IETF Logo Mail Archive

Re: [Mud] Review of draft-richardson-mud-qrcode-02

Marco Tiloca <marco.tiloca@ri.se> Fri, 24 December 2021 18:48 UTC

Return-Path: <marco.tiloca@ri.se>
X-Original-To: mud@ietfa.amsl.com
Delivered-To: mud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15EE73A0EE4; Fri, 24 Dec 2021 10:48:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.953
X-Spam-Level:
X-Spam-Status: No, score=-3.953 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.852, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ri.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id net8q3i5zMOi; Fri, 24 Dec 2021 10:48:35 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130042.outbound.protection.outlook.com [40.107.13.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D7513A0EE2; Fri, 24 Dec 2021 10:48:34 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zicc2H6lHDvDonL073u2/pHvrISRZIRiOLprI/vNZy+kICmPD/DM53n/MdIhr/si/sTlV/4TdIzGcLwC9YpJhGTCaaJzDCZKjUfii93Qh2iidLvXR3zde/+9Oj7ixyMJINVJbEHsPcp5Kbi7toxKOTWsAq0jDfZcLLI23SLYr7yX4HSKbmKpLBqSTe7HQLqDANLPPgqBb2ojGU+2RARb2cyECqdO2f9L/A8pHaQMOS4DMsZ0Kz33NTH6zVh1PUdWvgbmg0Se/hzXGmTp6OBx75/5IcwbjzsQT+0LkDFbPuJr+NDVm3Bn6WMQdedb8cInCQxEyqe1NTRwIsGTQcVIwA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Tg1XC3anHbUrL1WvFsdQnuGgCcWN0R8SAVQG49K6Dy4=; b=X9yMRDYX31/0W8MS07wDwDA1WtZ6+7R8Dfbj7q+Wq2z5gnHT9brLe/8E2XOd1yoUH1QFPTRcDqwyKVo3v6FwiSzAeL/UUbfzeJInEqs9WsVV6xan9XvPEbVPHZIod9XrYqgkoPHmkyagrATcrYvzC0sV9dqQjYAOXA6ZpRrEZYM0+AUlieYg61ErTq9zk6I19WQ2rwI5CR2Ns+cRRL4Wj7GEV1LfhvPBdSWwIrHvd+H7qNkXUVwdGm31No5vCaVTkxVC1xUs19kURFxf85BzWwhQKzGb4MzyCkzQ58Ifo3t9FKSlnzuQtfqs0hsBOlUFz4WpUJgyTLy94ms51ZZDHQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ri.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Tg1XC3anHbUrL1WvFsdQnuGgCcWN0R8SAVQG49K6Dy4=; b=cxfYI9XgDkMUVcYmfzYmP9pmS4s4K07/ay0PvxeHNx5zJNAHr6HRCygvzwLOPc/zU5J40ps/4fdoJcsDPRUdYKBcPkHT9VwwWuF1a663omC5kc/fGHQwiGVKMsqhUL7L1iiBrtkSlnDo2TPPXJGNsJ+TAP6AL6SFaTG9dnbajys=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ri.se;
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14) by DB8P189MB0763.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:fc::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4823.21; Fri, 24 Dec 2021 18:48:31 +0000
Received: from DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::6800:bc0b:ccc:3a69]) by DB8P189MB1032.EURP189.PROD.OUTLOOK.COM ([fe80::6800:bc0b:ccc:3a69%3]) with mapi id 15.20.4823.021; Fri, 24 Dec 2021 18:48:30 +0000
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: draft-richardson-mud-qrcode@ietf.org, rfc-ise@rfc-editor.org, mud@ietf.org
References: <2b0346cd-1243-5056-8162-d29107da66cd@ri.se> <29479.1639340699@localhost> <0bb1fcee-6746-597b-0ecd-eefe31b863aa@ri.se> <25998.1640367466@localhost>
From: Marco Tiloca <marco.tiloca@ri.se>
Message-ID: <b72948d5-33bc-a99b-b72c-d3ef73cb921f@ri.se>
Date: Fri, 24 Dec 2021 19:48:28 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
In-Reply-To: <25998.1640367466@localhost>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="9OeHKhgNkMZzj6OkVzZPpabrKIFTTddTS"
X-ClientProxiedBy: MR1P264CA0135.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:51::12) To DB8P189MB1032.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:16e::14)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 1d610ff8-1cd2-4a3f-93a5-08d9c70dfab7
X-MS-TrafficTypeDiagnostic: DB8P189MB0763:EE_
X-Microsoft-Antispam-PRVS: <DB8P189MB07637AAE9845ABE80CB51980997F9@DB8P189MB0763.EURP189.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: iOPdD7O+JssaaiFiu61HjPPtCEHNrPAMyCPL+6YuPx7rZfJE7XUUWfLZFBshYmib+IG5sp3HTzM+pzgh2Nk1/QXJzj8z7BPMFQYKsnjpvCzsbnpSzo4/cKC6LlozeFAkDrlqKSQq5Z22Y8pe/oeb92PTfAt1MjtXLhDYWolgigBPLcYaFoVxgjwBlENAHCTeBxcySp1/vKTMFfQ7cMYMTGHxYOrvs2blUhztVqxGewmmkP4AxVZTrj6YnKAnkOI+qi1qW5kRlILm+w/R36oECdAxXqkW2FtAIlDT1YuhcCypu3yOKKiemc40ce3/T47zLyBbEE6RvriMoHRNF7z6iMEgkef7xnG3tFanzRFBSWs6yQRDqGvJs6WFHQL4K9C8pqCzuZPnVB6lu3AGMZiUf0YQHBpiWXovc1Xe9E+Vbni8r0xTFRkZmmqX/auvz7Reaz0gmb/fbUHQKxdaRYreWa2xeqb1ZvN2lO8mQII5qdZz1R1aFhZ3iEKBOWR9a03SS0z1+zN2RiDw0E0ydckSzkT0McUDPOOLuTYPVkSh/D/twGPbL3t9V4n79WQY2BG+q+sDjq51gVxzZOY7IGdf7UY1cNEnJblFn/6nLJj61xgUECjAjTlRGKXVoFHHrewCBT4TfwfkE4VXy7HExSviEOuBLzzEPPnKOso4PnMkjhlukmkTs72WE0aJ62seW+yR4yEpbBx4RjAjPPHSewZRM/Lp88KvQ1RMudUmKvG4ub27gGCx7rR2EQrcvDYAWgQBHPajOT/XScVhr+YOftT0cNeOc+UIgoLZLw6ivJemJtc=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8P189MB1032.EURP189.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(6486002)(4001150100001)(8936002)(53546011)(6506007)(6512007)(31686004)(26005)(186003)(31696002)(316002)(44832011)(83380400001)(66946007)(5660300002)(66476007)(86362001)(33964004)(66574015)(38100700002)(235185007)(508600001)(36756003)(2906002)(966005)(4326008)(2616005)(21480400003)(8676002)(66556008)(43740500002)(45980500001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: WNmmxaWkJbPfEi7/xA1vfjdYmSwjXS9UVPjiiHas6511PlYXCB2pOEbKXa0cexsk+Um9GwXYaNBFImBFzUh3Drsv1fJ8/5OSlKUJOSOzvpW77b9NV4Gm04VG84F4mxCG9aZFVc5qjmbNPbNP1vO5My6fWgaGZD+QrDNO1HjOLU4ETY77UBHWhbDXaokvwhH3oVtjohi4UzMxUiKY6srcMIa1Ied4wFWY4HjUzuCZhtrm1p50zrFirv0lbxy2zEGKP8Sbkx6OeAH2413uznENAC1YebCuGibiMYcdCD+ogoMKWEHzHKXQRmn/P1+fky5alh7bM9dkJAB9vupJkUCp2Kf3fKLKrGdWBhPeA9ans7IA4OpYNihJXZBq4D7oB7JPLoTl0dGlr6c1cZQJV+zBE+6I3Dbvz4bfXi3+H3nGkftAHQDp/0z59M2CqR8Q8ayy1JzY+0GgHiJhpxrYJIkW90ZPGAse200m/Hn9YnkVqaEh5OiYQd9X4sPjYcjwnQQgYUd/H9Lc4UhjDTh81o1CTlyIrW/caHsqbbR2FeUCpKqWKBRj8hH4CRuetSjQAGDCCnIjF2hd8a72oXIJo3bCbBu72JpZlQiQh6dNE5JoO+ysyoRRSt/ntmKcJDf6MoRJONag6c1TIxO2gYt21P+rizRCQb//eC3pG0mKExVe4mtZbvDYt4r+0U+ajC+JPOeRNdUgRtOFviftC5oEiiUkkuFlYSKV9hiEtDtxJ+bmg0xXjSyioS7VDDbpNQE7Bq7T01ddB6VmLLGwIYMAJtCLqzoeAGpIIZx9R/d8fpg6M2mjOVawY/ZJ0H7i8H5SxWacfbVMhaz7PBn2Bf6pgkdP+FOzMcLh4rn7QGMt8p8lRveMzhFhNmMtrl/S4Lz+HCc3VmDZ9H7N5HWuu2BRla6ow3ODhSIRx8UJPbHlqMyjRLdol5eSxbn3saSmoH0Wmc+kpmgAw83GYFamN3zCcJ4R334pUOp0kJwDcyzPngCejDYBIS4kmVrCMLKSs6OiV1s9tfHI8osYabZioIwWyfjiFXkk4CwWhq/PHgymv76ODyxemXujdQbqkX/OJ8ijSCiMmPzR4B5nHWxW7rklAR5WYu7cBnIdG2jnpft273eHSTCQReqBbakOIav2hKD8OSoSj6oc9i5zE2sOWfm8iaVb2NA4omMZrwk5SKyWSAQ3WxF8kCOFQbOC0Mpf1I3qGoQIrX4b/TM4w19MyOWdgprUrh50jey1TvgkRoxu+GHZI2Tvgcylkkarbu7+z5g418hbpoOAj6GOHO3l1IsAfQZQR9WoLGqEdb3u31KEEUHrgzSrZsrYgKZNPk6blqLqBK3CBgPJMXoRiqa3qlnFvwmMkivn3AmYGKK6woVMYn27Zt8OIFgCTr+ynHpsuHPmeu0YDgKYZw0h1rdJANn29OjcydNvTBVLZGFYmNMzL4WfBPuc0DnnHjzkWYAbjsjwDyh5kmZEKHSWsnTAG41IKdjKxBoXsZPmPsxhflq2kUlmdEcVj2SRct52pj9WfGIX9oMVr32uaQDXMDf9TslUFmfXjpn+nQHe5dJBS1oyFylBIHba7n1EQCKpaFcbCDTM7BS7JDRP7wN04kAZ6wCbYT+Cskihvruaokfi+EXOxxQxi0s=
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 1d610ff8-1cd2-4a3f-93a5-08d9c70dfab7
X-MS-Exchange-CrossTenant-AuthSource: DB8P189MB1032.EURP189.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Dec 2021 18:48:30.7141 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: bLlL1mrZSg0XFcE4W6ZqSh1gc7ebR+cAPZcT0gDzvJN4iuzngoedD1Y3jQlM7RgJolWv6VY6sbENfYEXkYWxFg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8P189MB0763
Archived-At: <https://mailarchive.ietf.org/arch/msg/mud/7DtjR7x8qZmKFz7qi2kASdyC0vo>
Subject: Re: [Mud] Review of draft-richardson-mud-qrcode-02
X-BeenThere: mud@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Manufacturer Ussage Descriptions <mud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mud>, <mailto:mud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mud/>
List-Post: <mailto:mud@ietf.org>
List-Help: <mailto:mud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mud>, <mailto:mud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Dec 2021 18:48:41 -0000

Hi Michael,

Thanks, it looks good!

Best,
/Marco

On 2021-12-24 18:37, Michael Richardson wrote:
> Marco Tiloca <marco.tiloca@ri.se> wrote:
>      > On the second point, it may just fit as a short paragraph in Section 6
>      > "Privacy Considerations". For instance:
>
>      > "The use of URL shorting services discussed in Section 3.2.4 may result in
>      > trading convenience and efficiency with privacy, since the service provider
>      > might leverage per-device or per-customer short URLs to track and correlate
>      > requests."
>
> I've added this to https://github.com/mcr/mud-qrcode/pull/4
>
>      > Thanks, I guess these points are also covered in the cited
>      > mud-acceptable-urls . I think it would be good have them briefly included in
>      > this document too, along the same lines in your reply above.
>
> Added above too.
>
>      >> > * I think it would be good to add considerations on the security of the
>      >> > (access to the) physical premises, and on the trust required on the network
>      >> > operators performing device deployment and QRcode scanning on those
>      >> > premises.
>      >>
>      >> Are you thinking about a situation where the devices are deployed on a
>      >> campus, and employees or students could attach new stickers to the device?
>
>      > ==>MT
>      > Yes, and to possible active actions from QRcode examiners as hinted in the
>      > review at [1].
>
>      > [1]
>      > https://datatracker.ietf.org/doc/review-richardson-mud-qrcode-02-iotdir-early-jimenez-2021-11-25/
>
> okay, so I think that I've added text about this already.
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>             Sandelman Software Works Inc, Ottawa and Worldwide

-- 
Marco Tiloca
Ph.D., Senior Researcher

Division: Digital System
Department: Computer Science
Unit: Cybersecurity

RISE Research Institutes of Sweden
https://www.ri.se

Phone: +46 (0)70 60 46 501
Isafjordsgatan 22 / Kistagången 16
SE-164 40 Kista (Sweden)

v2.23.0 | Report a Bug | By Email