From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <chromatix99@gmail.com>
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com
 [IPv6:2a00:1450:4864:20::232])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by lists.bufferbloat.net (Postfix) with ESMTPS id E27663B29E
 for <cerowrt-devel@lists.bufferbloat.net>;
 Tue, 27 Nov 2018 06:18:44 -0500 (EST)
Received: by mail-lj1-x232.google.com with SMTP id x85-v6so19713220ljb.2
 for <cerowrt-devel@lists.bufferbloat.net>;
 Tue, 27 Nov 2018 03:18:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:subject:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to;
 bh=bN3SuZlzeu8A5aTTv9D7kTP6WpOOLo8YaaRLFRNn02s=;
 b=u76NoOpn1lIzJWNZqg8HZnT2eUffl62GOsl9RbWLdE4y2oWvjgjSV5PdPqwAX7BXQ1
 YAnrDDreMSUEmTTbOyXBFM4lEzPyLEPIPZeXmnzT8dlQMkqtR8X6dFQmhEWN75XLO6B1
 7wBKrX2pHb1StQJ1JWQ5R3tK/QHCBn/6Hkj35yqksmMlmpqiTG03WiaAy2m2QEJQsCnh
 6KnrfHCUSIRoNzFhNbt9Nha5XpR4B8YLNCP9n/fmfQisq7FIrzsQQxTDXEBWiWq9eNYo
 QflYyl5hbDVk+MkEDHgPvUMAjN3CoMlhw6ewxvr3BdoXwtObcR329ICQtUPsfua7Gbqs
 WtCg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to;
 bh=bN3SuZlzeu8A5aTTv9D7kTP6WpOOLo8YaaRLFRNn02s=;
 b=fSuOkxLqKf4mXbA+KQpE7X4ImklV8p0a2+AqMzNT2GgJRdxN/tsMLiS6k22xgWT6Tf
 Owb8tvJlFlM8KLEz2GL8k2hGKjqlXusvMxSCE9/hV0DpimzDDbnaWzZg3JC6xQruXxtQ
 OTuJBwfcSNfvD2DfRVb1x0mLHz8paA2LSQWFNSDmVnvxhUnoCRINZ6g3crhHosGIep1R
 L3VWRxVYTDkG/5OJNtlf7VzvHByoEOqK1EAPJ2Lh8hoFWFEU6jctlvH3zqcuwILYkEw7
 myp0T0vLN+LrWcKgUGM88fPTurD3pk5rRF8A6Zj4lJXNoud9i2IO+cu+wKnFPzv74eGZ
 nE9A==
X-Gm-Message-State: AA+aEWb1PK6upTXHYFhh7MTeZlI/BCGCNBd3rSvjS04zZyqpY7VoHdra
 qyY6T8LXeIwdepNnKAcplBs=
X-Google-Smtp-Source: AFSGD/XncUWrNrM+6M02X8Mtufc4M/zRFg45ddvmyLnCewmabSaI7chUWrdmG3mYTGW7Tc+IYPVTGg==
X-Received: by 2002:a2e:80d3:: with SMTP id
 r19-v6mr19490565ljg.151.1543317523654; 
 Tue, 27 Nov 2018 03:18:43 -0800 (PST)
Received: from jonathartonsmbp.lan (83-245-236-220-nat-p.elisa-mobile.fi.
 [83.245.236.220])
 by smtp.gmail.com with ESMTPSA id r10-v6sm508767ljj.71.2018.11.27.03.18.42
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 27 Nov 2018 03:18:42 -0800 (PST)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Jonathan Morton <chromatix99@gmail.com>
In-Reply-To: <alpine.DEB.2.20.1811271204250.7766@uplift.swm.pp.se>
Date: Tue, 27 Nov 2018 13:17:57 +0200
Cc: "David P. Reed" <dpreed@deepplum.com>,
 cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>
Content-Transfer-Encoding: quoted-printable
Message-Id: <50C5F8A3-B052-49AE-886E-65352BF628A2@gmail.com>
References: <CAA93jw54urN1Gh731zg0MGsyCiWPOLNa2p__GXZMJd=ODMWLiw@mail.gmail.com>
 <6F8CDBFF-8B8A-4B6B-BCE9-918A69354626@gmx.de>
 <CAA93jw4La1v=tQOFPZGr6QZ04yfcu2Z+pVQegyLpQwSaFevyEw@mail.gmail.com>
 <13EA268F-994D-45FF-A0B2-1CAF4C530B4F@gmx.de>
 <1543278579.232231705@apps.rackspace.com>
 <alpine.DEB.2.20.1811271204250.7766@uplift.swm.pp.se>
To: Mikael Abrahamsson <swmike@swm.pp.se>
X-Mailer: Apple Mail (2.3445.9.1)
Subject: Re: [Cerowrt-devel] security guidelines for home routers
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
 <cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
 <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
 <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2018 11:18:45 -0000

> On 27 Nov, 2018, at 1:07 pm, Mikael Abrahamsson <swmike@swm.pp.se> =
wrote:
>=20
> So we need to come up with a security regime that makes sense for the =
most amount of people, and then try to still cater to the ones who want =
to do more/less.

For most people, I think the "floppy disk" security model is usually =
appropriate - you can take your data out of your computer and put it in =
your pocket, where nobody can read it without physically stealing it =
from you first.  Unfortunately it's hard to apply using modern =
technology and paradigms, which try to move your data out of your house =
entirely, for "convenience" (and to trawl through it for great =
profitssss).

This is also, for example, why IoT devices and voting machines built =
using modern technology are perpetually insecure and unsecurable.

Currently, the easiest way to build a machine that's *truly* secure is =
to take something like a 6502 (which is still being manufactured by WDC) =
and associated 74AHC-series logic chips, SRAMs and EEPROMs, a 4-layer =
PCBs, all of which are built on crude enough technology to be physically =
examined for backdoor devices in an airport-grade X-ray machine if =
necessary.  Then write the necessary software in assembly, which can be =
translated to machine code (or at least verified) by hand if you're =
truly paranoid, and toggle it in byte by byte on the front panel.

Good luck getting a web browser running on one of those, though.

 - Jonathan Morton