IETF Logo Mail Archive

Re: [Mud] how to increase trust in MUD URL

Eliot Lear <lear@cisco.com> Thu, 23 January 2020 07:49 UTC

Return-Path: <lear@cisco.com>
X-Original-To: mud@ietfa.amsl.com
Delivered-To: mud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EB9712012E for <mud@ietfa.amsl.com>; Wed, 22 Jan 2020 23:49:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xwjmNIMxC1ga for <mud@ietfa.amsl.com>; Wed, 22 Jan 2020 23:49:02 -0800 (PST)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11C4C120111 for <mud@ietf.org>; Wed, 22 Jan 2020 23:49:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5398; q=dns/txt; s=iport; t=1579765742; x=1580975342; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=SrSplEEZVv67TP1ipdmH26qaXPz6ro7fJQj/F4KalkM=; b=JgH90rWxOsjUwo3rIpMwGZbJxTWR+HFTd7aIYmdHbihcDLGVmwLmh0SB Ij6XyptAc0Axw8g3/zbIFWS+JEGCWlYYDrwgAoXc+GiPu55y+KH/XMHvJ tAt9EayTzZIi+SeslHWEWahx7FjTf1jf5/6UX5EUf7h4yS0/aCzDMpgN2 0=;
X-Files: signature.asc : 488
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0A8BAAGTyle/xbLJq1lHQEBAQkBEQUFAYF7gimBQSASKoQSiQOILZMtiAsCBwEBAQkDAQEvAQGEQAKCPjgTAgMNAQEEAQEBAgEFBG2FQ4VeAQEBAQIBI1YFCwsEFCoCAlcGE4MmAYJbIK0cdYEyhUqEVxCBOIFTh3uCY4IAgTgggh4uPoQzgyYygiwEiXyNOJgggkOCS4EcjUiFBRuad6Y5gy0CBAYFAhWBaSKBWDMaCBsVZQGCQT4SGA2ICAUXjiRAAzCNH2ABAQ
X-IronPort-AV: E=Sophos;i="5.70,353,1574121600"; d="asc'?scan'208,217";a="22461511"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 23 Jan 2020 07:49:00 +0000
Received: from dhcp-10-61-103-205.cisco.com (dhcp-10-61-103-205.cisco.com [10.61.103.205]) by aer-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 00N7mxMc028599 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 23 Jan 2020 07:48:59 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <901B77A8-C631-496B-B322-EAE26ED26DC0@cisco.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_1883C821-73BE-4D72-B6C8-C59E11C774E3"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.40.2.2.4\))
Date: Thu, 23 Jan 2020 08:48:58 +0100
In-Reply-To: <23472.1579746800@localhost>
Cc: mud@ietf.org
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <157918044299.26236.8163535356477976451.idtracker@ietfa.amsl.com> <CAFpG3gehp98VB2RpL6LenRJsV=RRQ=1jCTX7mcrmd27pzkYqfg@mail.gmail.com> <CAFpG3gek8qrHjN5LNQUrRrS9+zFuVQQ4y+XorRrr5xySs2fP1g@mail.gmail.com> <20570.1579314460@localhost> <30267.1579654985@localhost> <9b50e4ca-d516-3f3b-5992-1695f8147d18@sit.fraunhofer.de> <30626.1579713687@localhost> <CAHiu4JOXOAt2U5soxrHB2D8EMxwkQ-tKv62F2vxAVPdvqAgfzg@mail.gmail.com> <428.1579728908@localhost> <23472.1579746800@localhost>
X-Mailer: Apple Mail (2.3608.40.2.2.4)
X-Outbound-SMTP-Client: 10.61.103.205, dhcp-10-61-103-205.cisco.com
X-Outbound-Node: aer-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/mud/hCDNwPAxwiXAytPLNwlrX9ZUd7U>
Subject: Re: [Mud] how to increase trust in MUD URL
X-BeenThere: mud@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Manufacturer Ussage Descriptions <mud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mud>, <mailto:mud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mud/>
List-Post: <mailto:mud@ietf.org>
List-Help: <mailto:mud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mud>, <mailto:mud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 07:49:04 -0000

Hi Michael,

> On 23 Jan 2020, at 03:33, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> 
> 
> Maybe the file could have something assertive, like: "bad bad, do not run,
> quarantine now" as flag?
> 


If the MUD file itself contains an error that overexposes a vulnerable device, it seems to me that the proper course of action is simply to post a correction that will get picked up sometime after the cache-validity period expires.

As to your other question: what if the MUD file can’t be reached?  The general answer is simple: keep doing what you were doing.  Don’t change policies because you can’t get to the mud file server.  That’s just asking for a boot to the head.  If the device never had a MUD file, you would have some default handling.  If it already had a mud file, then you have some policy to go with.

So suppose the device has a bad mud file, and the attacker tries to block the file server.  At that point, the device is vulnerable, but the fact that the file is not accessible, particularly if it is not accessible for some period of time, is probably something that is worthy of attention.  Did it become unavailable because of an attack, or did it become unavailable because the maker went out of business?

Is it the administrator or the mud file manager that should attend to this?  Could be either, but over the long run you would rather it be the latter, with some back end support.

Eliot

v2.23.0 | Report a Bug | By Email