IETF Logo Mail Archive

Re: [Mud] how to increase trust in MUD URL

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 23 January 2020 02:33 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: mud@ietfa.amsl.com
Delivered-To: mud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 478C5120089 for <mud@ietfa.amsl.com>; Wed, 22 Jan 2020 18:33:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jLrYcezT19Jd for <mud@ietfa.amsl.com>; Wed, 22 Jan 2020 18:33:22 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88E18120018 for <mud@ietf.org>; Wed, 22 Jan 2020 18:33:21 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 2BAF53897E for <mud@ietf.org>; Wed, 22 Jan 2020 21:32:48 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id E31919B0 for <mud@ietf.org>; Wed, 22 Jan 2020 21:33:20 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
to: mud@ietf.org
In-Reply-To: <428.1579728908@localhost>
References: <157918044299.26236.8163535356477976451.idtracker@ietfa.amsl.com> <CAFpG3gehp98VB2RpL6LenRJsV=RRQ=1jCTX7mcrmd27pzkYqfg@mail.gmail.com> <CAFpG3gek8qrHjN5LNQUrRrS9+zFuVQQ4y+XorRrr5xySs2fP1g@mail.gmail.com> <20570.1579314460@localhost> <30267.1579654985@localhost> <9b50e4ca-d516-3f3b-5992-1695f8147d18@sit.fraunhofer.de> <30626.1579713687@localhost> <CAHiu4JOXOAt2U5soxrHB2D8EMxwkQ-tKv62F2vxAVPdvqAgfzg@mail.gmail.com> <428.1579728908@localhost>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.1.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Wed, 22 Jan 2020 21:33:20 -0500
Message-ID: <23472.1579746800@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/mud/5RWhUvCUit3SLYUjzc20Fj_gwGo>
Subject: Re: [Mud] how to increase trust in MUD URL
X-BeenThere: mud@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Manufacturer Ussage Descriptions <mud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mud>, <mailto:mud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mud/>
List-Post: <mailto:mud@ietf.org>
List-Help: <mailto:mud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mud>, <mailto:mud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 02:33:24 -0000

If a device provides a MUD URL which points to a 404, what does that mean?
Section 1.6 says that it should tolerate failures for awhile.

I am thinking about a case where malware discovers that a particular version
of firmware has a MUD file that contains an error that allows for exploit
traffic.

Can a manufacturer just remove a MUD file from their web site if the firmware
revision is obsolete?  That seems wrong.

It seems that it ought to just post an "empty" (no ACLs) mud file in that
case.  But, then we wind up with a bunch of tombstones.

Maybe the file could have something assertive, like: "bad bad, do not run,
quarantine now" as flag?


--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.8.7 | Report a Bug | By Email