[netmod] Fwd: New Version Notification for draft-lear-ietf-netmod-mud-02.txt
Eliot Lear <lear@cisco.com> Tue, 07 June 2016 08:36 UTC
Return-Path: <lear@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1962D12B017; Tue, 7 Jun 2016 01:36:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.946
X-Spam-Level:
X-Spam-Status: No, score=-15.946 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nzkl4x6RCru1; Tue, 7 Jun 2016 01:36:32 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4014812D0E8; Tue, 7 Jun 2016 01:36:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12191; q=dns/txt; s=iport; t=1465288587; x=1466498187; h=references:subject:to:from:message-id:date:mime-version: in-reply-to; bh=AwZitKZJMUBwffn1QtowSvjJP7oNCvDXU+IU0llvFCU=; b=ZieqllbURsB9TKRrrIXv5yosOC/1YkaN9O7LUGC1X3Ihk0c0Aen4dB4i 6XnXMGG5t2lvDu4CqeWaKfyC/+XAXeQfTnDWF0VgEBPQ2lr7HjrWQLbjd TblYZu2L8geIGONGNP0SpH1bq3nxa0i3SDDV3v6uY89DOuehNGcZFuHFi s=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ArAgDShlZX/4MNJK1cgzxWK1K1aYR+gXkihXECgTo4FAEBAQEBAQFlJ4RGAgQjVBIPPgICTQoGAQwIAQGIKw6qEpEwAQEBAQEBAQEBAQEBAQEBAQEBARAOiB6CVodBglkFiAqFXIplgy6BaW2II4FqToQEgwmFW49eHjaDcDoyAYoOAQEB
X-IronPort-AV: E=Sophos;i="5.26,432,1459814400"; d="asc'?eml'208?scan'208,208,217";a="110585874"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 07 Jun 2016 08:36:26 +0000
Received: from [10.86.254.13] ([10.86.254.13]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id u578aOrJ002949; Tue, 7 Jun 2016 08:36:25 GMT
References: <20160607082500.13784.77653.idtracker@ietfa.amsl.com>
To: netmod WG <netmod@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
From: Eliot Lear <lear@cisco.com>
X-Forwarded-Message-Id: <20160607082500.13784.77653.idtracker@ietfa.amsl.com>
Message-ID: <8ef1edcc-0d56-ea5f-90a9-4a64a025ba41@cisco.com>
Date: Tue, 07 Jun 2016 10:36:23 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <20160607082500.13784.77653.idtracker@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="eHgbguJeXkfRa9DRPLKHtEN1rFWHJIe5x"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/yYDcaQb-fcMHEO8Sh5YJh8bR9Uk>
Subject: [netmod] Fwd: New Version Notification for draft-lear-ietf-netmod-mud-02.txt
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2016 08:36:34 -0000
Hi everyone,
There is a new version of draft-ietf-lear-netmod-mud out there. In
discussions with various WG chairs it seems like the best approach is to
(a) consolidate the drafts a bit and (b) proceed in opsawg with this
work. That is what this draft does. Both the PKIX constraint and the
DHCP options are rolled in here. In addition, several other changes
have been made, a full list of which can be found in the appendix. Here
are few of the bigger ones (apart from the merge):
* This version changes the serialization from XML to JSON. Tooling is
definitely going in the direction of JSON. The initial reason for
XML is that it is commonly used by routers. We're pretty sure that
on the whole, this stuff won't be directly consumed by routers, and
those who do consume it can learn JSON ;-). Thanks to Cullen
Jennings for nudging in this direction.
* We now include a signature mechanism for the MUD files. It was
always the plan to do this. There were two choices: CMS/PKCS#7 or
JWS. Again for tooling's sake, so that people don't need to roll
their own, especially for anything security related, we've gone with
CMS and a detached signature at that. Thanks to John Bashinsky and
others for their advice on this. This area in particular could
stand close scrutiny.
* Per a suggestion from Mark Nottingham, we are now registering a MIME
application type. That registration is included in the IANA
considerations.
* The constraint X.509 specification specification has changed
somewhat based on advice from Tom Gindin.
* We've included a small number of additional elements in the model,
mostly around flow/packet directionality.
Comments and edits are very welcome!
Eliot
--- Begin Message ---A new version of I-D, draft-lear-ietf-netmod-mud-02.txt has been successfully submitted by Eliot Lear and posted to the IETF repository. Name: draft-lear-ietf-netmod-mud Revision: 02 Title: Manufacturer Usage Description Specification Document date: 2016-06-07 Group: Individual Submission Pages: 21 URL: https://www.ietf.org/internet-drafts/draft-lear-ietf-netmod-mud-02.txt Status: https://datatracker.ietf.org/doc/draft-lear-ietf-netmod-mud/ Htmlized: https://tools.ietf.org/html/draft-lear-ietf-netmod-mud-02 Diff: https://www.ietf.org/rfcdiff?url2=draft-lear-ietf-netmod-mud-02 Abstract: This memo specifies the necessary components to implement manufacturer usage descriptions (MUD). This includes a YANG model, IPv4 and IPv6 DHCP options, a URL suffix specification, an X.509 certificate extension and a means to sign and verify the descriptions. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat--- End Message ---
- [netmod] Fwd: New Version Notification for draft-… Eliot Lear
- Re: [netmod] [OPSAWG] Fwd: New Version Notificati… Blumenthal, Uri - 0553 - MITLL
- Re: [netmod] [OPSAWG] Fwd: New Version Notificati… Eliot Lear