Re: [OPSAWG] [Mud] changes to draft-richardson-opsawg-mud-iot-dns-considerations-03.txt

"Bentley, Taylor (IC)" <taylor.bentley@canada.ca> Thu, 24 September 2020 16:46 UTC

Return-Path: <prvs=529dd86a1=taylor.bentley@canada.ca>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA6F63A10DD; Thu, 24 Sep 2020 09:46:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.815
X-Spam-Level:
X-Spam-Status: No, score=-3.815 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.695, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=canada.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WIiC6EuloT7i; Thu, 24 Sep 2020 09:46:01 -0700 (PDT)
Received: from mx2.canada.ca (mx2.canada.ca [205.193.214.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB8643A10A9; Thu, 24 Sep 2020 09:45:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=canada.ca; i=@canada.ca; q=dns/txt; s=mx2; t=1600965958; x=1632501958; h=from:to:cc:subject:date:references:in-reply-to: content-transfer-encoding:mime-version; bh=kVwInMPN3N8SjvRyB4dKtn8e8iOP/7f6nmtp9cFdU2Y=; b=DvCOsT/ZQrSnK873R7nr4LijVWllVDmcK595hodOax2hGtB7IZZoiubl cAAGgSTlIyYdwidcCDDi6MmkHLjaAZXewdvrL9K2s4g3DqQDSb3s6iOWc fMgTLkJbaRvKgAnrrmsVH5rJd8eoQ6p+herptoxhDjIIuBOJWcFt/Va5X JwenP3DYw/ue9PRmNhV7h4PyJnD7NGWocZ5qGF3ke5ci/xqzSPHgiOKJg zFID1GOXucFUrxFCrEq9bsTC4vFXaCbN9Hx4a+vXj01EYVlFS6w3DwLTX gFEIIBbb+Mr7WVNwXaaqVnnre1zJZpx40PscMaYD2zOqRSGbcAI523jFo g==;
IronPort-SDR: W6b4+kmE9Z9iDSYyaW+6kJIT+H6SvKinCaQLSm1jNA6zSujWVVJKTRYLQ6M+Ajfg/9QfdCohmb gpjvtyfyXM557HAvsC5mGv3WKyJkAH9C5ZFftEQUTyWdi7c5Tw/NoV/nBcIOa/YPw7LtJdFyd8 XRoOl1Hf4CY71fJLqaglGxKHqI7vrvpZ3GoxI5CVoZv7PU6vS+Arw/kSRjelj4jGe9Zb51zP3c 6PKjt7dvYGizVf9bIKGznKmQsw3OOrG1qllbjIkcq8AC4LClUgzVZtqyU+pLpMA1mzctY5MgsX N+M=
X-Time-IN: 24 Sep 2020 16:45:54 -0000
From: "Bentley, Taylor (IC)" <taylor.bentley@canada.ca>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "opsawg@ietf.org" <opsawg@ietf.org>, "mud@ietf.org" <mud@ietf.org>
CC: "aiiotbd@intgovforum.org" <aiiotbd@intgovforum.org>
Thread-Topic: [Mud] changes to draft-richardson-opsawg-mud-iot-dns-considerations-03.txt
Thread-Index: AQHWkoZKSRWOutXun0Gi9C4Rf5ewP6l3/HQg
Date: Thu, 24 Sep 2020 16:45:49 +0000
References: <160082461431.2339.6222888407127336620@ietfa.amsl.com> <15779.1600960819@localhost>
In-Reply-To: <15779.1600960819@localhost>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Message-Id: <20200924164557.CB8643A10A9@ietfa.amsl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/WWfUXGylKfzrGk-vC0W6PnVytGw>
Subject: Re: [OPSAWG] [Mud] changes to draft-richardson-opsawg-mud-iot-dns-considerations-03.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2020 16:46:05 -0000

Hi Michael, all,

Fantastic (continued) work! It's a pleasure to continue following in more-or-less personal capacity. In this same role I am following preparations for the annual global Internet Governance Forum (IGF) and Canadian Internet Governance Forum (CIGF). This includes following the intersessional efforts of the global IGF's 'Best Practice Forum on Data and New Technologies.' They are seeking input on issues that Michael's/CIRALabs work and these guidelines for IoT manufacturers seems to align with. I recommend we (and indeed, have gone ahead and,) connect the dots on these two efforts and perhaps we can highlight some great work in I* organizations in the work of the IGF BPF?

Thanks,

Taylor R.W. Bentley
Telecommunications and Internet Policy Specialist
Innovation, Science and Economic Development Canada / Government of Canada
taylor.bentley@canada.ca / Tel: 613-292-9998 / TTY: 1-866-694-8389 
Spécialiste des politiques de telecommunications et d'Internet
Innovation, Sciences et Développement économique Canada / Gouvernement du Canada
taylor.bentley@canada.ca / Tél. : 613-292-9998 / ATS : 1-866-694-8389

p.s.-->
Here's the callout from the UNSec support (truly exceptional individuals) for the BPF: 

Dear All, 

The BPF Data and New Technologies is collecting examples of how stakeholders address the challenges related to collecting and using users’ data. The case studies will feed into the BPF's discussions and its workshop as part of the IGF 2020 intersessional work and the virtual IGF2020 meeting in November. 

The BPF is interested in examples of 
•	applications (deployed or under development) that use users’ data to provide benefit to the user, and the measures that should avoid that the collected data may be used to harms the users.
•	frameworks, guidelines, and policies that address challenges and aim to ensure that users whose data is being collected and used, can benefit from their data and do not risk to be harmed. 

The BPF is interested in case studies that are related as well as unrelated to the COVID-19 pandemic.   

Details on the call for contributions can be found here https://www.intgovforum.org/multilingual/content/bpf-data-new-technologies-case-studies . 

We would appreciate to receive your case study by the end of this week - Friday 25 September.

In preparation of the call for contributions, the BPF discussed what could be potential issues and put them together in a ‘Data and New Technologies Issues card’. The issues card can help with putting together a case study.

For more information, please check the BPF Data and New Technologies webpage.

Kind Regards

The BPF Data and New Technologies coordinating team,
Titti, Emanuela, Wim

-----Original Message-----
From: Mud <mud-bounces@ietf.org> On Behalf Of Michael Richardson
Sent: September 24, 2020 11:20 AM
To: opsawg@ietf.org; mud@ietf.org
Subject: [Mud] changes to draft-richardson-opsawg-mud-iot-dns-considerations-03.txt


Another thread is
        active at: https://mailarchive.ietf.org/arch/msg/opsawg/04UY5rDs_ojh97_edY-a4xBPZT4

I meant to wait to post this email until there had been some discussion about the acceptable-urls document.

From 2018 onwards I have been working with CIRALabs on an IoT security system for home gateways.  This first two revisions of the effort were very much MUD focused, and this document was written to capture my experiences with DNS lookups vs MUD names in MUD files.

This document was presented at the IETF107 virtual interim meeting in April.
The slides are at: https://www.ietf.org/proceedings/interim-2020-opsawg-01/slides/slides-interim-2020-opsawg-01-sessa-operational-considerations-for-use-of-dns-in-iot-devices-wslide-numbers-00

As a big part of the advice is to use the local resolver, whether via Do53, DoT or DoH, it was suggested that this advice might be better given by the Adaptive DNS Discovery (ADD).

Perhaps that made more sense when it was the Applications Doing DNS BOF though.
A number of discussions about this document over the summer with the ADD chairs revealed that the document does not belong in the ADD WG.

The -03 version contains mostly minor editorial changes.
I've decided that, even as a BCP, that it seems to still be using BCP14 language, and so should include the boilerplate.

I would like the OPSAWG to consider adopting this MUD related document.
It changes no bits on the wire changes to MUD or semantic changes (like my other document), rather this is guidance to IoT manufacturers.


Name:		draft-richardson-opsawg-mud-iot-dns-considerations
Revision:	03
Title:		Operational Considerations for use of DNS in IoT devices
Document date:	2020-09-22
Group:		Individual Submission
Pages:		13
URL:            https://www.ietf.org/id/draft-richardson-opsawg-mud-iot-dns-considerations-03.txt
Status:         https://datatracker.ietf.org/doc/draft-richardson-opsawg-mud-iot-dns-considerations/
Html:           https://www.ietf.org/id/draft-richardson-opsawg-mud-iot-dns-considerations-03.html
Htmlized:       https://tools.ietf.org/html/draft-richardson-opsawg-mud-iot-dns-considerations-03
Diff:           https://www.ietf.org/rfcdiff?url2=draft-richardson-opsawg-mud-iot-dns-considerations-03

Abstract:
   This document details concerns about how Internet of Things devices
   use IP addresses and DNS names.  The issue becomes acute as network
   operators begin deploying RFC8520 Manufacturer Usage Description
   (MUD) definitions to control device access.

   This document explains the problem through a series of examples of
   what can go wrong, and then provides some advice on how a device
   manufacturer can best make deal with these issues.  The
   recommendations have an impact upon device and network protocol
   design.

   {RFC-EDITOR, please remove.  Markdown and issue tracker for this
   document is at https://github.com/mcr/iot-mud-dns-considerations.git
   }




--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide