On Mon, Oct 24, 2016 at 6:22 AM, Eliot Lear <l...@cisco.com> wrote: > Hi, > > > On 10/24/16 3:06 PM, Ca By wrote: > > > > Assuming MUD is successful in the ietf, the cpe lifecycle is 10 years > > before the needle moves. At which point the target will have morphed > > to something else. Also, nobody is going to pay for that feature. Just > > like the early days of ipv6, the economics were misaligned. > > We know of those who are planning to build, so maybe not so much. The > function doesn't NEED to be in CPE, but it helps. And again, the CPE > market is changing right now, so be careful about your assumptions. > > Please elaborate on concrete evidence to support your claim the CPE market is changing.
> > > > in 10 years, the CPE will also be running PCP, where the bot tells the > > CPE to ignore all of MUD and open any arbitrary port it wants. > > One of the hidden villains in these attacks, by the way, is uPnP. The > point is not for the device to self-assert, but for the manufacturer to > assert. Apart from that PCP actually solves a slightly different > problem. MUD can tackle interior connectivity, which PCP doesn't really > address. And really that's what we need to address reflection attacks. > > Eliot > >
