Death of the Internet, Film at 11
cb.list6 at gmail.com
Mon Oct 24 14:03:14 UTC 2016
On Mon, Oct 24, 2016 at 6:22 AM, Eliot Lear <lear at cisco.com> wrote:
> On 10/24/16 3:06 PM, Ca By wrote:
> > Assuming MUD is successful in the ietf, the cpe lifecycle is 10 years
> > before the needle moves. At which point the target will have morphed
> > to something else. Also, nobody is going to pay for that feature. Just
> > like the early days of ipv6, the economics were misaligned.
> We know of those who are planning to build, so maybe not so much. The
> function doesn't NEED to be in CPE, but it helps. And again, the CPE
> market is changing right now, so be careful about your assumptions.
Please elaborate on concrete evidence to support your claim the CPE market
> > in 10 years, the CPE will also be running PCP, where the bot tells the
> > CPE to ignore all of MUD and open any arbitrary port it wants.
> One of the hidden villains in these attacks, by the way, is uPnP. The
> point is not for the device to self-assert, but for the manufacturer to
> assert. Apart from that PCP actually solves a slightly different
> problem. MUD can tackle interior connectivity, which PCP doesn't really
> address. And really that's what we need to address reflection attacks.
More information about the NANOG