Re: [OPSAWG] CALL FOR ADOPTION: draft-reddy-opsawg-mud-tls

"Joe Clarke (jclarke)" <jclarke@cisco.com> Tue, 22 September 2020 13:15 UTC

Return-Path: <jclarke@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B1D13A16A0 for <opsawg@ietfa.amsl.com>; Tue, 22 Sep 2020 06:15:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.62
X-Spam-Level:
X-Spam-Status: No, score=-9.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=cL/qQ0O7; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=u+O8LaZj
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m7UtMhAavd54 for <opsawg@ietfa.amsl.com>; Tue, 22 Sep 2020 06:15:27 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C2833A0DE0 for <opsawg@ietf.org>; Tue, 22 Sep 2020 06:15:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2662; q=dns/txt; s=iport; t=1600780527; x=1601990127; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=1CYWyr3DRdsiZ3a6431txFNChuWCHL0huzaBTFUFa/o=; b=cL/qQ0O7xLEbqE2NORd3KbS9lMd01Xy9e0ELEO3xaI5LWjaQenDzbAk9 tT3vgL2xorZVPkpH2pvclfDjXJebRvyMByjyZCuqfhz3xfQuNr0E6eOpw zGpyiUUmkFdTf/Y7CGwMY+gaErlnGXyFAhPYV8REcdGZ3akKbi1W1xOvS s=;
IronPort-PHdr: =?us-ascii?q?9a23=3Aud06SxACgm47m6GobQerUyQJPHJ1sqjoPgMT9p?= =?us-ascii?q?ssgq5PdaLm5Zn5IUjD/qw30A3FWIzB4LRFhvbY9af6Vj9I7ZWAtSUEd5pBH1?= =?us-ascii?q?8AhN4NlgMtSMiCFQXgLfHsYiB7eaYKVFJs83yhd0QAHsH4ag7ep3So5ngTFw?= =?us-ascii?q?nxcw1vKbe9Fovblc/i0ee09tXaaBlJgzzoZ7R0IV22oAzdu9NQj5FlL/M6yw?= =?us-ascii?q?DCpT1DfOEFyA=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BmAwCJ+Glf/4kNJK1fHAEBAQEBAQc?= =?us-ascii?q?BARIBAQQEAQFAgT4EAQELAYFRIy4HcFkvLAqEMINGA415mHWCUwNVCwEBAQ0?= =?us-ascii?q?BARgLCgIEAQGBVoIxRAIXgg4CJDcGDgIDAQELAQEFAQEBAgEGBG2FXAyFcgE?= =?us-ascii?q?BAQECAQEBEAsGEQwBASwLAQQLAgEIGAICJgICAiULFRACBA4FIoMEAYJLAw4?= =?us-ascii?q?gAQ6qCwKBOYhhdoEygwEBAQWCS4JoGIIQAwaBDioBgnCCXBI5QoZSG4FBP4E?= =?us-ascii?q?4HIJNPoJcAQECgVwBgxczgi2TNZJ1kQsKgmeaTgMfgwyJeZN+rk5Qg1wCBAI?= =?us-ascii?q?EBQIOAQEFgWokgVdwFTsqAYI+PhIXAg1WjUkMF4NOhRSFQnQCNQIGAQkBAQM?= =?us-ascii?q?JfIxSATFfAQE?=
X-IronPort-AV: E=Sophos;i="5.77,290,1596499200"; d="scan'208";a="818617325"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Sep 2020 13:15:24 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 08MDFO5q016439 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 22 Sep 2020 13:15:24 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 22 Sep 2020 08:15:23 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 22 Sep 2020 09:15:23 -0400
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 22 Sep 2020 08:15:23 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fpWgzVbSwPF2A6ba+mYdwj8uze0ll9I/tHIJDO144nb+Nv6ipkxCGMLy6H3eYu1yOls6+ctUI7jFzcvbDUVwPq9K3qXx/foKBnQTa/l+vK1g5beJ+A19O8pRzvJgXTkUGjg06awwUEXyyVL20bBXX8g0rfXhZrJfsBP676sIJz+hmxwYpaOB/sL+Bck41c2mh8HM+6Yu4oj/9tDU//N73mvXBNbCrOCoQUO5QNL4cC3bp+2EbqeZUcG5+7cYWe69ZPOX1SpdYcRhMd3Db1v/LYalk94zetVdTNHsT4xLPZQUcvvLhFWUvM9HnfsgW2Ns4AqcpK91DHaX8lckwQwk6g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1CYWyr3DRdsiZ3a6431txFNChuWCHL0huzaBTFUFa/o=; b=CceRt6TXg57DbEXgDvYSnGqbXeJcuucf92wFhVtuf6kZ4BAcQD/EVINvkxV0pyBby+0fanORu96kwp959hyMcQOiFi220GSOfzKjGM+yi/UqBCBfpOKvy2jd2wp4uQfFPpIWPd5AiOh39PjbDsDWoKhotbENs+KBZiHWJdi7mJ1RnhXHDZmWVvv6h7RVAsEDXuqazqIN1agPlY+vNmnkseeuw0eQ+5vcwUsgwtJAFX2bJGalvSwMz42KTC4nOxcV6hhPAF3OwxA34139btdbXAZu8G8kZgT0IUXtgRV/U3H7u2pBvi+9gUHHhxv9PNZJIhVSx7Y6GZBVT4zhfddvqw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1CYWyr3DRdsiZ3a6431txFNChuWCHL0huzaBTFUFa/o=; b=u+O8LaZj23uiPI4qtJu6zIU+4UciKG6C6IIXmD3FFE7SD4YotDEvWKoeDNj6i/xl5Yv5uU8n2tn7w5Ejql9HiEXgniUEczMyyI9r4AaPjgWf0K5T67w4RmcwM03EMkp3misMY1pg3ea1E8CqcbdX38Js64gxwEzlws0z3Hz/JkQ=
Received: from BN6PR11MB1667.namprd11.prod.outlook.com (2603:10b6:405:e::12) by BN7PR11MB2802.namprd11.prod.outlook.com (2603:10b6:406:b7::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.19; Tue, 22 Sep 2020 13:15:22 +0000
Received: from BN6PR11MB1667.namprd11.prod.outlook.com ([fe80::5142:3a35:18c2:75c2]) by BN6PR11MB1667.namprd11.prod.outlook.com ([fe80::5142:3a35:18c2:75c2%8]) with mapi id 15.20.3391.024; Tue, 22 Sep 2020 13:15:22 +0000
From: "Joe Clarke (jclarke)" <jclarke@cisco.com>
To: "Joe Clarke (jclarke)" <jclarke=40cisco.com@dmarc.ietf.org>
CC: opsawg <opsawg@ietf.org>
Thread-Topic: [OPSAWG] CALL FOR ADOPTION: draft-reddy-opsawg-mud-tls
Thread-Index: AQHWgTqLyBITzbvmYU+n3Uiyau4irKl0wmOA
Date: Tue, 22 Sep 2020 13:15:22 +0000
Message-ID: <A9003A0A-1A8D-4E78-A4D4-2F15412A1175@cisco.com>
References: <21BA8D05-DD83-44DE-81B9-457692484CAD@cisco.com>
In-Reply-To: <21BA8D05-DD83-44DE-81B9-457692484CAD@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.120.23.2.1)
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.117.86]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5062c7c0-bfc7-4eaa-1835-08d85ef98fcf
x-ms-traffictypediagnostic: BN7PR11MB2802:
x-microsoft-antispam-prvs: <BN7PR11MB2802CD6115C6158EB4A766D2B83B0@BN7PR11MB2802.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: eTnWcVO0J+ywKDEbNu7rkaxWCdFH7HmrUIiJrd+mHlYCky5tSVtztaK0sbsi60QoHKc83MwlVGit3zlL5SHHngQqSMGeNKCFKh1L6ggoEPamWjKxtjgfo88FebAhSOTd+L7PRJHDSL3neQKafdVABxA1IABcZupnf3iPpLfD55aWekecPjna9m6E12ODtNSkNQtLoYV0toGDlp3BXrYX1zhZ07X4SCIWKZc9Tqpo3I7OZeNDy0H6WQTLlK6xpEZ4VdcCR3iBl/3CLL+mSdt135iUQL9KLL7Aa4+vJXhchdXBkL0db/fJstfnBdMr9ED2UfkAsQtRvS0mKq0BkNIlGiX1yxo7+yvkvXJgES1U6VCGPYE85kDXhPxprw7lgbJhFEpfTGOg6XAK2x0A3dTPgg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1667.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(346002)(376002)(136003)(396003)(366004)(2906002)(316002)(91956017)(186003)(26005)(66946007)(6512007)(53546011)(64756008)(76116006)(66556008)(66446008)(4326008)(6506007)(66476007)(8676002)(8936002)(6486002)(478600001)(71200400001)(83380400001)(66574015)(36756003)(2616005)(5660300002)(966005)(33656002)(86362001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: gWSHtiLsrmXUzgS5VNn+JsJuUVCh031edpjlZKWN+kQno0i1ovxtRVJ+GyADxWDtcIF7br7FkT7wE4k8Bl/NnuNjAQ1bk43TwaLmZhcwvG9vqcsKHRx08dlMZNRrZ1PKl3mzB9zwLyUqYD0RYIOpI7u49vbARYBX9MK+/iM8smiUk4OJnAprO1zSFxawN8sBHMnyJQm8NeelS/QXqAz3K3T0b6gW489o0EMfSKxBKefBPABUjN58oZdKZush5urH2si6PP4yzdLXXeorLiVh2P3TLC+04FQ43FSYOLLMfxnq2sZxwN6kMhUPUDD9+6KOOTpgFo0ajynHkHJFVcFbYjKUIMbJNqmyYDzSWrhMi3SUjpCR2AL1o/TYEj5/vqHUxcC/ApGq8ngsbi6bLW/WJuL7vdgXlop2ev+Ct9vcJkumDqtelPsLMiUIRCk/bUkVGuaHdKakhUbJoouABu62fYG1ZX3BP2Tvpe1zcBTrfOrpBuY++rXA3ffkYs5N0zF8qRv6Fd4CNWEYIzIfn3c139fK8ZATRi3X/x2Nn21MzDUZPhe7q5cb4gcRxhIK5oNjb/V0kPcPgWqwSrWA8z6bnZ7hs6x0/HATOIF+XLXp1+i/YNB+oknIpnhVvk8txA4QFQKxudNd2JLJ+wigT9SXIg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <F2F25F18D69BB2489098D7829D4281BC@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1667.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5062c7c0-bfc7-4eaa-1835-08d85ef98fcf
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Sep 2020 13:15:22.3172 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: VBm1bBA2u9390Sve37KmMZeSTMPorv1doE6KOb3XUGoCwIjoi2qamNtMC1qbxZRdb/+myutW+xTQplIOQKksZw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2802
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.13, xch-rcd-003.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/WkEGiLbHHY2RQd0NDbcCRSHzj7Y>
Subject: Re: [OPSAWG] CALL FOR ADOPTION: draft-reddy-opsawg-mud-tls
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2020 13:15:29 -0000

The call for adoption has closed.  It has not been without discussion to be sure.  There have been concerns expressed from the TLS working group that it might benefit malware authors and that it could lead to “ossification” in use of the TLS protocol.

That said, there has been considerable support expressed for (and active willingness to work in) moving this work forward.  Therefore, this document has been adopted by the opsawg working group.  The authors have already been active in addressing some concerns brought up during the CFA, and the chairs encourage the authors and those interested in the progression of this work to continue to work with the TLS WG to fully shore up the text and YANG module.

Additionally, it might be good to get a more formal early review of this work from SecDir so that the WG can focus on additional items required to move the work forward.

Authors, please rename this draft, draft-ietf-opsawg-mud-tls and resubmit it to DataTracker as a -00.  DO NOT change any other text.  Within DT, mark this draft as replacing draft-reddy-opsawg-mud-tls.

Thanks.

Joe

> On Sep 2, 2020, at 11:05, Joe Clarke (jclarke) <jclarke=40cisco.com@dmarc.ietf.org> wrote:
> 
> Hello, opsawg.  This draft as underwent a number of revisions based on reviews and presentations at the last few IETF meetings.  The authors feel they have addressed the issues and concerns from the WG in their latest posted -05 revision.  As a reminder, this document describes how to use (D)TLS profile parameters with MUD to expose potential unauthorized software or malware on an endpoint.
> 
> To that end, this serves as a two-week call for adoption for this work.  Please reply with your support and/or comments by September 16, 2020.
> 
> Thanks.
> 
> Joe and Tianran
> _______________________________________________
> OPSAWG mailing list
> OPSAWG@ietf.org
> https://www.ietf.org/mailman/listinfo/opsawg