IETF Logo Mail Archive

Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg-mud-iot-dns-considerations-05

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 24 January 2023 14:57 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8FA3C15152E for <opsawg@ietfa.amsl.com>; Tue, 24 Jan 2023 06:57:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7XNmdKhaE_bX for <opsawg@ietfa.amsl.com>; Tue, 24 Jan 2023 06:57:00 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69D5BC151527 for <opsawg@ietf.org>; Tue, 24 Jan 2023 06:57:00 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 1E2D53898F; Tue, 24 Jan 2023 10:26:31 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id U4llldJmSQDJ; Tue, 24 Jan 2023 10:26:30 -0500 (EST)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 799733898C; Tue, 24 Jan 2023 10:26:30 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1674573990; bh=B0BFjScT9bZmq86t0UetH2RvCGvia/sd/Ng51LnSV4A=; h=From:To:Subject:In-Reply-To:References:Date:From; b=ZvTal8JHMi9qheEIJUDEQKidscf496oX8B99+KVjdDDWZhH3Da7g7jrtG5jOt8GPm 7Me1KFvZwoTgkaPp0unOEBJUay2wJLbXmWQYAhJNvgt8IIzUOMgKNc6u9XTpWYE7xH avf8DFvk5LKrNHRwPxj4O6gIuykmo+MCFIWA1gYlxRyz711SM9pvrdjv9ijTV6B/oC 9KChDEPbRu0YKZjjejFrtbr9v89bshh8ZawvE/Y1tORDZ1rldK8JGinFFGxcItlIYp MKwW8igxFN4nmtjHfj9cYrEbkkDpt0zwoNou1pnvQ+FrKPK6Jpo7DFxhlYrL6qUrRl QzKCsABp55lWA==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id E3DB8156; Tue, 24 Jan 2023 09:56:58 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: tirumal reddy <kondtir@gmail.com>, opsawg <opsawg@ietf.org>
In-Reply-To: <CAFpG3gcGRMwQsMHAoKsYYNzrZ=FH=pacGWWJdhiHbNdev6+nsw@mail.gmail.com>
References: <fb4c37ad-870f-c462-c876-e85e38892c57@sit.fraunhofer.de> <CAFpG3ge2-Q1=zCbJud=Xrh8UG-vvomWfid8cJRoJYANgDGAuqQ@mail.gmail.com> <26470.1674407823@localhost> <CAFpG3gcGRMwQsMHAoKsYYNzrZ=FH=pacGWWJdhiHbNdev6+nsw@mail.gmail.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Tue, 24 Jan 2023 09:56:58 -0500
Message-ID: <14183.1674572218@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/70tKWWjz-8zVKmKcNFZ-p4E3Gd4>
Subject: Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg-mud-iot-dns-considerations-05
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jan 2023 14:57:05 -0000

tirumal reddy <kondtir@gmail.com> wrote:
    > Agreed. My suggestion is to update the text as follows:

    > In TLS 1.3 with or without the use of ECH, middlebox cannot rely on SNI
    > inspection because a malware could lie about the SNI and middlebox without
    > acting as a TLS proxy does not have visibility into the server
    > certificate.

Inserted, at:
   https://github.com/IETF-OPSAWG-WG/draft-ietf-opsawg-mud-iot-dns-considerations/commit/36538767d4e2ed935bd52ed0f2d19f7bac879bba

    >> Is this still the right reference?  It seems that section 4 is still
    >> correct.
    >>

    > No, you will have to refer to DDR
    > (https://datatracker.ietf.org/doc/draft-ietf-add-ddr/) and DNR
    > (https://datatracker.ietf.org/doc/draft-ietf-add-dnr/).
    > The draft ietf-add-split-horizon-authority is specific to establishing
    > local DNS authority in Split-Horizon Environments. I don't think it is
    > relevant to this document.

I have removed the second sentence/reference, and also the reference to
peterson-doh-dhcp. I think that the existing DNR reference is enough.

https://author-tools.ietf.org/iddiff?url1=draft-ietf-opsawg-mud-iot-dns-considerations-07&url2=draft-ietf-opsawg-mud-iot-dns-considerations-08&difftype=--html

This is includes RFC9019 fix. Are there any other WGLC comments?



--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email