Are we talking about the one that modelled after the label from CMU (they showed some prototypes, there would be about 10-15 pieces of information on the label followed by a QR code to get the rest), here's a link - and the concerns I have apply to this: https://news.pantheon.cmu.edu/stories/archives/2023/july/cylab-presents-at-white-houses-launch-of-new-iot-cybersecurity-labeling-system https://www.securityindustry.org/2023/09/12/the-fccs-u-s-cyber-trust-mark-proposal-what-it-means-for-the-security-industry/ On Wed, Oct 11, 2023 at 2:06 PM Dave Taht wrote: > I think y'all are conflating two different labels here. The nutrition > label was one effort, now being deploye, the other is cybersecurity, > now being discussed. > > On the nutrition front... > We successfully fought against "packet loss" being included on the > nutrition label, but as ghu is my witness, I have no idea if a formal > method for declaring "typical latency" was ever formally derived. > > > https://www.fcc.gov/document/fcc-requires-broadband-providers-display-labels-help-consumers > > On Wed, Oct 11, 2023 at 10:39 AM David Bray, PhD via Nnagain > wrote: > > > > I was at a closed-door event discussing these labels about two weeks ago > (right before the potential government shutdown/temporarily averted for > now) - and it was non-attribution, so I can only describe my comments: > > > > (1) the labels risk missing the reality that the Internet and > cybersecurity are not steady state, which begs the question how will they > be updated > > (2) the labels say nothing about how - even if the company promises to > keep your data private and secure - how good their security practices are > internal to the company? Or what if the company is bought in 5 years? > > (3) they use QR-codes to provide additional info, yet we know QR-codes > can be sent to bad links so what if someone replaces a label with a bad > link such that the label itself becomes an exploit? > > > > I think the biggest risks is these we be rolled out, some exploit will > occur that the label didn't consider, consumers will be angry they weren't > "protected" and now we are even in worse shape because the public's trust > has gone further down hill, they angry at the government, and the private > sector feels like the time and energy they spent on the labels was for > naught? > > > > There's also the concern about how do startups roll-out such a label for > their tech in the early iteration phase? How do they afford to do the extra > work for the label vs. a big company (does this become a regulatory moat?) > > > > And let's say we have these labels. Will only consumers with the money > to purchase the more expensive equipment that has more privacy and security > features buy that one - leaving those who cannot afford privacy and > security bad alternatives? > > > > On Wed, Oct 11, 2023 at 1:31 PM Jack Haverty via Nnagain < > nnagain@lists.bufferbloat.net> wrote: > >> > >> A few days ago I made some comments about the idea of "educating" the > >> lawyers, politicians, and other smart, but not necessarily technically > >> adept, decision makers. Today I saw a news story about a recent FCC > >> action, to mandate "nutrition labels" on Internet services offered by > ISPs: > >> > >> > https://cordcuttersnews.com/fcc-says-comcast-spectrum-att-must-start-displaying-the-true-cost-and-speed-of-their-internet-service-starting-april-2024/ > >> > >> This struck me as anecdotal, but a good example of the need for > >> education. Although it's tempting and natural to look at existing > >> infrastructures as models for regulating a new one, IMHO the Internet > >> does not work like the Food/Agriculture infrastructure does. > >> > >> For example, the new mandates require ISPs to "label" their products > >> with "nutritional" data including "typical" latency, upload, and > >> download speeds. They have until April 2024 to figure it out. I've > >> never encountered an ISP who could answer such questions - even the ones > >> I was involved in managing. Marketing can of course create an answer, > >> since "typical" is such a vague term. Figuring out how to attach the > >> physical label to their service product may be a problem. > >> > >> Such labels may not be very helpful to the end user struggling to find > >> an ISP that delivers the service needed for some interactive use (audio > >> or video conferencing, gaming, home automation, etc.) > >> > >> Performance on the Internet depends on where the two endpoints are, the > >> physical path to get from one to the other, as well as the hardware, > >> software, current load, and other aspects of each endpoint, all outside > >> the ISPs' control or vision. Since the two endpoints can be on > >> different ISPs, perhaps requiring one or more additional internediate > >> ISPs, specifying a "typical" performance from all Points A to all Points > >> B is even more challenging. > >> > >> Switching to the transportation analogy, one might ask your local bus or > >> rail company what their typical time is to get from one city to > >> another. If the two cities involved happen to be on their rail or bus > >> network, perhaps you can get an answer, but it will still depend on > >> where the two endpoints are. If one or both cities are not on their > >> rail network, the travel time might have to include use of other > >> "networks" - bus, rental car, airplane, ship, etc. How long does it > >> typically take for you to get from any city on the planet to any other > >> city on the planet? > >> > >> IMHO, rules and regulations for the Internet need to reflect how the > >> Internet actually works. That's why I suggested a focus on education > >> for the decision makers. > >> > >> Jack Haverty > >> > >> _______________________________________________ > >> Nnagain mailing list > >> Nnagain@lists.bufferbloat.net > >> https://lists.bufferbloat.net/listinfo/nnagain > > > > _______________________________________________ > > Nnagain mailing list > > Nnagain@lists.bufferbloat.net > > https://lists.bufferbloat.net/listinfo/nnagain > > > > -- > Oct 30: > https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.html > Dave Täht CSO, LibreQos >