Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-opsawg-mud-iot-dns-considerations-12: (with DISCUSS and COMMENT)
Michael Richardson <mcr+ietf@sandelman.ca> Thu, 07 March 2024 22:18 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71ABFC14F5ED; Thu, 7 Mar 2024 14:18:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MnPiacCyCAAW; Thu, 7 Mar 2024 14:18:20 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2BD6C14F5E8; Thu, 7 Mar 2024 14:18:19 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 5701B3898B; Thu, 7 Mar 2024 17:18:18 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id emVm3jmIfGf7; Thu, 7 Mar 2024 17:18:17 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 16BC138988; Thu, 7 Mar 2024 17:18:17 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1709849897; bh=24Dt7sxDaO3Wv5uQ1s25PJv/kbM9eK1AvTR5dRufzAg=; h=From:To:cc:Subject:In-Reply-To:References:Date:From; b=j4CkAe5JvpL5nMJvmc4Pu/QmoCgQwWkiEQ8nxujXOcZzoITGQWzshTkhbdf28cXm4 8Jlros6GKxaHnOfn0Z65gj6bbMSadlpT4smQ9BxE2Zm5IqIrzudJ4JX98vuJ+0vXhi vF2rqFhik8My2mnKpcJ9bNBP1r6hYqnhCgZG4zIc4kdFn8l16ujXUcRvA6CF2PqLKL gS5w3azF0cmEn/a5u6RubL0OGqnLzahkSkJtP0Vt93koVL6jOAJ1DpODWjSkY9zRE5 cukRVZ2F6oe1+gqn8qvT9O9Iv2OiOC+1XOQ33XO8oJot9uUK7uFNO67V8Zmab5MpLp ybL9Pu/eDjnPA==
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 0C86E2CA; Thu, 7 Mar 2024 17:18:17 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Paul Wouters <paul.wouters@aiven.io>
cc: The IESG <iesg@ietf.org>, opsawg@ietf.org, opsawg-chairs@ietf.org, draft-ietf-opsawg-mud-iot-dns-considerations@ietf.org
In-Reply-To: <170965396439.28583.6698377789672832906@ietfa.amsl.com>
References: <170965396439.28583.6698377789672832906@ietfa.amsl.com>
X-Mailer: MH-E 8.6+git; nmh 1.8+dev; GNU Emacs 28.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 07 Mar 2024 17:18:17 -0500
Message-ID: <6148.1709849897@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/-E-MTYN3Uqik4hW9Hsd5y4LpuO0>
Subject: Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-opsawg-mud-iot-dns-considerations-12: (with DISCUSS and COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Mar 2024 22:18:26 -0000
Paul Wouters via Datatracker <noreply@ietf.org> wrote: > I unfortunately find this document very hard to understand. Overall, I think it > would do better to split out the use cases. It seems to conflate or mix three > distinct use cases: 1) A CPE with firewall+MUD-controller and an IoT MUD > client, 2) A CPE with firewall with separate MUD controller and IoT MUD client, > 3) An IoT device and a centralized enterprise MUD controller and centralized > enterprise firewalling. This then gets more complicated due to > different There are many ways to deploy IoT devices, but this document is not about any of the use cases for deploying IoT device. This document is about IoT devices themselves do (or other specific purpose devivces), and the MUD files that explain what kinds of limited access the devices themselves need. The abstract says: This document details concerns about how Internet of Things (IoT) devices use IP addresses and DNS names. There are many environments in which IoT devices might find themselves, and the document explains some ways in which MUD might be enforced. It does that so that manufacturers will understand the restrictions of the environments that they might find themselves. But it does not intend at any time attempt to make any of those methods definitive, or how to make them work. So I really have no idea how to respond to your DISCUSS. It's all about some different document as far as I can tell. More IESG members seem to have read your discuss comments rather than abstract for the document, that clearly the document needs to be rewritten. -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- [OPSAWG] Paul Wouters' Discuss on draft-ietf-opsa… Paul Wouters via Datatracker
- Re: [OPSAWG] Paul Wouters' Discuss on draft-ietf-… Michael Richardson