From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from bosmailout04.eigbox.net (bosmailout04.eigbox.net [66.96.187.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 45BC13B29E for ; Fri, 14 Mar 2025 17:20:11 -0400 (EDT) Received: from bosmailscan04.eigbox.net ([10.20.15.4]) by bosmailout04.eigbox.net with esmtp (Exim) id 1ttCRu-0008O7-Qb for nnagain@lists.bufferbloat.net; Fri, 14 Mar 2025 17:20:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=alum.mit.edu; s=dkim; h=Sender:Content-Transfer-Encoding:Content-Type: MIME-Version:Message-ID:Date:Subject:In-Reply-To:References:Cc:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=KvRn2cNKvOFdMyydy2HRbHT11WFOCNKEeoOlwOYs9l4=; b=t26BXHWS0sb29H9njOt4uJMaUh UzLbk8ZkVAY4gD75TnQrKYjXEYokUt8+MxNcBL92HLguETleeQrx160p8aNMM5Z/K+EYLfbeFnDk7 BwLRG0Ix8EWX0gskIfh0EpKIRkUhpc76QuajajUClyu+vAXfvY0OmZ8wNIIUKfpQbA7WvIejqJ9PF lBBa9Nq9h2AEaxJfVk68/73uNrS26lmQOBwffEa7o43K0RpZAFHYyONZzhsE/HNQTwvHrwpNl88sq sW9PUUifMmFjfhKdw+dg7OUzin02yDxiHsagxiKRiblKvvCFbnt8T2nogs2+7a4VfFd04v9rSP9CM pUqaSpPQ==; Received: from [10.115.3.32] (helo=bosimpout12) by bosmailscan04.eigbox.net with esmtp (Exim) id 1ttCRu-0005gd-II for nnagain@lists.bufferbloat.net; Fri, 14 Mar 2025 17:20:10 -0400 Received: from bosauthsmtp05.yourhostingaccount.com ([10.20.18.5]) by bosimpout12 with id QlL72E00206Zqne01lLAMq; Fri, 14 Mar 2025 17:20:10 -0400 X-Authority-Analysis: v=2.3 cv=VuO4/9+n c=1 sm=1 tr=0 a=eBvjjtMVdWwtQGedh7GyLg==:117 a=EBoc4erDVukp9BzbNehZGA==:17 a=IkcTkHD0fZMA:10 a=Vs1iUdzkB0EA:10 a=kurRqvosAAAA:8 a=usUTcz4nAAAA:8 a=WPJZmJ6YAAAA:8 a=c3DgJ5ptSgRfuNrXKt8A:9 a=QEXdDO2ut3YA:10 a=5HBsWHxjxr8A:10 a=7r8Qh1EebJcA:10 a=kbxRQ_lfPIoQnHsAj2-A:22 a=MqnEBYhnR1GEXjMu-uAJ:22 a=ILuzMlY9hfqDUMj11rVl:22 Received: from c-98-47-110-22.hsd1.ca.comcast.net ([98.47.110.22]:64478 helo=SRA7) by bosauthsmtp05.eigbox.net with esmtpa (Exim) id 1ttCRq-0005JR-OY; Fri, 14 Mar 2025 17:20:06 -0400 Reply-To: From: "Dick Roy" To: "'David Lang'" , "'Richard Roy via Nnagain'" References: <55d2836a4fe4c6cf9e2b4d953b62f6c62f0e73c3.camel@tara.sh> In-Reply-To: Date: Fri, 14 Mar 2025 14:20:00 -0700 Message-ID: <05c501db9526$db40bb30$91c23190$@alum.mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQH1yD5lJIiUepZEdoKM6qvHGykRkwEJ2RlKAVQbyb0BbXdbhQHkqhP5AhkMGywCjhwKIgJD4C5LAO9s6QgCCMKgCQLGn+qmAsz6PfaylYWmwA== Content-Language: en-us X-EN-UserInfo: f809475445fb8041985048e338e1a001:931c98230c6409dcc37fa7e93b490c27 X-EN-AuthUser: dickroy@intellicommunications.com Sender: "Dick Roy" X-EN-OrigIP: 98.47.110.22 X-EN-OrigHost: c-98-47-110-22.hsd1.ca.comcast.net Subject: Re: [NNagain] FCC - delete, delete, delete X-BeenThere: nnagain@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: =?utf-8?q?Network_Neutrality_is_back!_Let=C2=B4s_make_the_technical_aspects_heard_this_time!?= List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Mar 2025 21:20:11 -0000 Yup ... and the must be SECURE updates by the way! Security is required = throughout the supply chain! RR -----Original Message----- From: David Lang =20 Sent: Friday, March 14, 2025 2:09 PM To: Richard Roy via Nnagain Cc: Tara Stella ; Richard Roy Subject: Re: [NNagain] FCC - delete, delete, delete it's also impossible to fix bugs when you prevent updates. show me any product deployed at large scale that has not had bugs. David Lang On Fri, 14 Mar 2025, Richard Roy via Nnagain wrote: > Date: Fri, 14 Mar 2025 19:05:18 +0000 > From: Richard Roy via Nnagain > To: Network Neutrality is back! Let=C2=B4s make the technical aspects = heard this > time! , Tara Stella > Cc: Richard Roy > Subject: Re: [NNagain] FCC - delete, delete, delete >=20 > Bob, > > > > You are certainly correct. Complexity of implementation always leads = to the potential for more attack surfaces. As importantly, security as = an add-on is really no security at all. If security is not designed in = at the outset, optimal security can rarely if ever be achieved. First = and foremost at the core of security is "credential material" that MUST = be protected IN TAMPER-PROOF/EVIDENT HARDWARE (e.g. FIPS 140-x). It is = nearly impossible to secure a system without this capability, and not = all of the systems out there today are so "equipped" making system-wide = trust nearly impossible. =E2=98=B9=E2=98=B9=E2=98=B9 > > > > Cheers, > > RR > > > > -----Original Message----- > From: Nnagain On Behalf Of = Robert McMahon via Nnagain > Sent: Friday, March 14, 2025 11:53 AM > To: Tara Stella > Cc: Robert McMahon ; Network Neutrality is = back! Let=C2=B4s make the technical aspects heard this time! = > Subject: Re: [NNagain] FCC - delete, delete, delete > > > >> I'm not an expert, but I wonder if the complexity has increased the = potential attacking surface. > > > > I'm not an expert here either - but I do think complexity does = increase the attack service. Breaking up the control and data planes = seems like a good idea to me. > > > > Also, devices like CPUs that run programmable logic are a target = because their logic flows can be hijacked. Hardware solutions for simple = functions like forwarding packets cannot be reprogrammed at the data = plane level, minimizing their attack service. > > > > Moving the control plane(s) into a management domain where security = experts do their work everyday seems a must to me. Pushing this into = consumer premises and adding more and more seems like a disaster in the = making. > > > > = https://www.splunk.com/en_us/blog/learn/control-plane-vs-data-plane.html > > > > Bob > > > > On Fri, Mar 14, 2025 at 1:16=E2=80=AFAM Tara Stella = > wrote: > >> > >> On Thu, 2025-03-13 at 22:24 -0400, David Bray, PhD via Nnagain wrote: > >> > >> Indeed. Yet here on ground SS7 remains vulnerable and exploitable = too? > >> > >> > >> I'm working for a big telco in Europe, and I'm just marginally = involved in the telco network. > >> AFAIK, in our infrastructure, SS7 is a niche in some very old = equipment sitting somewhere. > >> On fixed broadband, we migrated everything over IP, voice is SIP, = including VAS services, that are somehow fading away as well (IMS still = in place for voicemail). > >> On 5G Standalone, everything is HTTP on the control plane and GTP = encapsulation on the user plane. > >> > >> I'm not an expert, but I wonder if the complexity has increased the = potential attacking surface. > >> Cheers, > >> Tara > >> > > _______________________________________________ > > Nnagain mailing list > > Nnagain@lists.bufferbloat.net > > https://lists.bufferbloat.net/listinfo/nnagain >