Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-acceptable-urls-09
Michael Richardson <mcr+ietf@sandelman.ca> Mon, 12 February 2024 14:36 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 859E5C151081; Mon, 12 Feb 2024 06:36:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.407
X-Spam-Level:
X-Spam-Status: No, score=-4.407 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g3hypxMWYw7D; Mon, 12 Feb 2024 06:36:23 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15E54C14F6A5; Mon, 12 Feb 2024 06:36:17 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 084163898B; Mon, 12 Feb 2024 09:36:16 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id NMw4UC8JFsWK; Mon, 12 Feb 2024 09:36:15 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 2D75438988; Mon, 12 Feb 2024 09:36:15 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1707748575; bh=cJz2X2WV/m5WTiV3qhH2tlq+Nr1TNzTd6ou1KPmJcy8=; h=From:To:cc:Subject:In-Reply-To:References:Date:From; b=W0ONEe/cRu7yYJLgfWNfuyAIdB4oToOqZ/BdaCxD5KNtAY+Hne0Al1VVaCBkhugNi Hcc2gBYhiC845285vqYsFV+ZmqskN2es3zW+8j3a6f5yIJtb0BBEgWIuplOXEg/VQm HxsJbCvCDSZRenMFO6s6ZjUdZzt2UNyN87DW3nTmZgL0FmeZZh7L5hqgvo98xXp3vG cPvj2XokiFL6ZNK9iUJShGp16RPfs72HWjIQLyiDdTZ/7i4mys3HSlWmYldRlxeDsk FmsrUl/Exz16zZNqM7fLEK1XA92XhXz8PA6VNSVw/KUc7/kUMZOxwUqdDyW0jc6man 4tW++PKHw6jEA==
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 22F2A49; Mon, 12 Feb 2024 09:36:15 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Rob Wilton (rwilton)" <rwilton@cisco.com>
cc: "draft-ietf-opsawg-mud-acceptable-urls.all@ietf.org" <draft-ietf-opsawg-mud-acceptable-urls.all@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>, Mahesh Jethanandani <mjethanandani@gmail.com>
In-Reply-To: <LV8PR11MB85364284DFB7DA9DEE64A8E5B5482@LV8PR11MB8536.namprd11.prod.outlook.com>
References: <LV8PR11MB8536F7B2D68E55E8B1A6AFAFB5472@LV8PR11MB8536.namprd11.prod.outlook.com> <18330.1707269152@obiwan.sandelman.ca> <LV8PR11MB85364284DFB7DA9DEE64A8E5B5482@LV8PR11MB8536.namprd11.prod.outlook.com>
X-Mailer: MH-E 8.6+git; nmh 1.8+dev; GNU Emacs 28.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Mon, 12 Feb 2024 09:36:15 -0500
Message-ID: <25096.1707748575@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/UtZc7809BjDE0PAXBCV-Ky7ZNIg>
Subject: Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-acceptable-urls-09
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Feb 2024 14:36:28 -0000
I had to go full on gmail/html to actually see what your comments were. Readers in the archive might be lost, and I hope my reply highlights all of your comments. Rob Wilton (rwilton) <rwilton@cisco.com> wrote: >> Perhaps change: This is contrasted with ... => This contrasts this >> with an alternative situation where the vehicle is parked at, for >> instance, a remote cabin, where an upgrade failure could cause a much >> greater inconvenience. mcr> Changed to: mcr> } A vehicle owner may desire only to perform software upgrades when mcr> they are } at their residence. Should there be a problem, they could mcr> make alternate } arrangements for transportation. } This contrasts mcr> with an alternative situation where the vehicle is parked } at, for mcr> instance, a remote cabin, where an upgrade failure could cause a much mcr> } greater inconvenience. mcr> It's sad that this is no longer a hypothetical situation :-( RW> Thanks. I’ve noticed that I proposed text uses where … where. I RW> hence, I suggest changing the second one to “and where”. Added "and where an upgrade failure..." >> (14) p 5, sec 4.1. Leveraging the manufacturer signature The trust >> and acceptance of the first signer may come from many sources, for >> example, it could be manual configured to trust which signer, or using >> the IDevID mechanism for the first MUD URL and the signer of the >> corresponding MUD file is more trustworthy, or the MUD controller can >> use a Trust on First Use (TOFU) mechanism and trusts the first signer >> by default. >> "... manual configured to trust which signer" doesn't scan well. >> Perhaps something like "... manually configured to trust particular >> signers, or, as a more trustworthy approach, use the IDevID mechanism >> for the first MUD URL and as the signed of the corresponding MUD file, >> "? mcr> I've rewritten it slightly. I think that the signer can only be TOFU mcr> if the URL came from a trusted source, such as IDevID. But, a URL mcr> that came from an untrusted source could be acceptable if the signer mcr> is from a configured trust anchor. mcr> https://github.com/IETF-OPSAWG-WG/draft-ietf-opsawg-mud-acceptable-urls/commit/7841c7c RW> Okay, but please tweak “The first signature be Trust” to “The first RW> signature could be Trust” in the last changed sentence. now reads: } The trust and acceptance of the first signer may come from many sources. } The first signature could be from a manually configured trust anchor in the MUD controller. } The first signature could be Trust on First Use (TOFU), with the URL coming } from a trusted IDevID certificate. >> Grammar warnings from tooling: >> Grammar Warnings: Section: 3.1, draft text: It is probably undesirable >> to perform any upgrade to an airplane outside of its service facility. >> Warning: This phrase is redundant. Consider using outside. Suggested >> change: "outside" mcr> I don't get this suggestion. RW> The suggestion is to use “outside the RW> service facility” rather than “outside of …” Thanks, Rob Now reads: } It is probably undesirable to perform any upgrade to an airplane outside the service facility. As the changes are really minor I will post a new version when I receive those DISCUSS comments. -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- [OPSAWG] AD review of draft-ietf-opsawg-mud-accep… Rob Wilton (rwilton)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-a… Michael Richardson
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-a… Rob Wilton (rwilton)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-a… Michael Richardson