Re: [Mud] how to increase trust in MUD URL
Eliot Lear <lear@cisco.com> Wed, 22 January 2020 20:12 UTC
Return-Path: <lear@cisco.com>
X-Original-To: mud@ietfa.amsl.com
Delivered-To: mud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6073012087A for <mud@ietfa.amsl.com>; Wed, 22 Jan 2020 12:12:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.502
X-Spam-Level:
X-Spam-Status: No, score=-14.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AuToMdQhb4zZ for <mud@ietfa.amsl.com>; Wed, 22 Jan 2020 12:12:32 -0800 (PST)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7D1A120142 for <mud@ietf.org>; Wed, 22 Jan 2020 12:12:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1759; q=dns/txt; s=iport; t=1579723952; x=1580933552; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=3AdOaAIV/Bw2Hqeuk9S15FqzqNQoDDHkV61CCJ9yAWE=; b=ZRam0dzh7q2GQUHMQCSURzAVdUkR/J2GtPSHduLjynnpvydn7z8/ILn1 zAHEJuQ2z8lGgXTGBlHRvOPtOYdztAa85JJqT3AD/Pthv9r7J9QwtAmLd e3AHuKBeWeIpWONTud6kJPakea+wmGZrGE/iIGnKBFFEfayzwzUrBOQxN U=;
X-Files: signature.asc : 488
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CVBACvqyhe/xbLJq1lHQEBAQkBEQUFAYF7gimBYRIqjRWICCWbNwIHAQEBCQMBAS8BAYRAAoI+OBMCAw0BAQQBAQECAQUEbYVDhV4BAQEBAgF5BQsLGC5XBhODJgGCWyCucoInhUqEZBCBOIFTil2CAIE4DBSCFwcuPogLgiwEjXKJQJgggkOCS4EckkwbmnemOYMtAgQGBQIVgWkigVgzGggbFWUBgkE+EhgNlkhAAzACjWoBAQ
X-IronPort-AV: E=Sophos;i="5.70,350,1574121600"; d="asc'?scan'208";a="22440519"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Jan 2020 20:12:29 +0000
Received: from dhcp-10-61-103-205.cisco.com (dhcp-10-61-103-205.cisco.com [10.61.103.205]) by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 00MKCTB7022864 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 22 Jan 2020 20:12:29 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <104874F4-BB08-4284-9ED2-0400BC067942@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_2952D7A3-4DB8-4740-B00C-35982BC46C4D"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.40.2.2.4\))
Date: Wed, 22 Jan 2020 21:12:28 +0100
In-Reply-To: <9b50e4ca-d516-3f3b-5992-1695f8147d18@sit.fraunhofer.de>
Cc: mud@ietf.org
To: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
References: <157918044299.26236.8163535356477976451.idtracker@ietfa.amsl.com> <CAFpG3gehp98VB2RpL6LenRJsV=RRQ=1jCTX7mcrmd27pzkYqfg@mail.gmail.com> <CAFpG3gek8qrHjN5LNQUrRrS9+zFuVQQ4y+XorRrr5xySs2fP1g@mail.gmail.com> <20570.1579314460@localhost> <30267.1579654985@localhost> <9b50e4ca-d516-3f3b-5992-1695f8147d18@sit.fraunhofer.de>
X-Mailer: Apple Mail (2.3608.40.2.2.4)
X-Outbound-SMTP-Client: 10.61.103.205, dhcp-10-61-103-205.cisco.com
X-Outbound-Node: aer-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/mud/YNO52x39xEKg1oqhmqHJFMzVg3I>
Subject: Re: [Mud] how to increase trust in MUD URL
X-BeenThere: mud@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Manufacturer Ussage Descriptions <mud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mud>, <mailto:mud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mud/>
List-Post: <mailto:mud@ietf.org>
List-Help: <mailto:mud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mud>, <mailto:mud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jan 2020 20:12:33 -0000
> On 22 Jan 2020, at 08:31, Henk Birkholz <henk.birkholz@sit.fraunhofer.de> wrote: > > Hi mud'ler, > > On 22.01.20 02:03, Michael Richardson wrote: >> But, updating the URL in IDevID is difficult to do. Quite reasonably it might >> be impossible without a device recall. The IDevID version is much easier to >> invest trust into. And it clearly links back to the manufacturer. > > This is one of the biggest issues that came to my mind ad-hoc. Is changing the URI really an option? I would assume this type of encapsulation is trustworthy, I think. To me this is something that TEEs can really assist with, but we may need to think about how the URL is communicated. Should it be in an idevid long term or in some other signed object? Eliot
- [Mud] how to increase trust in MUD URL Michael Richardson
- Re: [Mud] how to increase trust in MUD URL Henk Birkholz
- Re: [Mud] how to increase trust in MUD URL Michael Richardson
- Re: [Mud] how to increase trust in MUD URL M. Ranganathan
- Re: [Mud] how to increase trust in MUD URL Henk Birkholz
- Re: [Mud] how to increase trust in MUD URL Eliot Lear
- Re: [Mud] how to increase trust in MUD URL Michael Richardson
- Re: [Mud] how to increase trust in MUD URL Michael Richardson
- Re: [Mud] how to increase trust in MUD URL Ted Lemon
- Re: [Mud] how to increase trust in MUD URL Michael Richardson
- Re: [Mud] how to increase trust in MUD URL Eliot Lear
- Re: [Mud] how to increase trust in MUD URL Michael Richardson