Mark, On Oct 15, 2010, at 11:48 AM, Mark Smith wrote: > So it won't be possible for the ISP to provide a > managed CPE service, because they don't control and can't be in control > of when the firmware is released to the CPE customers.
I'd think that recommending having an option that disables unattended automatic update would address this concern. Managed service providers, since they'd be controlling the CPE, could go in and disable unattended automatic updates (if they so desire). > If the draft is going to persist with specifying that firmware is > automatically distributed and installed, then it is also going to have > to specify mechanisms as to how ISPs are going to put inline with this > process, between the vendor and the CPE, so they're going to be able to > prevent automatic upgrades occurring at times when it is inconvenient to > customers. Not really. > o would you be happy that your Internet attached TV's firmware is Sort of like my TiVo updating itself? > o would you be happy that your (eventual) Internet attached ECU's [...] > o would you be happy that your Internet attached plane's firmware is Presumably, vendors would figure out how to do upgrades with minimal risk if the decided to follow the IETF recommendations, e.g., the ECU can easily tell when the car isn't running (or even occupied) and a plane's systems can easily determine whether the engines are running (or whatever). Posing reductio ad absurdum scenarios probably isn't really helping the discussion. > I certainly understand the issue of CPE firmware not being upgraded > regularly. According to recent data out of DNS-OARC, there are between 160,000 and 320,000 name servers on the Internet still running BIND version 4 -- a name server that has been deprecated by ISC now for almost a decade. People generally do not interact with CPE devices outside of perhaps initial installation/configuration. They might cycle the power once in a while, but otherwise it is a black box. These unattended devices have proven to be a target for various forms of attacks. I believe we should learn from past (and current) experiences and make recommendations that address those experiences. Assuming that folks are going to become more conscientious about installing updates hasn't really worked in the past, I'm unsure why it will work in the future. Regards, -drc -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------