IETF Logo Mail Archive

Re: [netmod] [OPSAWG] Comments on draft-lear-ietf-netmod-mud-02

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Fri, 10 June 2016 17:14 UTC

Return-Path: <prvs=5969d97238=uri@ll.mit.edu>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A80A412D821; Fri, 10 Jun 2016 10:14:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.625
X-Spam-Level:
X-Spam-Status: No, score=-5.625 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gODerPHAuQVi; Fri, 10 Jun 2016 10:14:34 -0700 (PDT)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) by ietfa.amsl.com (Postfix) with ESMTP id BCB0A12D81E; Fri, 10 Jun 2016 10:14:34 -0700 (PDT)
Received: from LLE2K10-HUB02.mitll.ad.local (LLE2K10-HUB02.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTP id u5AHC1iC041123; Fri, 10 Jun 2016 13:12:15 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Eliot Lear <elear@cisco.com>, Cullen Jennings <fluffy@iii.ca>, "opsawg@ietf.org" <opsawg@ietf.org>, "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: [OPSAWG] Comments on draft-lear-ietf-netmod-mud-02
Thread-Index: AdHDL4kpW8AS7YjqckuQ9S2y/iP9WwALA2mAAABRzwA=
Date: Fri, 10 Jun 2016 17:12:51 +0000
Message-ID: <20160610171236.18296913.45232.73529@ll.mit.edu>
References: <20160610154838.18296913.36394.73505@ll.mit.edu> <d40842ae-be86-b01c-0aed-1187c7113c6a@cisco.com>
In-Reply-To: <d40842ae-be86-b01c-0aed-1187c7113c6a@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="===============0278999567=="
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-06-10_11:, , signatures=0
X-Proofpoint-Spam-Details: rule=inbound_notspam policy=inbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1606100191
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/B3D04RkpIRE9G48REJhVco9Cca0>
Subject: Re: [netmod] [OPSAWG] Comments on draft-lear-ietf-netmod-mud-02
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jun 2016 17:14:37 -0000

Just "encoding" is not enough - it's *how exactly*‎ the file is encoded.

Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
  Original Message  
From: Eliot Lear
Sent: Friday, June 10, 2016 13:04
To: Blumenthal, Uri - 0553 - MITLL; Cullen Jennings; opsawg@ietf.org; netmod@ietf.org
Subject: Re: [OPSAWG] Comments on draft-lear-ietf-netmod-mud-02

Hi Uri,

On 6/10/16 5:48 PM, Blumenthal, Uri - 0553 - MITLL wrote:
> Canonicalization is the way to avoid file content being mangled or represented differently by different (software) entities that try to create or verify digital signature over it. It doesn't matter if your file is binary or not. And CMS by itself won't save you either.‎ This problem (ensuring there is only one way to represent the contents of the file in question) is what you need to show that you solved.

I totally get it. From a MIME perspective it'll be something like
application/mud+json, encoded in UTF-8, and transported accordingly
(HTTPS is 8-bit clean). This is not going to be our problem.

Eliot

v2.23.0 | Report a Bug | By Email