Re: [Mud] what if MUD file is now longer available?
Michael Richardson <mcr+ietf@sandelman.ca> Sat, 18 May 2019 21:25 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: mud@ietfa.amsl.com
Delivered-To: mud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87C9C1200EF for <mud@ietfa.amsl.com>; Sat, 18 May 2019 14:25:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QoHJ1cckeWVp for <mud@ietfa.amsl.com>; Sat, 18 May 2019 14:25:13 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D38A12004F for <mud@ietf.org>; Sat, 18 May 2019 14:25:12 -0700 (PDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 655933826D; Sat, 18 May 2019 17:24:21 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 91E3BCA3; Sat, 18 May 2019 17:25:10 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 8F7FAC91; Sat, 18 May 2019 17:25:10 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Eliot Lear <lear@cisco.com>
cc: mud@ietf.org
In-Reply-To: <DF4FB039-6373-4980-9E26-C66D454D11A0@cisco.com>
References: <17454.1557618668@localhost> <DF4FB039-6373-4980-9E26-C66D454D11A0@cisco.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Sat, 18 May 2019 17:25:10 -0400
Message-ID: <5960.1558214710@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/mud/Tq41lATEEH99vD9clkLzCANNYFM>
Subject: Re: [Mud] what if MUD file is now longer available?
X-BeenThere: mud@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Manufacturer Ussage Descriptions <mud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mud>, <mailto:mud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mud/>
List-Post: <mailto:mud@ietf.org>
List-Help: <mailto:mud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mud>, <mailto:mud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 May 2019 21:25:16 -0000
Eliot Lear <lear@cisco.com> wrote: >> Section 13.2 says that the MUD-manager should cease processing at that point. >> I guess at that point, the access should therefore be default-deny. >> I guess the other question is what would the access be if there were no >> MUD URL at all. We'd all like to be default-deny, but I think that during >> a transition period it can't be that. > If you ever had a valid MUD file you should keep using it. This > follows the principle of least astonishment. Otherwise, a temporary > outage might cause policy flaps. An alternative might be to invoke an > exception flow that says, “yo! No more MUD file”. Yes, I'm asking: what if the MUD-manager never got a valid MUD file. It did exist at some point, but then marketing moved it when they redid the web site, or the company just went under. > A few things to think about with this use case. We really don’t have > contact information in the MUD file. While one might think that an > oversight, honestly I get a little nervous about sticking email > addresses in various places that can be harvested for SPAM. The contact info does not have to be an email address. It could point to quite a number of other things. There are some identities out there like 1id.com, Dun&Bradstreet numbers, RIR handles, URLs, ... ... Consider the opposite consideration: without a contact, one has no ability to find out who is liable. That would be a relatively low-bar for an import regulation. Every device gets a verifiable contact, or it does not get past customs. The QR code on the case containing the MUD URL provides that. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Mud] what if MUD file is now longer available? Michael Richardson
- Re: [Mud] what if MUD file is now longer availabl… Marc Blanchet
- Re: [Mud] what if MUD file is now longer availabl… Eliot Lear
- Re: [Mud] what if MUD file is now longer availabl… Michael Richardson
- Re: [Mud] what if MUD file is now longer availabl… Eliot Lear
- Re: [Mud] what if MUD file is now longer availabl… Michael Richardson