Interesting People mailing list archives
lets read the spec Verizon "Broadband Router"
From: David Farber <dave () farber net>
Date: Fri, 30 Jun 2006 08:36:27 -0400
Begin forwarded message: From: Bill Stewart <bill.stewart () pobox com> Date: June 29, 2006 8:54:30 PM EDT To: dave () farber net Cc: "David P. Reed" <dpreed () reed com>, dewayne-net () warpspeed com Subject: Re: more on Verizon "Broadband Router" the perfect Trojan Horse David Reed fundamentally misreads the TR-069 standards document. As far as I can tell, while it's written with the usual clarity of a telecom standard designed by a committee with multiple goals, it is *not* a design in which - the user wants to read arbitrary web sites using a browser - the router watches all the IP packets, deeply inspecting the protocols wrapped inside the HTTP or HTTPS layer inside the TCP layer inside the IP layer and redirects packets directed to some sites - the ACS control system tells the router what to redirect. In fact it appears to be a design in which - the user wants to change features of their network service, or get their router fixed if it's broken, etc. - browsers are the tool that everybody uses to talk to users (for instance, my home wireless and wired routers both use browsers as their interface) - some of the changes require communicating with the router to set parameters, reboot the router, etc. - some of the communications can be done by the ACS control system, but some of them can only be done from the user's LAN, either for security reasons or because something's wrong with the router or whatever. - the user can browse to the ISP's web site, give the service provider information (upgrade requests, account numbers, etc.), get information such as activation codes or firmware URLs, - the web site can redirect the user's browser to send that information to the router, which can do something direct or connect to the ACS for more instructions, etc. In fact the whole Network Neutrality debate is filled with people who don't understand the technology (including people who should, and people on multiple sides of the debate) extrapolating terrifying possible outcomes of various things, ranging from Censorship by the Telco/NSA/Disney/Bush cabal to the Death of Consumer Service Innovation Strangled at Birth by the Red Tape of Astroturf-Driven Regulation. If an ISP _wanted_ to control user web-browsing behavior, it'd be much simpler and more cost-effective to do it centrally, using DNS servers, transparent proxy and caching equipment, PPPoE tunnels, and similar tools. There are ISPs who do some of this, not for nefarious purposes, but typically to quarantine virus-infected users and zombies so that they can only access virus-cleanup sites, or else to redirect users who haven't paid their bills to the ISP's online billing site. Bill Stewart Disclaimer: As usual, this message is entirely not intended to speak for my employers, current or past, and it's also not intended to speak for the TR-069 standards committee. -------------------------------------------------------------------- ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- lets read the spec Verizon "Broadband Router" David Farber (Jun 30)