IETF Logo Mail Archive

Re: [OPSAWG] Comments on draft-lear-ietf-netmod-mud-02

Eliot Lear <elear@cisco.com> Fri, 10 June 2016 17:03 UTC

Return-Path: <elear@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F56B12D5B0; Fri, 10 Jun 2016 10:03:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.948
X-Spam-Level:
X-Spam-Status: No, score=-15.948 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C8Q0eGXrdLcX; Fri, 10 Jun 2016 10:03:55 -0700 (PDT)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E23D112D11A; Fri, 10 Jun 2016 10:03:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2260; q=dns/txt; s=iport; t=1465578235; x=1466787835; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=eq7JYEQG19OAJf6aZakVPNR/qE0vruB3vVJHyvb67Uw=; b=dWe+WAOYjdC77RK8iRRnHX9p2+BYTPPQZ8Lwv011+724uvjiy9tGSsnq Lm0He2TCYm66utHU5SJckMpaJXr5U4eWWdFK4GgDxaw7nOXmXyAWvEjQ4 lh/KI0s1a7KZfbJQ3zteGTfPygbNlJnl5J5BYIVAHOnS1FK2YNb7S8byH w=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CrBADf8VpX/xbLJq1eDoQGK7lnhAmCYIMzAoFlEQEBAQEBAQFlJ4RGAQEEI2YLGCoCAlcGAQwIAQGILK01kGABAQEBAQEEAQEBAQEBARIOhieBd4JWh0GCWgEEmF+DLoFpiRGJRIVcj2s0IIMzPTqKOgEBAQ
X-IronPort-AV: E=Sophos;i="5.26,451,1459814400"; d="asc'?scan'208";a="677654892"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Jun 2016 17:03:52 +0000
Received: from [10.61.103.52] (dhcp-10-61-103-52.cisco.com [10.61.103.52]) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id u5AH3q6F005993; Fri, 10 Jun 2016 17:03:52 GMT
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, Cullen Jennings <fluffy@iii.ca>, "opsawg@ietf.org" <opsawg@ietf.org>, "netmod@ietf.org" <netmod@ietf.org>
References: <20160610154838.18296913.36394.73505@ll.mit.edu>
From: Eliot Lear <elear@cisco.com>
Message-ID: <d40842ae-be86-b01c-0aed-1187c7113c6a@cisco.com>
Date: Fri, 10 Jun 2016 19:03:51 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <20160610154838.18296913.36394.73505@ll.mit.edu>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="ttoK74putASSqjjFb3KjVwexc9PmgM00m"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/A8RuiMymrJqvd2E8ldfO8kALE20>
Subject: Re: [OPSAWG] Comments on draft-lear-ietf-netmod-mud-02
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jun 2016 17:03:57 -0000

Hi Uri,

On 6/10/16 5:48 PM, Blumenthal, Uri - 0553 - MITLL wrote:
> Canonicalization is the way to avoid file content being mangled or represented differently by different (software) entities that try to create or verify digital signature over it. It doesn't matter if your file is binary or not. And CMS by itself won't save you either.‎ This problem (ensuring there is only one way to represent the contents of the file in question) is what you need to show that you solved.

I totally get it.  From a MIME perspective it'll be something like
application/mud+json, encoded in UTF-8, and transported accordingly
(HTTPS is 8-bit clean).  This is not going to be our problem.

Eliot

v2.23.0 | Report a Bug | By Email