Re: [OPSAWG] [secdir] Secdir early review of draft-ietf-opsawg-mud-iot-dns-considerations-03
Michael Richardson <mcr+ietf@sandelman.ca> Mon, 28 March 2022 22:18 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD5393A19A4; Mon, 28 Mar 2022 15:18:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b3lSpealfoef; Mon, 28 Mar 2022 15:18:47 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00:e000:2bb::1]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C35283A199F; Mon, 28 Mar 2022 15:18:46 -0700 (PDT)
Received: from dooku.sandelman.ca (unknown [75.98.19.151]) by relay.sandelman.ca (Postfix) with ESMTPS id 293011F45E; Mon, 28 Mar 2022 22:18:44 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id BBE0A1A0215; Tue, 29 Mar 2022 00:18:41 +0200 (CEST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Ben Schwartz <bemasc@google.com>, opsawg <opsawg@ietf.org>, mud@ietf.org
In-reply-to: <CAHbrMsDZizpDAVXX-BhKo15p7N0kAa3mhwujO=emU2aWmRsupQ@mail.gmail.com>
References: <164661249505.9085.15140248784912063860@ietfa.amsl.com> <1C625713-898F-48D2-97E6-83B23893D3FA@heapingbits.net> <CAHbrMsATaT9SBveN94YP=Sr3Z5L9uE8cH=hMm022QkYjnHuDhw@mail.gmail.com> <81b54118-a080-b09f-3591-d303b8b6e2ec@sandelman.ca> <CAHbrMsDZizpDAVXX-BhKo15p7N0kAa3mhwujO=emU2aWmRsupQ@mail.gmail.com>
Comments: In-reply-to Ben Schwartz <bemasc@google.com> message dated "Mon, 28 Mar 2022 19:00:59 -0000."
X-Mailer: MH-E 8.6+git; nmh 1.7.1; GNU Emacs 26.3
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Mon, 28 Mar 2022 18:18:41 -0400
Message-ID: <113677.1648505921@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/RDTkiXOCKjnKQt-wqpbRxw2cz60>
Subject: Re: [OPSAWG] [secdir] Secdir early review of draft-ietf-opsawg-mud-iot-dns-considerations-03
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2022 22:18:52 -0000
Ben Schwartz <bemasc@google.com> wrote: > Local SOCKS5 proxies are conventionally discovered via WPAD [1], which > returns a PAC file [2]. I'm no great fan of WPAD, but it is widely > implemented in browsers and OSes. Yeah, that's not going to fly. } [1] https://datatracker.ietf.org/doc/html/draft-ietf-wrec-wpad-01 1) draft-ietf-wrec-wpad is a 22 year old ID which specifies use of a private-use DHCP option (252). While one think one can get away with an SRV entry, that requires local DNS to be working, which is exactly the kind of thing that IoT manufacturers are having trouble relying upon. (Yes, if a MUD controller is present, we can expect local DNS to be more reliable, but it is exactly in the opposite case that there is concern) 2) Once you find the CFile, according to the URL you dug up (Thank you. The link in the 22 year old ID is long dead) > https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file The PAC file is javascript? -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [OPSAWG] Secdir early review of draft-ietf-opsawg… Christopher Wood via Datatracker
- Re: [OPSAWG] [secdir] Secdir early review of draf… Christopher Wood
- Re: [OPSAWG] [secdir] Secdir early review of draf… Ben Schwartz
- Re: [OPSAWG] [secdir] Secdir early review of draf… Michael Richardson
- Re: [OPSAWG] [secdir] Secdir early review of draf… Ben Schwartz
- Re: [OPSAWG] [secdir] Secdir early review of draf… Michael Richardson
- Re: [OPSAWG] [secdir] Secdir early review of draf… Ben Schwartz
- Re: [OPSAWG] [secdir] Secdir early review of draf… Independent Submissions Editor (Eliot Lear)
- Re: [OPSAWG] [secdir] Secdir early review of draf… Eliot Lear
- Re: [OPSAWG] [secdir] Secdir early review of draf… Michael Richardson