On Sun, Jan 3, 2021 at 12:01 AM Mark Foster <blakjak@blakjak.net> wrote:
And I don't see that opening up a UDP port on every end-user device to receive some sort of broadcast (unicast?) is going to be great security. ...
Yeah: This is probably best done by either requiring the streaming services to know where their customers' location is and relay a copy of any pertinent data to end users through their applications or to web browsers through headers, Or by having native software included with the OS on internet-connected devices to query a region-specific URL at a regular interval. This is much fewer packets if the data can be transferred over the headers of HTTPS connections which applications on end devices already make to various websites. The UDP port method is inefficient, at least if meet the requirements that would seem reasonable for emergency alert distribution on streaming devices (much the same as for other media...). 1. There should never be extra steps from an end user to "activate" emergency alerts - except steps which the device enforces must be done, before any content can be played. Notions such as computer users choosing to subscribe to IPAWS fail, at least, until some mechanism enforces that they do so. 2. If the device is able to view content, then emergency alerts must be working. The function to play alerts should not be able to be disabled and should resist tampering. If either an alert has been received, or emergency alerts would not be able to be received, then the normal play of content must be interrupted - the ability to access content should be disabled and be not allowed by the device's application or operating system until after it can be confirmed that all alerts have been fully played, or the error has been corrected. Problem is that UDP packets to X port could be easily intercepted and dropped by devices such as firewalls. Merely broadcasting the UDP port during an alert would not be enough, then; it would call for a regular broadcast to this port by every ISP to every user every few minutes, even when there are no alerts to relay. That would seem to be necessary for devices to be able to verify that alerts would be working and are not being tampered or interfered with. Devices would need to be designed to verify the latest UDP broadcast has been received and Self-Disable with an error message if too much time has passed with no update packet on that port; some type of crypto system would also be needed to verify that messages are authentic, and have not been forged, replayed, or altered. The regular UDP broadcast could not be only during an emergency, then, it would need to be every few minutes, otherwise the devices would have no way of ensuring their ability to receive alerts - that's a massive number of UDP messages to consider.. -- -JH