[OPSAWG] (Also Ben Campbell's and Alexey's) Re: Spencer Dawkins' Yes on draft-ietf-opsawg-mud-20: (with COMMENT)
Eliot Lear <lear@cisco.com> Tue, 17 April 2018 06:43 UTC
Return-Path: <lear@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F11812EAEE; Mon, 16 Apr 2018 23:43:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.509
X-Spam-Level:
X-Spam-Status: No, score=-14.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8HHlkDyfuNQo; Mon, 16 Apr 2018 23:43:41 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3075D12EADE; Mon, 16 Apr 2018 23:43:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=28089; q=dns/txt; s=iport; t=1523947420; x=1525157020; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to; bh=jfxCcmnvZolDwTz7tLYYPyO+bBD8WAh5W3bt9rq6C3w=; b=m7TgHBK4g+m+pjImkM8VFgM2/Hn61ePHl4mLvcaVRJvx5mL0dGTTRnA4 jsJDcDglDR00DfoQMYanGQwz9LdEaoK3PArPCpkhRepkR+YR7/vQ6p+va k/mjBx1E021Z5ZiYc2uACHS4mp563TswKECXqcH+HOc2br2J0recrJ8eU M=;
X-Files: signature.asc : 488
X-IronPort-AV: E=Sophos;i="5.48,462,1517875200"; d="asc'?scan'208,217";a="3229849"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Apr 2018 06:43:38 +0000
Received: from [10.61.91.30] (ams3-vpn-dhcp6943.cisco.com [10.61.91.30]) by aer-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id w3H6hbl3031810; Tue, 17 Apr 2018 06:43:37 GMT
To: Spencer Dawkins <spencerdawkins.ietf@gmail.com>, The IESG <iesg@ietf.org>
Cc: draft-ietf-opsawg-mud@ietf.org, Joe Clarke <jclarke@cisco.com>, opsawg-chairs@ietf.org, opsawg@ietf.org
References: <152390575517.19640.3919526636067910532.idtracker@ietfa.amsl.com>
From: Eliot Lear <lear@cisco.com>
Openpgp: preference=signencrypt
Autocrypt: addr=lear@cisco.com; prefer-encrypt=mutual; keydata= xsBNBFMe1UQBCADdYOS5APDpIpF2ohAxB+nxg1GpAYr8iKwGIb86Wp9NkK5+QwbW9H035clT lpVLciExtN8E3MCTPOIm7aITPlruixAVwlBY3g7U9eRppSw9O2H/7bie2GOnYxqmsw4v1yNZ 9NcMLlD8raY0UcQ5r698c8JD4xUTLqybZXaK2sPeJkxzT+IwupRSQ+vXEvFFGhERQ88zo5Ca Sa1Gw/Rv54oH0Dq2XYkO41rhxQ60BKZLZuQK1d9+1y3I+An3AJeD3AA31fJZD3H8YRKOBgqe ILPILbw1mM7gCtCjfvFCt6AFCwEsjITGx55ceoQ+t5B5XGYJEppMWsIFrwZsfbL+gP31ABEB AAHNJUVsaW90IExlYXIgPGxlYXJAb2Zjb3Vyc2VpbXJpZ2h0LmNvbT7CwHsEEwECACUCGwMG CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJTHtXCAhkBAAoJEIe2a0bZ0nozBNoH/j0Mdnyg CgNNmI4DyL9mGfTJ/+XiTxWXMK4TTszwwn/tsXjyPQWjoO6nYqz5i96ItmSpkelSGVpzU+LK LQxSjFeUvKw23bp1rVecfGR+OENSE1m6KfFj3vtzQOZ2/FgK210MWnlYNNyAHX6Pf6hKInTP v6LbZiAQMCmf0aPvRbk/aPSNJAuIKrLrrCgAlwelrTavFsSwnKI3dhSG8DJ9+z/uiXDiHYra Ub3BKp5K/x71Zd8hUsWm2simnE/6HvZaZz7CC29JSZ/5gGtNB3OMNKLzLWUbQacF3IKxpW66 ZFYFYnlBV4jRnKlmb40YcEXWVJkkVC8g+/J9Qo6R8BdmSTXOwE0EUx7VRAEIALRZXth1u/3n FgY+G2FN0KEEik+2Xsk8JX9zr/eISa+Ol8a4U1orgxpyP2V7bQQDkDUEfs+Asagc6I8zrk3K xGln3pFFVfdM18uaEYwWvmE84Y12r7FwYdW62bA9X1Ttsp5Q1GI8XHdh0SQTF12pXYTwWW1P THYVIp7bGzM88cHqBW0xyRflu4j2nUrd9tWFd28SRxhj+MHQkQkbKFLloRty3lwdS8MCRPzX 9gUrkl+DxFHC7WrW3Vi4glI5YBlD0n2hSyDoP1GkKVT60gUGh7eJOnUBR8lzKm5wYqAtgq2m 79rKBylA40diRhbnTTeY+ytqMWFF5UXm97Jwxsezi7kAEQEAAcLAXwQYAQIACQUCUx7VRAIb DAAKCRCHtmtG2dJ6M5K5CADbunatgHsqHbR3KbpXxzralakEcdODGv/fbN6/EdKJeXrG9QKD lPxZTB9STw6+ANwESsr9uUMAxdDNKDeynjnQmFHxGdcdcXlnPZPThfseeUhUkbB/YKOfDIQA kKozNoKYj6Dcia+D/wvifIEW+GUUcO/6Qi8yK6PLJyM8C7vHEqmUGzX8gTCYOgAyOd4WZrC9 95CfB0yFIorw+MpK7MZTm5SbGPcYF9Gq9MzSqmaEw8U6YOElKYfnkcsCTLYyWaolhck+3/0R 9ISEWK5rUzqAuK40S4+Sn7yNycdCoqvQh4e3xSpzAu3aYZ8jKXQVV0X2G9Y+M1HMZuCqhPUO LTdF
Message-ID: <4218241e-f2d6-ad81-34df-0e538510c70b@cisco.com>
Date: Tue, 17 Apr 2018 08:43:36 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <152390575517.19640.3919526636067910532.idtracker@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="2suv3lMZbqwbOnpveteNBpUC35wA3t0Qj"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/7E9xtdqCiz59fYH91wjMYNOkvuE>
Subject: [OPSAWG] (Also Ben Campbell's and Alexey's) Re: Spencer Dawkins' Yes on draft-ietf-opsawg-mud-20: (with COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Apr 2018 06:43:45 -0000
Responding to Spencer, Ben, and Alexy (in order). On 16.04.18 21:09, Spencer Dawkins wrote: > Spencer Dawkins has entered the following ballot position for > draft-ietf-opsawg-mud-20: Yes > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-opsawg-mud/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I'm a Yes who's watching Discussions with other ADs, but that's still a Yes. > Thanks for doing this work. > > I do have some questions and comments. > > I don't think this requires any changes to the current document, but I note that > > 3.15. direction-initiated > > When applied this matches packets when the flow was initiated in the > corresponding direction. [RFC6092] specifies IPv6 guidance best > practices. While that document is scoped specifically to IPv6, its > contents are applicable for IPv4 as well. When this flag is set, and > the system has no reason to believe a flow has been initiated it MUST > drop the packet. This node may be implemented in its simplest form > by looking at naked SYN bits, but may also be implemented through > more stateful mechanisms. > > it's not clear that "looking at naked SYN bits" will have an analogy in HTTP/2 > over QUIC, and I'm a bit suspicious of "may also be implemented through more > stateful mechanisms" in 2018. Do the right thing, of course. I proposed a clarification: direction initiated is a TCP element. > > Does > > 3.5. is-supported > > This boolean is an indication from the manufacturer to the network > administrator as to whether or not the Thing is supported. In this > context a Thing is said to not be supported if the manufacturer > intends never to issue an update to the Thing or never update the MUD > file. A MUD controller MAY still periodically check for updates. > > ever mean anything except "is-updated"? Mostly that what it means, but the implication is that there's no support, and enterprise administrators in particular might want to know that (usually they do- because those devices represent a particular risk). > "Supported" covers a lot of ground … > > If a manufacturer sells off one product line (so, flobbidy.example.com covered > multiple product lines, but now flobbidy.example.com/mark1/lightbulb will be > maintained by a manufacturer that isn't flobbidy.example.com), is there a good > plan for what comes next? I'm not sure what happens to is-supported, for > instance. The intent is that the entity providing the MUD file (probably the manufacturer) will not be issuing software/firmware updates or MUD file updates. But your point is more about device lifecycle, and that's a more interesting question than just "is-supported". Steve Rich and Thorsten Dahm have begun to delve in that direction. There are at least a few possibilities, such as the use of redirects, or even domain names that are used for particular classes of devices, or even common repos. More work needed. > > I'm sensitive to Eliot's "walk before trying to run" comment on another ballot > thread, but I'm thinking that > > 3.11. model > > This string matches the entire MUD URL, thus covering the model that > is unique within the context of the authority. It may contain not > only model information, but versioning information as well, and any > other information that the manufacturer wishes to add. The intended > use is for devices of this precise class to match, to permit or deny > communication between one another. > > might usefully result in a BCP about naming models, after the community has > some experience with MUD. So, that's not intended to affect the current draft > text, only the working group that produced it ;-) > > And, double ;-) ;-) but I wrote that before I saw this text in Section 14: > > A caution about some of the classes: admission of a Thing into the > "manufacturer" and "same-manufacturer" class may have impact on > access of other Things. Put another way, the admission may grow the > access-list on switches connected to other Things, depending on how > access is managed. Some care should be given on managing that > access-list growth. Alternative methods such as additional network > segmentation can be used to keep that growth within reason. > > So, when people know enough to describe best practices, I hope they do. > Thanks, Spencer. We're just getting going. Now to Ben: > §1.6, 2nd paragraph: Why is the SHOULD not a MUST? Because at this stage there is only one encoding and no source of confusion as to what is returned, and the people implementing this stuff are getting their feet wet. If they're using a service that simply doesn't include the right Accept: header, and the right thing can still happen, let's let that happen. > > §1.8, 4th paragraph: "The web server is typically run by or on behalf of the > manufacturer. > Its domain name is that of the authority found in the MUD URL. " > > These URLS are likely to be hardcoded, correct? This seems to point to > operational considerations, especially around Thing lifecycle and ownership. Indeed. It's captured in Security Considerations, but we can place a forward pointer there. > > Editorial/Nits: > > Abstract: I'm not sure the use of the term "Things" will be obvious to a reader > of the abstract in isolation from the rest of the document. (Abstracts should > be able to stand alone.) EKR beat you to it. Change proposed. > > §1.1 : first paragraph: The idea that a Thing might have highly restricted > communication patterns seems core to the document. It would be helpful to > mention that earlier in §1. I think EKR beat you to this one as well ;-). Change proposed. > §1.3, definition of "Manufacturer": The definition says that "Manufacturer" may > not necessarily be the entity that constructed the Thing. But that's the plain > English meaning of the word "manufacturer". If you don't want it to mean that, > please consider choosing a different term. ( for example, "authority") This one's harder to change, and authority has its own ambiguities. > > §1.4: "... we assume that a device has so few > capabilities that it will implement the least necessary capabilities > to function properly." > > That's a bit circular. Perhaps one of the two instances of "capabilities" > should have been "requirements"? How about: > In seeking a general > solution, however, we assume that a device will implement > functionality necessary to fulfill its limited purpose. > > §1.8 4th paragraph: The 2nd (and last) sentence is a comma splice, and > otherwise difficult to parse. That is a mouthful. Propose: > The web server is typically run by or on behalf of the manufacturer. > Its domain name is that of the authority found in the MUD URL. For > legacy cases where Things cannot emit a URL, if the switch is able to > determine the appropriate URL, it may proxy it. In the trivial case > it may hardcode MUD-URL on a switch port or a map from some > available identifier such as an L2 address or certificate hash to a > MUD-URL. > > §1.9, list item 7: are we talking about transient disconnect or permanent > removal? Could be either. The only difference between the two is that at some point someone has to CRUD the thing out of a database somewhere. > > §2: "A MUD file consists of a YANG model ..." > A model instance, right? That is, not the model itself? Indeed. > > §3.8, 2nd sentence: Consider reformulating this as a construction of MUST. I think that's fair, and propose to change it to the following: > Note that MUD extensions MUST NOT be used in a MUD file without > the extensions being declared. Implementations MUST ignore any node > in this file that they do not understand. > > §4: The idea of a "default" in bullet 2 seems in tension with the idea of > "Anything not explicitly permitted is forbidden" in bullet 1. Maybe so, but the intent here is that a great many devices are going to be making use of DNS and NTP, and that not listing them in a MUD file is more likely to lead to mistakes, rather than accidentally listing them. > > §14: Please define the concept of "east-west infection". > Propose "lateral infection" with a parenthetical definition. On to Alexey: > 16.4. MIME Media-type Registration for MUD files > > The following media-type is defined for transfer of MUD file: > > o Type name: application > o Subtype name: mud+json > o Required parameters: n/a > o Optional parameters: n/a > o Encoding considerations: 8bit; application/mud+json values > are represented as a JSON object; UTF-8 encoding SHOULD be > employed. > > I am tempted to say "MUST be UTF-8 encoded". In this day and age I think that sounds correct. I personally have no objections. > > o Security considerations: See Security Considerations > of this document. > o Interoperability considerations: n/a > o Published specification: this document > > Nit: IANA Media Type registration templates need to have fully qualified > references. Use "[RFCXXXX]" instead of "this document" here, so that when the > RFC is published, the registration template can be posted to IANA website and > will have correct reference. Ok > > o Applications that use this media type: MUD controllers as > specified by this document. > > As above. Ok > > o Fragment identifier considerations: n/a > o Additional information: > > Magic number(s): n/a > File extension(s): n/a > Macintosh file type code(s): n/a > > o Person & email address to contact for further information: > Eliot Lear <lear@cisco.com>, Ralph Droms <rdroms@cisco.com> > > I think Ralph's address is wrong in 2 places. Corrected. > > o Intended usage: COMMON > o Restrictions on usage: none > o Author: > Eliot Lear <lear@cisco.com> > Ralph Droms <rdroms@cisco.com> > o Change controller: IESG > o Provisional registration? (standards tree only): No. > > UTF-8 needs to be a Normative reference (RFC 3629). > Ok. Thanks, all. Eliot
- [OPSAWG] Spencer Dawkins' Yes on draft-ietf-opsaw… Spencer Dawkins
- [OPSAWG] (Also Ben Campbell's and Alexey's) Re: S… Eliot Lear
- Re: [OPSAWG] (Also Ben Campbell's and Alexey's) R… Spencer Dawkins at IETF
- Re: [OPSAWG] (Also Ben Campbell's and Alexey's) R… Eliot Lear