From owner-freebsd-security@freebsd.org Thu Nov 12 00:32:08 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B2915A2B426 for ; Thu, 12 Nov 2015 00:32:08 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-qg0-x234.google.com (mail-qg0-x234.google.com [IPv6:2607:f8b0:400d:c04::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6D95C1444 for ; Thu, 12 Nov 2015 00:32:08 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: by qgad10 with SMTP id d10so36983370qga.3 for ; Wed, 11 Nov 2015 16:32:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=J852u+nN5G41TsyvjSSTWfG7Vhg0pdGt9nLIt4HJx38=; b=E2mtRqYZLZKnOzLoxDocr2EPzWoFRTvvCZQUAO4++5zfWkMGMiKddhrf+LL5bqhDuN T4WY6sRXery2qlPxrhkzfDmjUif1/2W0kBN7mL1Ug7atf9JgCl74LiJfZ9Hy1aNrVRQQ /NAfasUsWtZ+vgdRZ7Gp8AR8B5A3XMryxmGfwUVPLULA5vX8mcCtAEOy7+m3DOOFQS0/ 386YrZpkG1Fjsdlg5M9moKik4ibWfh816pmathWagsNCL03TablMSWO3lUioP4y0CFxw HmpoeV+jRs0a96UFG9vbvjU8KsH8d2hN0sfAXhU3shll4lr7r88tRZdhN00xF2QnPpF8 fWDg== MIME-Version: 1.0 X-Received: by 10.140.33.139 with SMTP id j11mr13582545qgj.49.1447288327546; Wed, 11 Nov 2015 16:32:07 -0800 (PST) Received: by 10.140.32.75 with HTTP; Wed, 11 Nov 2015 16:32:07 -0800 (PST) In-Reply-To: References: <86io5a9ome.fsf@desk.des.no> <20151110175216.GN65715@funkthat.com> <56428C84.8050600@FreeBSD.org> <20151111014102.GQ65715@funkthat.com> Date: Wed, 11 Nov 2015 19:32:07 -0500 Message-ID: Subject: Re: OpenSSH HPN From: Robert Simmons To: "freebsd-security@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Nov 2015 00:32:08 -0000 Oh just the opposite of what you're claiming. Did you even read the article about the Beyond Corp project? It is 100% about thinking very hard about trust and making sure that the trust model used doesn't depend on the concept of internal/external network. Also, the type of thinking where two or more machines are connected directly or are on their own separate network is what lands you in a situation like BACnet. Now you have a pentester with a vampire tap in the basement lobby sniffing your unencrypted traffic on your "trusted" BACnet. On Wed, Nov 11, 2015 at 6:47 PM, Leif Pedersen wrote: > On Wed, Nov 11, 2015 at 4:29 PM, Robert Simmons > wrote: > >> I don't think there is such a thing as a trusted network. That is a >> unicorn >> these days. >> >> No networks should be considered trusted. >> > > oh baloney. That's just a clever way to say you want to stop thinking > about trust. > > If I've connected two machines directly, that network is more trustworthy > than any encryption. This is not rare, but typical for system recovery, > which is where nc and ssh with the none cipher are highly useful. > > It's also not a bridge too far to claim a network is trusted when it has > 1000 computers on a special-purpose processing network with access only > allowed by the admins that built it, and perhaps an API. In those networks, > the nodes work together like storage and CPUs work together in a single > computer. The only difference is that SATA disks and x86 CPUs are replaced > by general-purpose computers running Cassandra and Nginx, connected by > ethernet, so that you can connect thousands together instead of dozens. Do > you always insist on encryption on your SATA cables and memory buses? > > That sort of special-purpose network is not rare either; rather it's > typical for internet services where the load is beyond what a single > machine can handle, or clusters that run models that are too large for a > single machine. > > Trustworthy networks do exist. They just aren't the same networks as 20 > years ago. > > -- > > As implied by email protocols, the information in this message is > not confidential. Any middle-man or recipient may inspect, modify, > copy, forward, reply to, delete, or filter email for any purpose unless > said parties are otherwise obligated. As the sender, I acknowledge that > I have a lower expectation of the control and privacy of this message > than I would a post-card. Further, nothing in this message is > legally binding without cryptographic evidence of its integrity. > > http://bilbo.hobbiton.org/wiki/Eat_My_Sig >