> For the last 10 to 15 years the ISP-provided home router has come to > dominate the market, with the belief by the ISPs that this is a MUST that they > control the device. Many (but not all) at the IETF do not share this view, > but > most non-technical users see the ISP provided router is simply saving the trip > to > BestBuy, rather than an abdication of control over their home. If this > trend continues, then I believe that ISPs (residential IAPs) will come to want > to control all IoT devices in the home -- because security -- telling > residential > customers what they can and not connect.
Just to be clear, the main reasons most ISPs require use of the ISP CE router at the edge of mass market customer networks is because: 1. Providing instructions for installation and setup becomes easier, as well as ensuring the installation process is as trouble-free and easy as possible. 2. Improved but simplified security between the CE router and the access network 3. Cost of help desk support is greatly reduced because help desk personnel only have to know how to guide customers through one GUI, and the help desk can get permission from the customer (when on a call with the customer) to directly manage the router if the customer prefers that approach. The cost of supporting a customer under a bring-your-own-random-CE-router model is considerably higher than the cost of supporting a customer in an ISP-managed/specified/provided-CE-router model. None of which prevents anyone from putting their own router between the ISP CE router and their home network. That's what I do. The ISP doesn't control my home network and there's no requirement from the ISP that they control my home network. I have not abdicated control of my home network to my ISP. Home automation services may be offered by an ISP, but I'm not aware of any case in the US (or Europe) where someone who wants home automation / security is required to get it from their ISP or where the ISP has to give permission for someone else (or for the homeowner) to operate such a service. I don't know the rest of the world. Can we please avoid making these rather insulting and inflammatory claims without evidence? If there's evidence, please provide it. If the evidence indicates the practice is localized (to a single ISP, country, or geography), please note that when providing evidence. Broad claims that an entire IETF-stakeholder group is evil and trying to control everything are not nice. > I believe that this direction will result in ISPs being 100% liable for > attacks on > critical infrastructure; I don't think that this is a place that ISPs want to > be, but > I'm not sure that they have understood this yet. I don't know about other ISPs, but I do know my employer takes network security very seriously. And access network security (including preventing theft of a customer's access service) is one of the reasons I mentioned for providing customers with an ISP-provided CE router. > It's clearly not in > Amazon/Google/Facebook/Intel/Samsung/insert-another-IoT- > conglomerate's > interest to be told by ISPs what their products may or may not do. > This is an ongoing tussle that that relates in some ways (but not all) to the > net > neutrality debate and the desire my ISPs for a cut of the over-top-pie. > My answer is that the consumer should be in control, and that ISPs need to > get out of the home router business entirely. Home router vendors (or the > service companies they create) should provide first-level support for issues, > and actual real connectivity issues should be submitted electronically. Not > so > different in the way that my furnace maintenance is not provided by my gas > supplier, but my gas supplier gets to inspect the hookup. No ISP in the US is in a position to tell these companies what they can or can't do in a device connected to a customer's network. I can't speak for other regions. There is no evidence that all ISP routers provided by all ISPs in every corner of the world prevent all of their customers from being in complete control of the home network. I remain in complete control of my home network and the devices connected to it, independent of the fact that my home network edge router is connected through an ISP CE router. Therefore, I know this claim is false in my case. In any case, I think this comment is well outside the realm of the homenet charter. <I'm getting really tired of being regularly insulted with unsubstantiated claims. So I'm starting to fight back.> Barbara > When we started this effort we heard of real situations such as Fred's > original > FUN BOF slides on how dual-geek households are forced not to share > printers due to corporate home firewall requirements. And that we should > expect the situation to get worse. Those slides are close to ten years old. > I'd like to know if they are still at relevant. Maybe they aren't. > If not, why not? > > -- > Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet