[OPSAWG] ietf-opsawg-mud-iot-dns-considerations-02 -- comments from IETF111 meeting
Michael Richardson <mcr+ietf@sandelman.ca> Mon, 25 October 2021 21:01 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17A893A08B0 for <opsawg@ietfa.amsl.com>; Mon, 25 Oct 2021 14:01:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8V1ALKsrKzvR for <opsawg@ietfa.amsl.com>; Mon, 25 Oct 2021 14:01:01 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB2BF3A086D for <opsawg@ietf.org>; Mon, 25 Oct 2021 14:00:45 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 5847718222 for <opsawg@ietf.org>; Mon, 25 Oct 2021 17:01:42 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id I1lxB-u9vlI3 for <opsawg@ietf.org>; Mon, 25 Oct 2021 17:01:41 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id AD8DF18039 for <opsawg@ietf.org>; Mon, 25 Oct 2021 17:01:41 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 99D3D5B for <opsawg@ietf.org>; Mon, 25 Oct 2021 17:00:41 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
to: opsawg@ietf.org
In-Reply-To: <6c1f0b50-9242-189e-7cb9-24c9dbbc0940@sandelman.ca>
References: <162604928175.19426.14738124348336323538@ietfa.amsl.com> <6c1f0b50-9242-189e-7cb9-24c9dbbc0940@sandelman.ca>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Mon, 25 Oct 2021 17:00:41 -0400
Message-ID: <16676.1635195641@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/GsHmUEskGJXSZR5RsMKlDVpEpEc>
Subject: [OPSAWG] ietf-opsawg-mud-iot-dns-considerations-02 -- comments from IETF111 meeting
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Oct 2021 21:01:06 -0000
Michael Richardson <mcr+ietf@sandelman.ca> wrote: > On 2021-07-11 8:21 p.m., internet-drafts@ietf.org wrote: >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. This draft is a work item of the Operations and >> Management Area Working Group WG of the IETF. >> >> Title : Operational Considerations for use of DNS in IoT devices >> Authors : Michael Richardson Wei Pan > Hi, I was reviewing this document to determine what, if any, update I > needed to make before today's ID deadline. We talked about this > document at IETF111, my presentation is at: > https://datatracker.ietf.org/meeting/111/materials/slides-111-opsawg-operational-considerations-for-use-of-dns-in-iot-devices-00 > The video for this document from IETF111 is at: > https://youtu.be/wKHtWF- CdxY?t=4407 ... > My recommendation is that we simply advise that manufacturers just > shouldn't do geofenced things in MUD files. There is has been no > discussion, but also no discussion about this. I would appreciate > someone to disagree with me here. Eliot's push back was that somehow the local MUD controller environment needs to fix this. I went back again to the video and listened to Eliot's words: 1) DNSOP may not like some of the things that actually get done to deal with this. 2) One of the things that get done is that queries can be intercepted in the network, and then one deals with the response, and record that. 3) one manages things ... be conservative about cache time outs. 4) What's important for the client (the device), is that if the connection breaks then they retry the query, and not just the attempt to the same address. 5) the other issue (discussed on list), if there is more complete integration between the nameserver and the access control function in the network, then this issue is obviated. MCR: all of this is good suggestion, breaks for DNS over HTTPS. Once of the advice is that they really shouldn't do that. Eliot agrees with this point. I think that in the document posted that it says this already. -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- [OPSAWG] I-D Action: draft-ietf-opsawg-mud-iot-dn… internet-drafts
- Re: [OPSAWG] I-D Action: draft-ietf-opsawg-mud-io… Michael Richardson
- [OPSAWG] ietf-opsawg-mud-iot-dns-considerations-0… Michael Richardson