This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/iot-wg@ripe.net/
[iot-wg] "The Internet of Threats: Fighting FUD with MUD"
- Previous message (by thread): [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
- Next message (by thread): [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Peter Steinhäuser
ps at embedd.com
Tue Oct 23 09:25:28 CEST 2018
> Am 22.10.2018 um 23:49 schrieb Michael Richardson <mcr at sandelman.ca>: > >> nevertheless a MUD file could be used to describe service classes of a >> TV, like „TV Streaming“, „Social Media“ etc. to give the end user >> simple choices and at least some control about what the device should >> be allowed to do. > > Such a multi-functional device (in particular, any game console), might need > to take on a multitude of identities for it's different personalities, > with appropriate MUD files for each personality. > (And possibly, parental MUD file overrides, including number of packets/bytes > allowed to be transmitted per day, and even perhaps elapsed duration between > first transmitted packet, and last one, to enforce "screen-time" limits) I see the point, that would get pretty complex... > We currently implement filtering by L2 address (MAC). That's works for most > Things, and it also lets us cleanly implement the quarantee function in a > way that isn't *trivially* side stepped by changing L3 address. > To meaningfully prevent changing L2 address, a group of students at Algonquin > College, in collaboration of Telus have been working on making sure that > there is a unique WPA key per mac address, and that it's easy to setup. > That means that changing your mac address would mean losing access to the > (wireless) network. I think current MAC whitelisting would be sufficient (?) Assigning individual WPA keys for each IoT device sounds impractical to me. > This brings up the default policy for new devices: it needs to be restrict. > But this is gonna be a pain in quite a number of situations, so it needs > a really intuitive user interface. Absolutely! -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/iot-wg/attachments/20181023/d43cd1d3/attachment.html>
- Previous message (by thread): [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
- Next message (by thread): [iot-wg] "The Internet of Threats: Fighting FUD with MUD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ iot-wg Archives ]