[WLANnews] Fwd: [IP] Global Internet Experts Reveal Plan for More Secure, Reliable Wi-Fi Routers - and Internet Letter to FCC Requests Mandates for Securing and Updating Wi-Fi Devices

Do Okt 15 09:52:46 CEST 2015

FYI

-------- Forwarded Message --------
Subject: [IP] Global Internet Experts Reveal Plan for More Secure,
Reliable Wi-Fi Routers - and Internet Letter to FCC Requests Mandates
for Securing and Updating Wi-Fi Devices
Date: Wed, 14 Oct 2015 08:51:43 -0400

Global Internet Experts Reveal Plan for More Secure, Reliable Wi-Fi
Routers - and Internet
Letter to FCC Requests Mandates for Securing and Updating Wi-Fi Devices

October 14, 2015 06:00 AM Eastern Daylight Time

WASHINGTON--(BUSINESS WIRE)--In a letter submitted to the Federal
Communications Commission (FCC), Dave Täht, co-founder of the
Bufferbloat Project, and Dr. Vinton Cerf, co-inventor of the Internet,
along with more than 260 other global network and cybersecurity experts,
responded to the newly proposed FCC rules laid out in ET Docket No.
15-170 for RF Devices such as Wi-Fi routers by unveiling a new approach
to improve the security of these devices and ensure a faster, better,
and more secure Internet.

“The recommendations in this document would go a long way toward
ensuring the existence of a highly performant, secure, and
regulation-compliant Internet far into the future”

The letter was filed during the agency’s public comment period on this
issue.

Dave Farber, former Chief Technologist of the FCC, supports the new
approach, stating, “Today there are hundreds of millions of Wi-Fi
routers in homes and offices around the globe with severe software flaws
that can be easily exploited by criminals. While we agree with the FCC
that the rules governing these devices must be updated, we believe the
proposed rules laid out by the agency lack critical accountability for
the device manufacturers.”

“We can't afford to let any part of the Internet's infrastructure rot in
place. We made this proposal because the wireless spectrum must not only
be allocated responsibly, but also used responsibly. By requiring a bare
minimum of openness in the technology at the edge of the Internet, we'll
ensure that any mistakes or cheating are caught early and fixed fast,”
said Dr. Vint Cerf, a co-inventor of the Internet and also Senior Vice
President and Chief Internet Evangelist at Google.

To improve accountability significantly while keeping the original
intent of the regulation, the signatories, who also included Dr. Paul
Vixie, Dr. Sascha Meinrath, Dr. Nick Feamster, Jim Gettys, Dr. David P.
Reed, Dr. Andreas Petlund, Jeff Osborn, and other well-known industry
experts, recommend the FCC mandate the following actions:

1. Any vendor of software-defined radio (SDR), wireless, or Wi-Fi radio
must make public the full and maintained source code for the device
driver and radio firmware in order to maintain FCC compliance. The
source code should be in a buildable, change-controlled source code
repository on the Internet, available for review and improvement by all.

2. The vendor must assure that secure update of firmware be working at
time of shipment, and that update streams be under ultimate control of
the owner of the equipment. Problems with compliance can then be fixed
going forward by the person legally responsible for the router being in
compliance.

3. The vendor must supply a continuous stream of source and binary
updates that must respond to regulatory transgressions and Common
Vulnerability and Exposure reports (CVEs) within 45 days of disclosure,
for the warranted lifetime of the product, or until five years after the
last customer shipment, whichever is longer.

4. Failure to comply with these regulations should result in FCC
decertification of the existing product and, in severe cases, bar new
products from that vendor from being considered for certification.

5. Additionally, we ask the FCC to review and rescind any rules for
anything that conflicts with open source best practices, produce
unmaintainable hardware, or cause vendors to believe they must only ship
undocumented “binary blobs” of compiled code or use lockdown mechanisms
that forbid user patching. This is an ongoing problem for the Internet
community committed to best practice change control and error correction
on safety-critical systems.

“Our fight for a free and open Internet began long before the invention
and wide use of Wi-Fi home routers, whose manufacturers chose to base on
open software. We are at an important inflection point in the history of
the Internet. The FCC has an opportunity to take positive action that
will increase the security and performance not only of these devices,
but also influence how manufacturers develop secure Internet of Things
while preserving an open Internet,” said Jim Gettys, Chairman,
Bufferbloat Project.

“Networking research and innovation fundamentally depend on the ability
to modify firmware on CPE and deploy it in real-world settings in home
networks,” said Dr. Nick Feamster, Acting Director of Center for
Information Technology Policy at Princeton University.

"The Internet is now effectively a battleground with end-users, our
employers, our schools and our vendors on one side, and organized crime
and nation-states on the other side. Our home gateways are often
repurposed by our adversaries into weapons against us because these
small, cheap plastic boxes are unpatchable, abandoned by their makers,
and completely opaque. These devices are currently the Internet's public
enemy #1. The plan proposed would significantly decontaminate our
technology supply chain,” said Dr. Paul Vixie, CEO of Farsight Security,
Inc.

“The recommendations in this document would go a long way toward
ensuring the existence of a highly performant, secure, and
regulation-compliant Internet far into the future,” said Jonathan
Corbet, Executive Editor, LWN.net.

“As the recent revelations about the ‘Moon Worm,’ ‘DNSchanger,’ and
‘Misfortune Cookie’ and now the Volkswagen scandal illustrate, secret,
locked-down firmware represents a clear and present danger to the
security of the Internet,” said Ted Lemon, recent Area Director at the IETF.

“If we raise the bar for firmware code quality, maintenance, and
upgrades, we can finish beating bufferbloat, especially on Wi-Fi, deploy
IPv6 faster, improve security, and build a vastly better Internet, for
everybody,” said Dave Täht, Architect, CeroWrt, co-founder, Bufferbloat
Project.

If you care about this important issue and agree with our approach,
please contact your local Congressional representative and share our
letter with them. For media interview requests or other inquiries,
please contact media at bufferbloat.net.

About the Bufferbloat Project

The Bufferbloat Project is an international coalition of individuals,
many who were instrumental in the development of the Internet, and
several with Wi-Fi, deeply concerned about the future health, speed, and
safety of the edge of the Internet. In operation for 5 years, and
working primarily on third-party firmware, it has pioneered new
algorithms, boosted safety and security, helped develop new standards,
and worked to make as much of this new theory and code available as
possible for all to use. For more information, please visit
http://www.bufferbloat.net.

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/1046269-40d7dcf7
Modify Your Subscription:
https://www.listbox.com/member/?member_id=1046269&id_secret=1046269-fa3d6698
Unsubscribe Now:
https://www.listbox.com/unsubscribe/?member_id=1046269&id_secret=1046269-81d3a774&post_id=20151014085158:556E0782-7272-11E5-B00D-B10D5BA8988E
Powered by Listbox: http://www.listbox.com

-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <http://lists.freifunk.net/pipermail/wlannews-freifunk.net/attachments/20151015/ad5b27b6/attachment.html>