Death of the Internet, Film at 11

Ca By cb.list6 at gmail.com
Mon Oct 24 14:03:14 UTC 2016


On Mon, Oct 24, 2016 at 6:22 AM, Eliot Lear <lear at cisco.com> wrote:

> Hi,
>
>
> On 10/24/16 3:06 PM, Ca By wrote:
> >
> > Assuming MUD is successful in the ietf, the cpe lifecycle is 10 years
> > before the needle moves. At which point the target will have morphed
> > to something else. Also, nobody is going to pay for that feature. Just
> > like the early days of ipv6, the economics were misaligned.
>
> We know of those who are planning to build, so maybe not so much.  The
> function doesn't NEED to be in CPE, but it helps.  And again, the CPE
> market is changing right now, so be careful about your assumptions.
>
>
Please elaborate on concrete evidence to support your claim the CPE market
is changing.


> >
> > in 10 years, the CPE will also be running PCP, where the bot tells the
> > CPE to ignore all of MUD and open any arbitrary port it wants.
>
> One of the hidden villains in these attacks, by the way, is uPnP.  The
> point is not for the device to self-assert, but for the manufacturer to
> assert.  Apart from that PCP actually solves a slightly different
> problem.  MUD can tackle interior connectivity, which PCP doesn't really
> address.  And really that's what we need to address reflection attacks.
>
> Eliot
>
>


More information about the NANOG mailing list