This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/iot-wg@ripe.net/
[iot-wg] "The Internet of Threats: Fighting FUD with MUD"
- Previous message (by thread): [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
- Next message (by thread): [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michael Richardson
mcr at sandelman.ca
Mon Oct 22 23:49:44 CEST 2018
Peter Steinhäuser <ps at embedd.com> wrote: > nevertheless a MUD file could be used to describe service classes of a > TV, like „TV Streaming“, „Social Media“ etc. to give the end user > simple choices and at least some control about what the device should > be allowed to do. Such a multi-functional device (in particular, any game console), might need to take on a multitude of identities for it's different personalities, with appropriate MUD files for each personality. (And possibly, parental MUD file overrides, including number of packets/bytes allowed to be transmitted per day, and even perhaps elapsed duration between first transmitted packet, and last one, to enforce "screen-time" limits) We currently implement filtering by L2 address (MAC). That's works for most Things, and it also lets us cleanly implement the quarantee function in a way that isn't *trivially* side stepped by changing L3 address. To meaningfully prevent changing L2 address, a group of students at Algonquin College, in collaboration of Telus have been working on making sure that there is a unique WPA key per mac address, and that it's easy to setup. That means that changing your mac address would mean losing access to the (wireless) network. How this will work with mac address randomization remains to be seen: my understanding is that after pure randomization, Apple realized that they should use the same mac address with the same AP in order to not annoy mac-address based controls. So the multi-functional device should adopt a policy of pick a unique, persistent mac address for each sub-function or "game". My observation of how our family Wii(U) works is that all the networking boots up each time for each game, and so this probably would be easy to do. Mind, I also use a wired USB cable on GbE to keep the video streaming away from the fragile WiFi, so there is no WiFi key to help me keep an p0woned WiiU From going bonkers by changing MAC address all the time. This brings up the default policy for new devices: it needs to be restrict. But this is gonna be a pain in quite a number of situations, so it needs a really intuitive user interface. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 487 bytes Desc: not available URL: </ripe/mail/archives/iot-wg/attachments/20181022/51b84644/attachment.sig>
- Previous message (by thread): [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
- Next message (by thread): [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ iot-wg Archives ]