On Tue, Mar 16, 2021 at 1:04 PM Michael Davidsaver via Core-talk
<core-talk at aps.anl.gov> wrote:
>
> Personally, I see IPv6 as one of several "modernization" requirements
> which seem likely drop at some point within say 5 years.
>
> The biggest one being something along the lines of "all network services
> must employ strong authentication and encryption". I expect that the
> continuing drumbeat of headlines about PLC security problems will at
> some point spill over into the EPICS world in a way which makes arguing
> for exemptions untenable.
>
> Our community can either be proactive, or wait to be surprised.
>
Cherry-picking here, but I'm working both of these fronts from the
RTEMS side of things. Our network stack modernization _should_ help
bridge the gap with libbsd on higher-end boards and lwIP as the backup
plan for resource-constrained devices. Since RTEMS is most likely the
low water mark for the features and security mechanisms, hopefully our
efforts can help keep EPICS afloat (#dadjokes #sorrynotsorry) on
open-source.
We also will be exploring transport and application security solutions
including SSL and lightweight SSH (or telnet/SSL at the worst) ports.
I'm happy to entertain any inputs on other desired secure
communication services. I have about 1 more year of funding left to
push on improving the infrastructure security, and happy to
collaborate on current or future efforts of mutual interest.
>
> On 3/16/21 11:33 AM, Johnson, Andrew N. via Core-talk wrote:
> > On Mar 16, 2021, at 4:32 AM, Ben Franksen <benjamin.franksen at helmholtz-berlin.de> wrote:
> >>
> >> Am 16.03.21 um 09:44 schrieb Zimoch Dirk (PSI) via Core-talk:
> >>> On Fri, 2021-03-12 at 03:34 +0000, Johnson, Andrew N. via Core-talk wrote:
> >>>> https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-07.pdf
> >>>>
> >>>> - Andrew
> >>>>
> >>>
> >>> TL;DR
> >>> Do we have a problem?
> >>
> >> I may be wrong, but AFAIU only facilities in the US have a problem. They
> >> need to convince their over-bosses that they get an exception.
> >
> > Sorry, but if we don’t consider how we can add support for IPv6 soon EPICS will probably no longer be eligible for use by the kinds of large experimental facilities that have funded its development to date, and it will die. I’m not saying it’s urgent, but we should start to plan for it.
> >
> > That OMB memo was signed by the previous US administration, but I’m pretty sure it wasn’t developed by their political appointees, and IMHO hoping that the new administration will rescind it would be a mistake. Existing DOE facilities will almost certainly be getting exemptions of some kind, but EPICS doesn’t have a monopoly in this field and if we don’t support it many future Government-funded projects will have to find an alternative since IPv6-only networking will most likely become a non-negotiable requirement at some point. This isn’t likely to be unique to the US either.
> >
> > IPv6 use has been growing and many cellphone networks now depend on it (that DJB article which Ben found has a last-modified date of August 2003). There’s a page with links to several adoption statistics websites at
> > https://www.internetsociety.org/deploy360/ipv6/statistics/
> >
> > I’m hoping that we’ll be able to get some DOE funding to actually do the porting work. Given the number of DOE facilities that use EPICS it seemed reasonable to suggest that, which I have done to the team that is planning the DOE’s response to that memo.
> >
> > - Andrew
> >
>
- References:
- IPv6 Johnson, Andrew N. via Core-talk
- Re: IPv6 Zimoch Dirk (PSI) via Core-talk
- Re: IPv6 Ben Franksen via Core-talk
- Re: IPv6 Johnson, Andrew N. via Core-talk
- Re: IPv6 Michael Davidsaver via Core-talk
- Navigate by Date:
- Prev:
epics-pva2pva-linux32 - Build # 219 - Fixed! APS Jenkins via Core-talk
- Next:
Build failed: pva2pva 1.0.26 AppVeyor via Core-talk
- Index:
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
<2021>
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: IPv6 Timo Korhonen via Core-talk
- Next:
Re: IPv6 Jeong Han Lee via Core-talk
- Index:
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
<2021>
2022
2023
2024
|