.theregister.co.uk/2017/04/13/aga_oven_iot_insecurity/ Miscreants can remotely turn off and on posh Aga ovens via unauthenticated text messages, security researchers have warned.
Going back to Eliot’s original questions:
** What about the role of the service provider? Can the service provider take a more direct part in assisting the consumer in protecting themselves, and if so, what help is needed from manufacturers, CPE vendors, and yes, companies like mine (Cisco)?
Upfront I ought to say that I am still not clear if everybody agrees on what a “thing” is in this context. And what is not a “thing”? I am not even clear that everybody is referring to the same internet when they are talking about the IoT. And what is the “problem” we are trying to solve? Is it that “things” are participating in dDoS attacks elsewhere? Is it that a DoS attack on a domestic network would now have significant bad effects given the increasing reliance we have on our “things"? Is it that our “things" are being used to breach privacy? Are there safety issues? I am though making the presumption that Eliot is talking about access providers and not about those who manufacture or sell “things” or provide services related to specific things.
The basic problems seem clear. We don’t produce quality software, quality systems, not even when it concerns safety and security. And the Economist seemed to suggest recently we never will. We don’t even do life-cycle management that well, if at all. There seem to be two modes of operation: "ship and patch" or "ship and forget”. And given the increasing inter-relationships within and between systems it is not clear which is preferable in general. I must be far from the only person who put off and put off and put off upgrading - migrating? - to the latest version of macOS, despite being nagged and nagged by Apple, because GPG was not compatible with it.
We do know however that “things” have been connected to the Internet since like forever - which is why some very experienced people in our community prefer talking about the “so-called IoT”? We also know however that the number of network connected devices is increasing. And that the number of services / apps involved with any particular device is often increasing. And the interactions between different devices/services/apps is increasing. And the number of organisations and individuals “inventing” new stuff is increasing. And of course the number of users is certainly increasing.
But do the issues vary between a health/fitness app on my phone and me wearing a device providing similar functions that connects to my phone? My phone listens to me and tracks me. And my TV both listens to me and watches me. Of course my content and information suppliers - what were newspapers, books, tv and cinema - know what I look at and when, no matter what device I use. And my next watch may log where I go on public transport while hopefully also telling me the local time. And the building security system watches me come and go. And my camera already talks WiFi. And somehow my headphones just needed a software update. And my next car may have multiple SIM cards which will track me in detail and yet also also have safety implications. Happily my fridge still tends mostly towards cold beer.
What I see around me is that people are having significant problems keeping track of their multiple devices, including their multiple logins and services which work on one network and not another, and how various devices and services interact. But the idea of using Facebook to provide the unique authenticated ID seems scary. And then we share or sell or pass on devices to others.
Anyway I am very wary of giving more control to access providers, of allowing them to take more control, for a number of reasons.
Both individuals and increasingly households have multiple access providers. People with their crossover phones - are they still phones? - are continually moving between networks - WiFi, 3G, 4G - at home, at work, while commuting, travelling, roaming and so on. Sometimes they are on more than one network at the same time. For the domestic environment see the HomeNet presentation by Mark Townsley previously mentioned. And of course the workspace is similar. Except I would presume there that many organisations have long accepted that, given the nomadic nature of user devices, relying only on a corporate firewall is a touch naive.
However even just the traffic associated with one device going through one access provider to, as the user sees it, one service is more complex than many people realise. See the little paper that Patrik and I produced and we did not delve too deep.
So we have increasing local complexity and external complexity. But if we ignore that for the moment we will obviously see the usual candidate solutions.
At the device level we have been through a lot of the arguments. See Hush-a-Phone, the Carterfone and more for old US history. And in the EU we had the Terminal Equipment Directive. Until the incumbents started to impose their “Box's”? And now more recently the discussions on Network Neutrality. The idea that you have to ask permission from your access provider to use a networked device seems very old school. In addition it now takes me a bit of effort - not yet too much? - to identify all the networked devices in my home. And then of course we have the Raspberry Pi community! We still believe in "permission-free innovation” don’t we?
So I don’t see how we could expect users to notify their multiple access providers of their devices.
But I also don't expect access providers to be allowed to keep track of those devices. Even if that, without SIMs, was to some extent possible it would now be seen as just too damn intrusive. We seem not entirely happy accepting this kind of thing for terrorism: I don’t see us doing it for rogue refrigerators. Indeed the IETF has identified significant surveillance as an attack. I find it difficult to see how we can now try and reclassify that kind of “attack” just because we cannot code air-conditioning systems properly.
Going up a level we have the notion of blocking certain IP addresses or port numbers or domain names. Again we have been there before. It has worked when, for well-known reasons, there has been enough of a consensus and acceptable alternatives. I am thinking of course of port 25. But when it has been a question of trying to restrict access to certain content - whether copyrighted material or content related to child abuse - blocking, filtering or redirecting has not been the panacea that some legislators expected.
If the issue is that a domestic network is “participating” in some kind of more widespread network-related problem then blocking all traffic from that network - all traffic to that network? - may have been a solution. But given that some form of connectivity is now seen as so important - essential for normal participation in society, if not a human right - then that may tend to be seen as too extreme. Rate limiting or throttling plus a clear indication being sent for the motive may still be seen as acceptable. If the access provider can, with the minimum of intrusion, identify when traffic is abnormal? But given that applications and services will more and more have health and safety implications then serious care is needed.
If we are though in the area of blocking, redirecting or rate capping then there still has to be a reasonable way for an access provider to communicate with the user. We seem to be in a process whereby we have to give more and more information to do stuff. To read a newspaper we need to give an email address. To manage an email account we need to give a phone number. Increasing the number of players who need more and more information may not be the way to go. And yet how can we be sure the message gets through? When my access provider had a problem a while back I lost not only internet connectivity through them but also my TV connection and my fixed telephone service. Of course I had alternative ways of finding out what was happening and reporting the problem. I am not sure all my neighbours were the same. I hope that many of them do not spend as much time as I do with a screen and a keyboard.
Going up another layer we might envisage blocking certain applications or services, for security reasons or safety reasons. But I think we know where that tends to lead.
All in all, given the richness and complexity of connected activities, surveillance and interference of domestic traffic by access providers is not going to be well regarded in general - and it may simply be illegal. Nor is it liable to be that effective? Even if it was ever going to be feasible? The more we take surveillance as a “bad thing” the more we will encrypt, with the resulting loss of transparency in the core.
Maybe the IP layer is just not where we should be looking for the solution to specific problems.
** What role does/should the government play?
Governments, here, there, everywhere, will do whatever. And is this really one of the better moments to talk about governments given that we will now have a series of elections in major EU countries?
I accept there are contradictions in what governments do. See “The Organization of Hypocrisy” by Nils Brunsson or "Why Leaders Lie” by John Meersheimer or so many more. I accept that it can get complicated. Anyone for some new free trade negotiations?
But governments are still just about people, people who are not always that much brighter than you, people who in any case tend to lack magical powers. They can help. But they cannot easily help with a problem that we as stakeholders - horrible term - have not begun to properly define. I sometimes think about it as going to see your general practitioner. Go with an ill-defined “feeling” and you may be in for some "tests” - too many tests? Go with some signs and symptoms and be ready for a conversation and you might come out cured.
I was invited though to talk at EuroIX some years back about the “government” in Brussels. I said there were three things that they did.
*** Policy. Talk about stuff. See if there is a consensus. Try and develop a consensus. Push certain ideas. Fund groups. Organise meetings. Not to be underestimated. But it takes time, effort, resources to get really involved. There are very many specialists, lobbyists, in Brussels. And in the end of course you can disagree with government policy.
*** Make rules. Regulate and legislate. It takes time - and what goes into the sausage-making machine often does not resemble what come out: you may not like that sausage, a sausage you are now expected to eat. And once rules are agreed it can take a long time to change them. The resources to fully enforce the “rules” though may simply not always be there. But ignoring the rules tends not to be an option for most folk.
*** And funding...
There is a continuum between policy and rules and funding. Policy helps define the rules to be agreed and policy helps decide how strongly rules will be enforced or not. But funding, in one form or another, tends to be what makes it happen.
So what should we expect from governments? I would rather ask what we could or should ask from governments, how can we and should we engage.
I think we could engage in any policy discussions. Primarily to bring in some reality? Stop them killing the internet? I would so much hope we can avoid things like the Y2K disaster games. I still have the scars. There is a downside of course in that by just being there you may bring credibility to the issue. NCC and ISOC were there and so obviously they agree with the importance of the issues and endorse the outcome?
We should also be wary of the “problem” being punted off to some organisation. The choice of organisation - ITU, ETSI, ENISA, ICANN and not the IETF or the RIRs - sort of defines the answers we might expect in so many ways.
When it come to wanting rules. Be careful. Be very careful. Not least because if we get it wrong it will stay wrong for a while!
- - -
And responding to Patrik’s bullets - because I have too! ;-)
A. Sort the quality problem. Yes please. But how come big resource-rich companies - make your own list - are patching and patching and then patching again. Until end-of-life? I am not clear what we ought to be able to expect from the rest.
B. Stickers, seals, logos, MoUs have been popular for a long time. One more? Some more?
C. I don’t think the Parliament is going to be that happy recommending that an access provider can cut off a domestic customer suddenly and completely. An awful lot of safeguards would be required. And even then.
D. Public procurement? It would be nice if that was done better from an internet engineering perspective. But public procurement is political. The big battles have tended to be around local preference rather than IPv6. Looking back though we have tried to make the technical rules clearer, both in terms of interconnection and security. GOSIP? Common Criteria? And much more. And we have had national successes which were both good and bad - good for a time and then bad? But if you want to enforce rules then you need a body to make those rules. Sorry Patrik but just asking you is not an option. ;-) So who? ETSI? CENELEC? And I feel not the IETF. RFCs provide “advice to consenting engineers": they are not always ideal procurement specs.
- - -
The IoT, for any soft definition of IoT, is going to pervasive and ubiquitous. The devil is though going to be in the detail. Potentially in every line of code? I don’t think there will be a single solution, a single set of rules. I am not even sure if yet another set of principles - maybe however some OECD guidelines? - would be useful at this stage. But maybe. And if not that then one problem at a time?
I am still not clear where the human rights activities in the IRTF may go. I say that while thinking human rights are important - apparently some people, some states do not? I say that though having watched how the IETF security directorate worked over the years. And protocol security clearly involves more engineering considerations? But the evolving IoT will involve human rights considerations. Privacy, the new surveillance, safety and so on.
But if I had a wish from industry it would be for some clarity on what the IoT toys we buy are doing. I don’t buy some stuff because I don’t know enough about what is happening. I have stopped using stuff because I felt that the device was being too intrusive. When asked for advice I have found myself doing some kind of reverse engineering to try and figure out what might be going on. (They sprinkled Golden Crypto Dust on it. So everything is OK? Well maybe not…!) And of course I don’t always have an indication that something has gone wrong.
And alongside that maybe some tools that I could use on my network that would help me understand what my network is doing? But that is probably too much to ask right now.
Pause…
See you at 74.
:-)
Gordon @ TDRS
_______________________________________________ iot-discussion mailing list iot-discussion@ripe.net https://lists.ripe.net/mailman/listinfo/iot-discussion
Upfront I ought to say that I am still not clear if everybody agrees on what a “thing” is in this context. And what is not a “thing”? ... We do know however that “things” have been connected to the Internet since like forever - which is why some very experienced people in our community prefer talking about the “so-called IoT”? We also know however
Hello Gordon, Gordon Lennox wrote: that the number of network connected devices is increasing. And that the number of services / apps involved with any particular device is often increasing. And the interactions between different devices/services/apps is increasing. And the number of organisations and individuals “inventing” new stuff is increasing. And of course the number of users is certainly increasing. For me a thing is anything that has an IP address (or should I say a MAC address). IOT has no real importance in this discussion IMHO. It though happens that IOT stimulate the number of attach devices to the Internet and related people (good-user/bad-user). Although the growth is still following more or less Moore's law, so that is nothing different from 30 years ago when I connect my first CLNS/TUBA computer). Or perhaps when IBM predicted: "I think there is a world market for maybe five computers". But then Moore's law was not yet recognised... Moore's law is very helpful as for me it seems to include: manufacturing, devices, people, politics, law, financing, security, privacy, ethics, etc. From technical to societal aspects. They all seem to make sure that on average we don't grow that fast... Anyway I like you evaluation/e-mail. Thanks. All the best, Victor. -- Victor Reijs Network Development Manager and International Relations HEAnet CLG, Ireland’s National Education and Research Network 1st Floor, 5 George’s Dock, IFSC, Dublin D01 X8N7, Ireland +353 (0)1 6609040 victor.reijs@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 (w)
Hi Gordon, just a tip to clarify my thoughts:
But the end-to-end idea seems to take us back to a connection - a circuit? - between two end points. Maybe two end networks makes a little bit more sense? And yet we here know that is not the case.
End-to-end means that any end network should have the possibility to communicate with any other end network that wants to allow that.
The number of networks involved. The number of name servers involved. The number of content servers involved.
This is allowed, but not *imposed* by end-to-end. It's end to end that allows to build such complex services... but also to create simple ones.
So a “thing” on a network may be having quite a rich conversation with very many servers out there. It is not simple end-to-end, device to server.
It's end-to-end IP communication and internetworking, on the top of which the ecosystem built services, on levels higher than L3. If this was not the case the DNS would have been a network function and you couldn't have you DNS server at home or in your plant or in a cloud-only provider. The end-to-end communication principle allowed services to evolve, to have the services and protocols we today have. It allows you to conceive and build new services. And two nodes can choose to communicate between them without all the clutter of "many servers out there".
And then your access provider - many provide services only some provide access! — may not be as obvious as you think. You will have more than one. I am not sure how many. Correct, but when it comes to market it has to be stated very clear if one company is selling "access" or "services" or... "fenced access 'service'".
Thanks for your thoughts. -- Giuliano Peritore - g.peritore@panservice.it Direzione Generale - Panservice Servizi professionali per Internet ed il Networking Telefono: +39 0773 410020 - Fax +39 0773 470219 Numero verde: 800 901492 - http://www.panservice.it
I don’t think we seriously disagree. :-) But I see two sides this discussion : what people/companies/organisations of the sort kind of represented here think and can maybe do and what others, particularly policy makers and legislators, might do and what we might like them to do / not do. So if we argue a naive end-to-end - circuits? - then we leave them with the impression that they can selectively allow/prioritise/block. Basically the little paper that Patrik and I put together says that even one terminal going to one web-site involves a lot more than one “connection”. And we know that blocking some random “connection“ can result in a lot of unforeseen and unintended collateral damage. Basically I would rather use engineering terminology than marketing terminology. Gordon
On 12 Apr 2017, at 10:08, Giuliano Peritore <g.peritore@panservice.it> wrote:
Hi Gordon,
just a tip to clarify my thoughts:
But the end-to-end idea seems to take us back to a connection - a circuit? - between two end points. Maybe two end networks makes a little bit more sense? And yet we here know that is not the case.
End-to-end means that any end network should have the possibility to communicate with any other end network that wants to allow that.
The number of networks involved. The number of name servers involved. The number of content servers involved.
This is allowed, but not *imposed* by end-to-end. It's end to end that allows to build such complex services... but also to create simple ones.
So a “thing” on a network may be having quite a rich conversation with very many servers out there. It is not simple end-to-end, device to server.
It's end-to-end IP communication and internetworking, on the top of which the ecosystem built services, on levels higher than L3. If this was not the case the DNS would have been a network function and you couldn't have you DNS server at home or in your plant or in a cloud-only provider. The end-to-end communication principle allowed services to evolve, to have the services and protocols we today have. It allows you to conceive and build new services. And two nodes can choose to communicate between them without all the clutter of "many servers out there".
And then your access provider - many provide services only some provide access! — may not be as obvious as you think. You will have more than one. I am not sure how many. Correct, but when it comes to market it has to be stated very clear if one company is selling "access" or "services" or... "fenced access 'service'".
Thanks for your thoughts.
-- Giuliano Peritore - g.peritore@panservice.it Direzione Generale - Panservice Servizi professionali per Internet ed il Networking Telefono: +39 0773 410020 - Fax +39 0773 470219 Numero verde: 800 901492 - http://www.panservice.it
On 12 Apr 2017, at 19:51, Gordon Lennox wrote:
Basically I would rather use engineering terminology than marketing terminology.
Oh yes! And specifically terminology tagged to how the Internet Works. I know, might sound weird sometimes. ;-) Patrik
Hello Gordon, Gordon Lennox wrote:
I don’t think we seriously disagree. :-)
But I see two sides this discussion : what people/companies/organisations of the sort kind of represented here think and can maybe do and what others, particularly policy makers and legislators, might do and what we might like them to do / not do.
Good to collect the viewpoints. All need ot be tackled in some way. So have a good overview of them is essential to get at the end a working/accepted (technically and societal) solution. I gave a few in my former e-mail, but I am sure there are many viewpoints to gather in this IOT environment.But again I hope we can limited/aggregated/etc. them. All the best, Victor
So if we argue a naive end-to-end - circuits? - then we leave them with the impression that they can selectively allow/prioritise/block. Basically the little paper that Patrik and I put together says that even one terminal going to one web-site involves a lot more than one “connection”. And we know that blocking some random “connection“ can result in a lot of unforeseen and unintended collateral damage.
Basically I would rather use engineering terminology than marketing terminology.
Gordon
On 12 Apr 2017, at 10:08, Giuliano Peritore <g.peritore@panservice.it> wrote:
Hi Gordon,
just a tip to clarify my thoughts:
But the end-to-end idea seems to take us back to a connection - a circuit? - between two end points. Maybe two end networks makes a little bit more sense? And yet we here know that is not the case.
End-to-end means that any end network should have the possibility to communicate with any other end network that wants to allow that.
The number of networks involved. The number of name servers involved. The number of content servers involved.
This is allowed, but not *imposed* by end-to-end. It's end to end that allows to build such complex services... but also to create simple ones.
So a “thing” on a network may be having quite a rich conversation with very many servers out there. It is not simple end-to-end, device to server.
It's end-to-end IP communication and internetworking, on the top of which the ecosystem built services, on levels higher than L3. If this was not the case the DNS would have been a network function and you couldn't have you DNS server at home or in your plant or in a cloud-only provider. The end-to-end communication principle allowed services to evolve, to have the services and protocols we today have. It allows you to conceive and build new services. And two nodes can choose to communicate between them without all the clutter of "many servers out there".
And then your access provider - many provide services only some provide access! — may not be as obvious as you think. You will have more than one. I am not sure how many. Correct, but when it comes to market it has to be stated very clear if one company is selling "access" or "services" or... "fenced access 'service'".
Thanks for your thoughts.
-- Giuliano Peritore - g.peritore@panservice.it Direzione Generale - Panservice Servizi professionali per Internet ed il Networking Telefono: +39 0773 410020 - Fax +39 0773 470219 Numero verde: 800 901492 - http://www.panservice.it
_______________________________________________ iot-discussion mailing list iot-discussion@ripe.net https://lists.ripe.net/mailman/listinfo/iot-discussion
-- Victor Reijs Network Development Manager and International Relations HEAnet CLG, Ireland’s National Education and Research Network 1st Floor, 5 George’s Dock, IFSC, Dublin D01 X8N7, Ireland +353 (0)1 6609040 victor.reijs@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 (w)
Welcome to the "assisted" Internet experience!
So, could be a bit more critical about the quality and quantity of "insecure devices"? It isn't that large populations of not-so-well reputed OSes being abused for "something" were a new phenomenon. Admitted, numbers were smaller those days, but so was the infrastructure. Not neglecting the issue, but sceptical of knee-jerk policy making and too loud calls for regulations that remind me of the constrained (from the customers perspective) telco networks of 30+ years ago. Late victories ...
The point I was heading to is that there probably is a correlation between the number of firewalls and network wide access lists dropping port 137-139 and the reputation of those OSes :) Many did take the approach of “soft guidance” into safety. And more recently in discussions surrounding IPv6 CPE, I also observe many operators going for the “safe” option and default to dropping inbound connections, despite restoring end-to-end being potentially the key feature of IPv6. Afraid we might have accidentally rewritten the law, probably already a few years ago and most of today’s internet operates under: "Be liberal in what you do, be conservative in what you accept from others”. Marco
participants (12)
-
Eliot Lear -
Eliot Lear -
Eliot Lear -
Giuliano Peritore -
Gordon Lennox -
Jim Reid -
Johan Helsingius -
Marco Hogewoning -
Patrik Fältström -
Peter Koch -
Taras Heychenko -
Victor Reijs