[Wien] Fwd: [IP] Global Internet Experts Reveal Plan for More Secure, Reliable Wi-Fi Routers - and Internet Letter to FCC Requests Mandates for Securing and Updating Wi-Fi Devices

[L. Aaron Kaplan]

FYI


> -------- Forwarded Message --------
> Subject: [IP] Global Internet Experts Reveal Plan for More Secure,
> Reliable Wi-Fi Routers - and Internet Letter to FCC Requests Mandates
> for Securing and Updating Wi-Fi Devices
> Date: Wed, 14 Oct 2015 08:51:43 -0400
> 
> 
> Global Internet Experts Reveal Plan for More Secure, Reliable Wi-Fi
> Routers - and Internet
> Letter to FCC Requests Mandates for Securing and Updating Wi-Fi Devices
> 
> October 14, 2015 06:00 AM Eastern Daylight Time
> 
> WASHINGTON--(BUSINESS WIRE)--In a letter submitted to the Federal
> Communications Commission (FCC), Dave Täht, co-founder of the
> Bufferbloat Project, and Dr. Vinton Cerf, co-inventor of the Internet,
> along with more than 260 other global network and cybersecurity experts,
> responded to the newly proposed FCC rules laid out in ET Docket No.
> 15-170 for RF Devices such as Wi-Fi routers by unveiling a new approach
> to improve the security of these devices and ensure a faster, better,
> and more secure Internet.
> 
> “The recommendations in this document would go a long way toward
> ensuring the existence of a highly performant, secure, and
> regulation-compliant Internet far into the future”
> 
> The letter was filed during the agency’s public comment period on this
> issue.
> 
> Dave Farber, former Chief Technologist of the FCC, supports the new
> approach, stating, “Today there are hundreds of millions of Wi-Fi
> routers in homes and offices around the globe with severe software flaws
> that can be easily exploited by criminals. While we agree with the FCC
> that the rules governing these devices must be updated, we believe the
> proposed rules laid out by the agency lack critical accountability for
> the device manufacturers.”
> 
> “We can't afford to let any part of the Internet's infrastructure rot in
> place. We made this proposal because the wireless spectrum must not only
> be allocated responsibly, but also used responsibly. By requiring a bare
> minimum of openness in the technology at the edge of the Internet, we'll
> ensure that any mistakes or cheating are caught early and fixed fast,”
> said Dr. Vint Cerf, a co-inventor of the Internet and also Senior Vice
> President and Chief Internet Evangelist at Google.
> 
> To improve accountability significantly while keeping the original
> intent of the regulation, the signatories, who also included Dr. Paul
> Vixie, Dr. Sascha Meinrath, Dr. Nick Feamster, Jim Gettys, Dr. David P.
> Reed, Dr. Andreas Petlund, Jeff Osborn, and other well-known industry
> experts, recommend the FCC mandate the following actions:
> 
> 1. Any vendor of software-defined radio (SDR), wireless, or Wi-Fi radio
> must make public the full and maintained source code for the device
> driver and radio firmware in order to maintain FCC compliance. The
> source code should be in a buildable, change-controlled source code
> repository on the Internet, available for review and improvement by all.
> 
> 2. The vendor must assure that secure update of firmware be working at
> time of shipment, and that update streams be under ultimate control of
> the owner of the equipment. Problems with compliance can then be fixed
> going forward by the person legally responsible for the router being in
> compliance.
> 
> 3. The vendor must supply a continuous stream of source and binary
> updates that must respond to regulatory transgressions and Common
> Vulnerability and Exposure reports (CVEs) within 45 days of disclosure,
> for the warranted lifetime of the product, or until five years after the
> last customer shipment, whichever is longer.
> 
> 4. Failure to comply with these regulations should result in FCC
> decertification of the existing product and, in severe cases, bar new
> products from that vendor from being considered for certification.
> 
> 5. Additionally, we ask the FCC to review and rescind any rules for
> anything that conflicts with open source best practices, produce
> unmaintainable hardware, or cause vendors to believe they must only ship
> undocumented “binary blobs” of compiled code or use lockdown mechanisms
> that forbid user patching. This is an ongoing problem for the Internet
> community committed to best practice change control and error correction
> on safety-critical systems.
> 
> 
> “Our fight for a free and open Internet began long before the invention
> and wide use of Wi-Fi home routers, whose manufacturers chose to base on
> open software. We are at an important inflection point in the history of
> the Internet. The FCC has an opportunity to take positive action that
> will increase the security and performance not only of these devices,
> but also influence how manufacturers develop secure Internet of Things
> while preserving an open Internet,” said Jim Gettys, Chairman,
> Bufferbloat Project.
> 
> “Networking research and innovation fundamentally depend on the ability
> to modify firmware on CPE and deploy it in real-world settings in home
> networks,” said Dr. Nick Feamster, Acting Director of Center for
> Information Technology Policy at Princeton University.
> 
> "The Internet is now effectively a battleground with end-users, our
> employers, our schools and our vendors on one side, and organized crime
> and nation-states on the other side. Our home gateways are often
> repurposed by our adversaries into weapons against us because these
> small, cheap plastic boxes are unpatchable, abandoned by their makers,
> and completely opaque. These devices are currently the Internet's public
> enemy #1. The plan proposed would significantly decontaminate our
> technology supply chain,” said Dr. Paul Vixie, CEO of Farsight Security,
> Inc.
> 
> “The recommendations in this document would go a long way toward
> ensuring the existence of a highly performant, secure, and
> regulation-compliant Internet far into the future,” said Jonathan
> Corbet, Executive Editor, LWN.net <http://lwn.net/>.
> 
> “As the recent revelations about the ‘Moon Worm,’ ‘DNSchanger,’ and
> ‘Misfortune Cookie’ and now the Volkswagen scandal illustrate, secret,
> locked-down firmware represents a clear and present danger to the
> security of the Internet,” said Ted Lemon, recent Area Director at the IETF.
> 
> “If we raise the bar for firmware code quality, maintenance, and
> upgrades, we can finish beating bufferbloat, especially on Wi-Fi, deploy
> IPv6 faster, improve security, and build a vastly better Internet, for
> everybody,” said Dave Täht, Architect, CeroWrt, co-founder, Bufferbloat
> Project.
> 
> If you care about this important issue and agree with our approach,
> please contact your local Congressional representative and share our
> letter with them. For media interview requests or other inquiries,
> please contact (spam-protected)
> 
> About the Bufferbloat Project
> 
> The Bufferbloat Project is an international coalition of individuals,
> many who were instrumental in the development of the Internet, and
> several with Wi-Fi, deeply concerned about the future health, speed, and
> safety of the edge of the Internet. In operation for 5 years, and
> working primarily on third-party firmware, it has pioneered new
> algorithms, boosted safety and security, helped develop new standards,
> and worked to make as much of this new theory and code available as
> possible for all to use. For more information, please visit
> http://www.bufferbloat.net <http://www.bufferbloat.net/>.
> 
> -------------------------------------------
> Archives: https://www.listbox.com/member/archive/247/=now <https://www.listbox.com/member/archive/247/=now>
> RSS Feed: https://www.listbox.com/member/archive/rss/247/1046269-40d7dcf7 <https://www.listbox.com/member/archive/rss/247/1046269-40d7dcf7>
> Modify Your Subscription:
> https://www.listbox.com/member/?member_id=1046269&id_secret=1046269-fa3d6698 <https://www.listbox.com/member/?member_id=1046269&id_secret=1046269-fa3d6698>
> Unsubscribe Now:
> https://www.listbox.com/unsubscribe/?member_id=1046269&id_secret=1046269-81d3a774&post_id=20151014085158:556E0782-7272-11E5-B00D-B10D5BA8988E <https://www.listbox.com/unsubscribe/?member_id=1046269&id_secret=1046269-81d3a774&post_id=20151014085158:556E0782-7272-11E5-B00D-B10D5BA8988E>
> Powered by Listbox: http://www.listbox.com <http://www.listbox.com/>
> 
> 

-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <http://lists.funkfeuer.at/pipermail/wien/attachments/20151015/127c25be/attachment.htm>
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 801 bytes
Beschreibung: Message signed with OpenPGP using GPGMail
URL         : <http://lists.funkfeuer.at/pipermail/wien/attachments/20151015/127c25be/attachment.sig>