IETF Logo Mail Archive

Re: [OPSAWG] Genart early review of draft-ietf-opsawg-mud-08

"M. Ranganathan" <mranga@gmail.com> Wed, 30 August 2017 22:01 UTC

Return-Path: <mranga@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EE9F132C2D; Wed, 30 Aug 2017 15:01:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rjceE1cR4ltK; Wed, 30 Aug 2017 15:01:36 -0700 (PDT)
Received: from mail-wr0-x234.google.com (mail-wr0-x234.google.com [IPv6:2a00:1450:400c:c0c::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FC3113239A; Wed, 30 Aug 2017 15:01:36 -0700 (PDT)
Received: by mail-wr0-x234.google.com with SMTP id z91so21869322wrc.1; Wed, 30 Aug 2017 15:01:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+T7Q6L51NeRK1n4AjvQ2Pjs7eQdrq5lKwzJIajcHE24=; b=Yj44iPYMTTWdRUXtkzaq7eTupHmEonZSi/EmmGttlT8V41IAFr2MfwEXyaimkh5dIu EtrYNxNYLoSlDWfrOfpiBxN39sQiTurhy1uGBmtP62QnPa++6DeqSTXmdwLI5ZgXFbyH fRNxv5E+bWbw9bqfFvzY+kZL4ft/DHT5PrExv/UwEeOxY3Em4Nu7j+PxX1Zu2ZzE75+7 H3g57OplvL97dkmxtiDjMeiw6ZOAlr5RejbRln89xR6b3BY7vEO6HAgRiKPS4keFhcvU NwocAvOUC2izpniiIg05rjTIBYnt+U+6qrKJdESe2++QE1ZhAKnfeos1/x7iFTNV0kkv o5DQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+T7Q6L51NeRK1n4AjvQ2Pjs7eQdrq5lKwzJIajcHE24=; b=A8k7Re/Izo4V+PjhGB18lRIgmrXwzOq43aBu5pnitpAPgX/lOPQuSn1aZ7HEg83UYx qZpL0JkV6hb48+nulMLwplGru5ySpaLfCDKnvA1He0VOSNONZYDmYHwJ7RNr7PKLXqow TwtsSfSCflO8f0sMNku7joDdCIipNn33/fSNV0I1VHeLuiQbnKrIBjc7Afl1PKTJ1v30 jkrbe7PIpeRm4F59VxN36Due7X4J4hJt7ARW5l7skX76i1OLXHdPXy7AUlf9zuhTNuyT UO1NwGX2oM1nKzujn+4XcxOSf123B+MVE6LXVsdEx9P5pEj7W2+PTx3TGABB5fyPW4QJ r3/g==
X-Gm-Message-State: AHYfb5jxV2CZqdJXqeF2d8CeGUWnXugHP9y06vYuchG6Uy/G89rO7ZEl uGV6Tiz3IBUy+NhbEUrBcpjE4i3lriB8
X-Received: by 10.223.143.82 with SMTP id p76mr1693509wrb.261.1504130494642; Wed, 30 Aug 2017 15:01:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.184.71 with HTTP; Wed, 30 Aug 2017 15:00:53 -0700 (PDT)
In-Reply-To: <150411366399.21627.17047458871931107094@ietfa.amsl.com>
References: <150411366399.21627.17047458871931107094@ietfa.amsl.com>
From: "M. Ranganathan" <mranga@gmail.com>
Date: Wed, 30 Aug 2017 18:00:53 -0400
Message-ID: <CAHiu4JMCtxFY9qu6q4h30Y=GExx69yLg7xRbSirgURy=7+4_Lw@mail.gmail.com>
Subject: Re: [OPSAWG] Genart early review of draft-ietf-opsawg-mud-08
To: Robert Sparks <rjsparks@nostrum.com>
Cc: gen-art@ietf.org, draft-ietf-opsawg-mud.all@ietf.org, opsawg@ietf.org, ietf@ietf.org
Content-Type: multipart/alternative; boundary="f403045f4daad43fa80557ffaba3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/K_ZEgdtF2l0dmO3jHnaqN5Iijq0>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Aug 2017 22:01:41 -0000

On Wed, Aug 30, 2017 at 1:21 PM, Robert Sparks <rjsparks@nostrum.com> wrote:

>
>
> Right now, you leave the DHCP server (when it's used) responsible for
> clearing state in the MUD controller. Please discuss what happens when
> those are distinct elements (as you have in the end of section 9.2) and
> the DHCP server reboots. Perhaps it would make sense for the DHCP server
> to hand the length of the lease it has granted to the MUD controller and
> let the MUD controller clean up on its own?
>

I would like to add a few words to the comprehensive review presented by
Robert Sparks (I hope it is proper etiquette on this list to do so).

With respect to the observation above:

There is also a cache timeout in the MUD profile. Does it make sense  that
the MUD controller should take the minimum of the DHCP lease time and the
cache timeout and use that to time out the installed ACLs (?) The DHCP
server should also  pass to the MUD controller, some way of identifying the
device to which the lease has been granted (for example the MAC address of
the device).

The draft also not specify how the DHCP server will communicate with the
MUD controller (presumably via a simple REST interface but what is the URL
to be used and how are the parameters passed?). I think this should be
specified for interoperability between DHCP clients and MUD servers. Maybe
words describing this interaction can be added here.

Thanks,

Ranga.



>
> _______________________________________________
> OPSAWG mailing list
> OPSAWG@ietf.org
> https://www.ietf.org/mailman/listinfo/opsawg
>


-- 
M. Ranganathan

v2.23.0 | Report a Bug | By Email