osed data retention law WAS Republicans propose data retention laws etc REPOST!!!!!!

[David Farber <dave () farber net>]

Begin forwarded message:

From: Jim Thompson <jim () netgate com>
Date: February 23, 2009 7:16:42 AM EST
To: David Farber <dave () farber net>, "Steven M. Bellovin" <smb () cs columbia edu 
>, Tom Goltz <tgoltz () QuietSoftware com>
Subject: Re: [IP] Re:   osed data retention law  WAS   Republicans  
propose data retention laws etc


Note that the government could require an 802.1x/WEP  or WPA compliant  
authentication (which could be done semi-anonymously), punting the log  
to a machine in a much more stable location.   Most of the half-decent  
wireless routers on the market today (including the WRT54 series) will  
perform enough 802.1x and RADIUS to allow sufficient logs to be kept  
to comply with the legal requirements of this (not yet a) law.

Configuring these is another matter, but in the current "spend like  
its water" environment, the ILECs and MSOs (and yes, even the ISPs  
like Brett) could be given "a few" dollars per subscriber to re- 
configure the world.

I'm not saying I'm in-favor of the idea, or the law.  I *AM* stating  
that Mr. Goltz (*) is wrong, and that those who espouse that DHCP logs  
are (or were, or even are not) the answer are looking "too far down  
the stack".  Its got nothing to do with
the write-performance of the flash.

There are some edge cases, such as what to do if a STA connects  
somehow during the window when the Internet connection is "down".    
One could always require "forced re-authentication" once the net is  
back up, I suppose.

(I've spent many years doing embedded work too.  I was running an  
embedded "open source" 802.11 platform before many thought it  
possible.  (Musenki))

Jim

On 23 févr. 09, at 02:00, David Farber wrote:

> Begin forwarded message:
>
> From: Tom Goltz <tgoltz () QuietSoftware com>
> Date: February 22, 2009 8:12:37 PM EST
> To: "Steven M. Bellovin" <smb () cs columbia edu>
> Cc: dave () farber net, "ip" <ip () v2 listbox com>
> Subject: Re: [IP] osed data retention law  WAS   Republicans propose  
> data retention laws etc
>
> At 02:17 PM 2/22/2009, David Farber wrote:
> > Given that they already have flash for configuration data and  
> > firmware
> > updates, and given how ubiquitous and large flash chips are, I'm not
> > sure that that argument is very defensible, especially going forward.
> > Remember that the goal is to log DHCP lease assignments, not full
> > traffic or email logs.  At least, that's the goal for now...
>
> Speaking as an embedded systems firmware developer for over fifteen  
> years, with considerable experience working with flash devices, I  
> very much doubt it will be easy to retrofit the majority of the  
> consumer market WiFi routers to internally log 2 years worth of DHCP  
> assignments.  Taking for example the highly popular Cisco/Linksys  
> WRT54G: it originally had 4mb of flash, but the latest hardware runs  
> smaller-footprint firmware and only has 2mb, and the "compact"  
> version has as little as 1mb of flash.  These devices ALL have a  
> single flash chip.
>
> Generally speaking, the smaller the flash, the larger a percentage  
> of it will be used by the device firmware, and as the vendors have  
> sought to cost-reduce their designs in a fiercely competitive  
> market, the unused flash space approaches zero.
>
> Additional headaches include the fact that few flash chips can be  
> read while they are being written, so logging to a flash chip would  
> prohibit directly executing firmware from that same flash component  
> at the same time.
>
> The cheaper flash parts tend to have limited write-cycle durability,  
> only being able to erase and write a given area around 10k cycles  
> before it wears out.  Not a big deal for something that might update  
> it's firmware and configuration a few hundred times in it's normal  
> lifetime, but a real concern for data logging.
>
> Even assuming you could somehow fit a logging facility into the  
> hardware constraints, and Cisco could go back and release firmware  
> updates for the 50+ different versions of the WRT54G alone, the  
> majority of these devices are in the hands of owners who have no  
> concept of "firmware" and how to update it.
>
> The implementation of this data retention requirement would have to  
> mandate the replacement of every single WiFi Router in the country,  
> and possibly ban the use of open-source firmware.
>
> Take a look at the Wikipedia page on the Linksys WRT54G router: http://en.wikipedia.org/wiki/Linksys_WRT54G_series 
>  and you'll begin to get a feel for just how improbable a task this  
> logging requirement would be.
>
>
>
>
>
>
> -------------------------------------------
> Archives: https://www.listbox.com/member/archive/247/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/247/
> Powered by Listbox: http://www.listbox.com





-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com