From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from omr1.cc.vt.edu (omr1.cc.ipv6.vt.edu [IPv6:2607:b400:92:8300:0:c6:2117:b0e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 21B9D3BA8E for ; Tue, 27 Nov 2018 13:24:00 -0500 (EST) Received: from mr2.cc.vt.edu (mr2.cc.ipv6.vt.edu [IPv6:2607:b400:92:8400:0:90:e077:bf22]) by omr1.cc.vt.edu (8.14.4/8.14.4) with ESMTP id wARINxTY000545 for ; Tue, 27 Nov 2018 13:23:59 -0500 Received: from mail-qt1-f198.google.com (mail-qt1-f198.google.com [209.85.160.198]) by mr2.cc.vt.edu (8.14.7/8.14.7) with ESMTP id wARINsTF031297 for ; Tue, 27 Nov 2018 13:23:59 -0500 Received: by mail-qt1-f198.google.com with SMTP id 42so20702484qtr.7 for ; Tue, 27 Nov 2018 10:23:59 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:in-reply-to:references :mime-version:content-transfer-encoding:date:message-id; bh=I3zIsy/ZySBGC6oEieuqlhIdPvSsimZAZP+gqNHJw7s=; b=CJGAGW6y7fsKnQY3uhkXlBfu2hZAwKOdgVeByPTi86N6FjxJd9cVWggj6Rz1hCRV+n UwDt/w+DaMYvdmhR1/slvpUQw8yVQXm0/fsoP4wNpr6YAdAKaVJn1Y2SbQwHLDdWl7jA CNfv2cEd/ETrd7OTcsd3VYG8EgitkT5eDA2/V0NnbKYZ6O7sS/feyHcS+72xEY3Lero6 p8ujoOAkKcbtl4YrP40rhSTE0QS8/UGW57NHpWzneuoRAVQwfK8bQG/TWxd/lOR7O34M cX/yRRQYWFyHMjJHQ67frAgsKlwdrcVFrcFsklRZUliqprGZmbmG4CvIJ+d/iX4YsfY1 NQPw== X-Gm-Message-State: AA+aEWa2SZo7ijuBHhaDEvriLaudhfPgB03qOZtsXQu6V2FxzGzeUH4b vhc0auW+Gop0tSCCXyBObRWSsqcCq4pxgFtn8iTd0Agpd9n2Tpt4Yk7Me4YRt2erjb+q3GKkLUS xRZJqHIKWYMlSaJnC3SnKOeenshk5flW7rmItV9hj0X6+ X-Received: by 2002:a37:bdc6:: with SMTP id n189mr30492214qkf.330.1543343033771; Tue, 27 Nov 2018 10:23:53 -0800 (PST) X-Google-Smtp-Source: AFSGD/Wj3Y5aXczwEOtNieNCZaLVH4melfUiWcZIXh9UguCIhZPN6gr+oZmLebK+v0IzqjwasQGTZw== X-Received: by 2002:a37:bdc6:: with SMTP id n189mr30492201qkf.330.1543343033464; Tue, 27 Nov 2018 10:23:53 -0800 (PST) Received: from turing-police.cc.vt.edu (turing-police.cc.ipv6.vt.edu. [2001:468:c80:2103:f21f:afff:fe0c:8ada]) by smtp.gmail.com with ESMTPSA id v32sm3548990qta.37.2018.11.27.10.23.51 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 27 Nov 2018 10:23:52 -0800 (PST) Sender: Valdis Kletnieks From: valdis.kletnieks@vt.edu X-Google-Original-From: Valdis.Kletnieks@vt.edu X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7+dev To: Mikael Abrahamsson Cc: Sebastian Moeller , cerowrt-devel In-Reply-To: References: <6F8CDBFF-8B8A-4B6B-BCE9-918A69354626@gmx.de> <05A88D6B-51BC-4CC5-98D9-E85AE11D96AC@gmx.de> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1543343031_2591P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Tue, 27 Nov 2018 13:23:51 -0500 Message-ID: <33485.1543343031@turing-police.cc.vt.edu> Subject: Re: [Cerowrt-devel] security guidelines for home routers X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Nov 2018 18:24:00 -0000 --==_Exmh_1543343031_2591P Content-Type: text/plain; charset=us-ascii On Tue, 27 Nov 2018 12:03:35 +0100, Mikael Abrahamsson said: > I'd really like to see a wider audience weigh in on the pro:s and con:s of > this approach. Do parents really want to come home to their 12 year old > who might have opened up their residential gateway and installed something > the 12 year old downloaded from the Internet? Perhaps yes, perhaps no. That's a parenting problem not easily solved via technology. In particular, there's the issue that often, the 12 year old is more clever than the parent - or the person who designed the parental controls on the device. On Tue, 27 Nov 2018 13:17:57 +0200, Jonathan Morton said: > Currently, the easiest way to build a machine that's *truly* secure is to > take something like a 6502 (which is still being manufactured by WDC) and > associated 74AHC-series logic chips, SRAMs and EEPROMs, a 4-layer PCBs, all of > which are built on crude enough technology to be physically examined for > backdoor devices in an airport-grade X-ray machine if necessary. Then write > the necessary software in assembly, which can be translated to machine code (or > at least verified) by hand if you're truly paranoid, and toggle it in byte by >byte on the front panel. > Good luck getting a web browser running on one of those, though. Couldn't find a browser, but somebody cooked up an ethernet based webserver for a 6502.. https://developers.slashdot.org/story/03/08/16/1226253/a-tcpip-stack-and-web-server-in-basic --==_Exmh_1543343031_2591P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Comment: Exmh version 2.9.0 11/07/2018 iQEVAwUBW/2Lto0DS38y7CIcAQLkfwf9EPhaGlmCivoOjdOv53kI2nkVX55IV9uf jUGDRxKzkr2dSfpV3NhFI+BZXLIPakt08d492/I/xAJCkJBx5akwb5i5ONGCAILV pnVkrNZT63qa6Fk/UfsXO7uA9969s6Oy9Ma9QlQCuTUZGyrFReUhV2iVLprRykR5 XEn/trZT8SruoOyu5+5mMSIMf8ftw7MKRBRHVqARtYZ1oY4J36wZQFG1IOc7Z7EE A6c7s+8oB/uhAdGx68Xp0aggp62tkH0zbzdQhd3CszIhpa/iwf7q0sf/BCPKo1VX 5ywGk4MHURO2dZX4cudn84fCeR8iawubXJ+We+a7tnoN2mgvQXlCLA== =ro9b -----END PGP SIGNATURE----- --==_Exmh_1543343031_2591P--