Re: [Mud] [Iotops] Fwd: New Version Notification for draft-morais-iotops-inxu-00.txt
Michael Richardson <mcr@sandelman.ca> Tue, 23 November 2021 09:43 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: mud@ietfa.amsl.com
Delivered-To: mud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A64003A05E2; Tue, 23 Nov 2021 01:43:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FL8ibQGIvcs4; Tue, 23 Nov 2021 01:43:08 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E52153A05AA; Tue, 23 Nov 2021 01:43:07 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id DEEEB1806E; Tue, 23 Nov 2021 04:45:50 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id JThDbQmFKBje; Tue, 23 Nov 2021 04:45:45 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id DF99A18016; Tue, 23 Nov 2021 04:45:44 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1637660744; bh=NMJPq0g+fphs2xGjICkN6QctT2sjyvq1O8sH69kY/VU=; h=To:Subject:In-reply-to:References:From:cc:Date:From; b=YNPYuRzCaHJP14FDGIIT0pud92l0cE1p7m6UEDfv3HbExBaC2EJvwGUx8F1kw7fN9 duYIssEFGO67tIInNobSCN8OC3rwObT3l76GW2fEB127CvK9pk3WPqSbC/jHA5q7iB jUk3hP/zJJyKL1kHEtp1skpBLQGnLk3B4xe4p4i8P0h9cb3usfraHFHFjXYTIZNVpt CMzxUDhgixZDj7JsJe0pGDgCu/FxuVoFhCVVptc0oUEKDaYp5aYxQO8fYqvQRfWGf5 VLefzPjMkBlsaeqIP6dLfGfdJYUPHpDOCLeIENJK6QIatd5UZvsHN6Q83KNQZOnFnM 5PHbPSqZIGIvw==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 979E9128B; Tue, 23 Nov 2021 04:42:57 -0500 (EST)
To: =?UTF-8?Q?S=C3=A1vyo_Morais?= <savyovm@gmail.com>, iotops@ietf.org, mud@ietf.org
In-reply-to: <CAGJRHzBrtdvLUB0FuFP7BgvExkwAK5KaQwcaBc1zjn9B2WJpdQ@mail.gmail.com>
References: <163759345909.25982.6148538891904763496@ietfa.amsl.com> <CAGJRHzBrtdvLUB0FuFP7BgvExkwAK5KaQwcaBc1zjn9B2WJpdQ@mail.gmail.com>
Comments: In-reply-to =?UTF-8?Q?S=C3=A1vyo_Morais?= <savyovm@gmail.com> message dated "Mon, 22 Nov 2021 12:14:45 -0300."
X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 26.3
From: Michael Richardson <mcr@sandelman.ca>
cc: iot-wg@ripe.net
X-Attribution: mcr
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Tue, 23 Nov 2021 04:42:57 -0500
Message-ID: <11174.1637660577@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/mud/pcqNPsU34YCzRrXtY8LG5twATzU>
Subject: Re: [Mud] [Iotops] Fwd: New Version Notification for draft-morais-iotops-inxu-00.txt
X-BeenThere: mud@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Manufacturer Ussage Descriptions <mud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mud>, <mailto:mud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mud/>
List-Post: <mailto:mud@ietf.org>
List-Help: <mailto:mud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mud>, <mailto:mud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2021 09:43:14 -0000
Thank you for your interesting draft. I've CC'ed mud@ietf.org as well. {My first dyslexia induced thought is that INXU is close to NIXU, which some of us know as former Int-Area AD Pekka Nikkander's company... } There is some overlap here with DOTS. I'm not an expert on DOTS, so I can't say exactly, but I'm sure that the whole ISP talks to CPE model is in there. DOTS is more about offloading the traffic from the CPE device to the ISP... but according to what criteria, and this is where the MTD might help. Minor: There are some terms that you've used which might be translations which are uncommon in english: "short team" and also "TCP connection starter" I think you mean "small team", but I'm uncertain if there is a more subtle meaning. I think that "TCP connection starter" probably means "TCP initiator" (the end that sends the TCP SYN). I really like your draft. From what I can tell, your MTD isn't an extension to MUD, but rather an parallel object which looks very much like a MUD file, but is provided by an ISP or security team to a CPE to help it deal with an active attack. I wrote a document, https://datatracker.ietf.org/doc/draft-richardson-shg-un-quarantine/ that was about how a compromised device went back into order. It turned into a RIPE presentation at the IoT WG: I hoping that some of the ISPs would tell me what they are doing for communication among themselves. http://www.sandelman.ca/SSW/talks/ripe-iot-unquarantine2019/ ROLIE, SCAPv2, TAXI, STIIX were mentioned from some of the government/enterprise people, but apparently nobody was doing any of that as yet. Your work seems to overlap a bit with some of these. In the above deck, there is an auxiliar slide 51, where you see a "swifter API" which is essentially your MTD and MTD server. The SHG project (now defunct, alas) never implemented that part. Sávyo Morais <savyovm@gmail.com> wrote: > This is a draft we are proposing to append a security functionality to > MUD (RFC 8520) with a vulnerability management system for IoT networks > with a short security experts team. Hope you will appreciate this, and > please let us know about any suggestions, comments or corrections in > the document. > https://www.ietf.org/archive/id/draft-morais-iotops-inxu-00.html > Abstract: This document proposes the Intra-Network eXposure analyzer > Utility (INXU) as a vulnerability management solution for IoT networks. > The goal of INXU is to extend the functions of the RFC 8520 and support > a Security Experts Team on protecting multiple heterogeneous IoT > networks, even when there is a few or none private information of the > networks. > INXU identifies and analyzes the capability of an IoT device being > exploited by an well known malicious activity. We also propose the > Malicious Traffic Description (MTD), a data-model to describe traffic > related to malicious activities.
- Re: [Mud] [Iotops] Fwd: New Version Notification … Michael Richardson
- Re: [Mud] [Iotops] Fwd: New Version Notification … Sávyo Morais