Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-iot-dns-considerations-08
"Rob Wilton (rwilton)" <rwilton@cisco.com> Fri, 20 October 2023 13:09 UTC
Return-Path: <rwilton@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0132AC14CE36; Fri, 20 Oct 2023 06:09:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.606
X-Spam-Level:
X-Spam-Status: No, score=-14.606 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="WachkeHe"; dkim=pass (1024-bit key) header.d=cisco.com header.b="HPNBwB4u"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z3Rc5IVmVSsC; Fri, 20 Oct 2023 06:09:01 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92A25C15108E; Fri, 20 Oct 2023 06:09:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5410; q=dns/txt; s=iport; t=1697807341; x=1699016941; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=NxjSHtbS6ZsWdYtAijBFCySHxBoKV+y5c0oY1Ju58sI=; b=WachkeHeGRiqyH4/LuqY9zsN7qKAd2K2/zKtOHPb6XgZymZEgQwcPbMc U2uNKUfo+xefCF40YdcoESCxMBzHuQ+GH2IrKi1mrqCNXWj/tII3r8p8g kMgOZU2fhwsR7co0Ms743lHxPG1v0O/pGUH0uKs48TInm63WyhnYW6jjj U=;
X-CSE-ConnectionGUID: ZDNpsamsSeOlSGrREGTEtw==
X-CSE-MsgGUID: lRN55RDrQm+4kyA8fJnn2g==
X-IPAS-Result: A0BmAABHezJl/4MNJK1aHAEBAQEBAQcBARIBAQQEAQFAJYEWBwEBCwGBZlIHcQJZKhJIiB4DhE5fiGMDl2SBOIRfgSUDVg8BAQENAQE1DwQBAYISgnQChxUCJjQJDgECAgIBAQEBAwIDAQEBAQEBAQIBAQUBAQECAQcEgQoThTsIJQ2GTAEBAQEDEigGAQE3AQsEAgEIDgMEAQEfEDIdCAEBBA4FCBqCXYJeAwGnRAGBQAKKKHiBNIEBggkBAQYEBbJsCYFIAYgJAYoGCB8bgUlEgViCaD6CA14CgUgahBKCL4N2gnWCBQcOLgcygQoMCYNgHF+EBYc0gQFHcBsDBwOBAxArBwQvGwcGCRYtJQZRBC0kCRMSPgSBZ4FRCoEDPw8OEYJDIgIHNjYZS4JbCRUMNE12ECoEFBeBEQRqBRoVHjcREhcNAwh2HQIRIzwDBQMENAoVDQshBRRDA0cGSgsDAhwFAwMEgTYFDR4CEBoGDicDAxlNAhAUAzsDAwYDCzEDMFdHDFkDbB82CTwPDDQDRB1AAwttPRQhFBsFBGRZBZwgcIF1AWsGAl8BAgQtIgMjYwUOAQYRBBFADhk8kxixUwqEDKE/F6hbLWKYPKMRhRYCBAIEBQIOAQEGgWM8OYEgcBU7gmcJSRkPWIJoimAMFoMCVI95djsCBwsBAQMJi0oBAQ
IronPort-PHdr: A9a23:bLvGZReV9RegkHxVIeDfHJFIlGM/foqcDmcuAtIPgrZKdOGk55v9e RCZ7vR2h1iPVoLeuLpIiOvT5rjpQndIoY2Av3YLbIFWWlcbhN8XkQ0tDI/NCUDyIPPwKS1vN M9DT1RiuXq8NBsdA97wMmXbuWb69jsOAlP6PAtxKP7yH9vIkMWzy+e005bSeA5PwjG6ZOA6I BC/tw6ErsANmsMiMvMo1xLTq31UeuJbjW9pPgeVmBDxp4+8qZVi6C9X/fkm8qZ9
IronPort-Data: A9a23:+AiEsqv2N+KcUf3Tw7oqmqJvb+fnVDJfMUV32f8akzHdYApBsoF/q tZmKW6Pb/mMa2DwL493O9+18xwD7Z6GztA1SQVupSxgRi0bgMeUXt7xwmUckM+xwmwvaGo9s q3yv/GZdJhcokf0/0rrb/656yEkhclkf5KkYMbcICd9WAR4fykojBNnioYRj5Vh6TSDK1vlV eja/YuHYzdJ5xYuajhPsvra+Us01BjPkGpwUmIWNKgjUGD2zxH5PLpHTYmtIn3xRJVjH+LSb 44vG5ngows1Vz90Yj+Uuu6Tnn8iG9Y+DiDS4pZiYJVOtzAZzsAEPgnXA9JHAatfo23hc9mcU 7yhv7ToIesiFvWkdOjwz3C0HgkmVZCq9oMrLlCNneqL1ETDaEDh5PFVI1sMEKIk1/poVDQmG fwwcFjhbziKg+awhbm8UOQp34IoLdLgO8UUvXQIITPxVKl9B8udBfyRo4YDhV/chegWdRraT 9AGaD5zaxLoaBxUMVBRA5U79AutriChI2AA8wnP+8Lb5UDX9iosjYLBKuPQOYCJVOwFkGSeo DjJqjGR7hYycYb3JSC+2n62j+HT2CL2RIxXE6Wj/+FlxViOyikSDwFTWV2g5PK+jFW/V99FI lAV/Sw1hak/6ELtScPyNzW/uGWNoRE0WtdMHas98g7l90bPyw+dAm5BRTlbZZl/8sQ3Xjctk FSOmrsFGABSjVFcclrEnp+8pjKpMi9TJmgHDRLohyNbizU/iOnfVi7yc+s=
IronPort-HdrOrdr: A9a23:TpoADK4e7Pog+yPiYQPXwY2CI+orL9Y04lQ7vn2ZFiYlEfBwxv rPoB1E737JYW4qKQAdcLC7VJVpQRvnhOdICPoqTMeftW7dySWVxeBZnMTfKljbak/DH4FmpN pdmsRFebrN5B1B/LjHCWqDYpcdKbu8gdyVbI7lph8HI3AOGsVdBkVCe3mm+yZNNXF77O8CZe ChD7181kGdkBosH6KGL0hAddLu4/fMk5XrawMHARkI1Cmi5AnD1JfKVzKj8lM7ST1g/ZcOmF Kpr+X+3MqemsD+7iWZ+37Y7pxQltek4MBEHtawhs8cLSipohq0Zax6Mofy/wwdkaWK0hIHgd PMqxAvM4BY8HXKZFy4phPrxk3JzCsu0Xn/0lWV6EGT4/ARBQhKTvapt7gpNScx2HBQ+u2UF5 g7hl5xgqAnSS8oWh6Nv+QgGSsazXZc6kBS4tL7x0YvI7f2LoUh7bD2OChuYco99OWQ0vF8LM B+SM7b//pYalWccjTQuXRu2sWlWjApEg6BWVVqgL3e79F6pgEw86Ij/r1Vol4QsJYmD5VU7e XNNapl0LlIU88NdKp4QOMMW9G+BGDBSQ/FdDv6GyWqKIgXf3bW75Ln6rQ84++nPJQO0ZspgZ zEFFdVr3Q7dU7iAdCHmJdL7hfOSmOgWimF8LAS27Fp/rnnALb7OyyKT14j18OmvvUEG8XeH+ 2+PZpHasWTZFcG2bw5qTEWd6MiXkX2Cvdlz+rTc2j+1v72Fg==
X-Talos-CUID: 9a23:zHByNmCzKMdCqTP6ExtL0lYPE8U+SXD6yEz/OXWVJlpEVKLAHA==
X-Talos-MUID: 9a23:j0DQVgg+MxlgNQEk0/EWc8MpMP1OvvmUJFo0lNZauNitZSJSPTHHg2Hi
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-3.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Oct 2023 13:08:49 +0000
Received: from alln-opgw-4.cisco.com (alln-opgw-4.cisco.com [173.37.147.252]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 39KD8nSC031662 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Oct 2023 13:08:49 GMT
X-CSE-ConnectionGUID: 6SLXnMYuQW2fy+tkZH+uMQ==
X-CSE-MsgGUID: ih1ffEttQQC8tcchWAVwAg==
Authentication-Results: alln-opgw-4.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=rwilton@cisco.com; dmarc=pass (p=quarantine dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.03,238,1694736000"; d="scan'208";a="5574077"
Received: from mail-co1nam11lp2169.outbound.protection.outlook.com (HELO NAM11-CO1-obe.outbound.protection.outlook.com) ([104.47.56.169]) by alln-opgw-4.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Oct 2023 13:08:48 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WSNkl5GmjT7LxyFXi3LILehog/htIsjzGNlhSOEUByGR1Wp5WEOrDFGC/kvxu5ci0JCY+z/jJsVScH0N/A3WvsAsswAy00cHWuMqbA04gQY1X62SzXGETDnqV/5mJRJWj7cMPbe4DpQJhs9W9ixiRIvQnBR9/0ZZn5CbRRJ4FblCG21a8Y4RY64Mow+xFpTXkoLA+r0mVGt8qmEvKDq4ebGiz3VbJHCFpqeOwPADUH26GgOzVBLpz6m5HJ/GWjdfiSI1rFH5muAoTF+VZuho5HxMokxtO59NsRXBSgctXQq2PFSYfF4AwSMnVeBfbwfXUs6RCc8pEfDeAYKtSuBKpw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jMrNHCz9VzirCTIVaRDJ/ORUAs8CZM9WB1OyjTcD6sY=; b=GBRnBrMe+fynsLyjh8pE+WWYtYMDICVTvHTDMf+QQjeyx4Xl/IjFu/qrEBwn6LyTUwG1wGeb7mScHYvpIyHIfDy006TgT+DUivIDlDT3xQwU2O2x79kLTQ90s4TDp2qJWYc9cyDFPI7ngHZDfSdMeK7vsCqqzNJGbjs+6GDrheAcRyqRy7YVc5hOKyHi3DCqW4ELyAgmKRyokQE2uOK9PqJ8G7B+UjkObAaJg4DJe5oV44qwTzq26ORtneze275UupMymtsgd9wieQuL31tiuFLh0jR1gAKU5a79M9/1NeVm0M5lB4rhdJm7pmAvPHGhzRUQb1fYmzF6dkdTOg6ffw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jMrNHCz9VzirCTIVaRDJ/ORUAs8CZM9WB1OyjTcD6sY=; b=HPNBwB4ubOK3V2RvXewKFhdwzqTwolkJl+3mNS+3K7OicpmYnqBCL54rVRZtLvbeUHR1IM5PQjVCFFS1vlIaBQub0pMr8avhgdHP1GXcoMRhGYHgkezU7LkiOPC3dyAa5rYGpfbXRF01fnnBk4/QvCHtWU0TfJwHVjWY6rn4ezk=
Received: from BY5PR11MB4196.namprd11.prod.outlook.com (2603:10b6:a03:1ce::13) by SN7PR11MB6557.namprd11.prod.outlook.com (2603:10b6:806:26f::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6886.34; Fri, 20 Oct 2023 13:08:47 +0000
Received: from BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::97f2:7572:4ef5:6bf9]) by BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::97f2:7572:4ef5:6bf9%3]) with mapi id 15.20.6863.046; Fri, 20 Oct 2023 13:08:46 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Michael Richardson <mcr@sandelman.ca>
CC: "opsawg@ietf.org" <opsawg@ietf.org>, "draft-ietf-opsawg-mud-iot-dns-considerations@ietf.org" <draft-ietf-opsawg-mud-iot-dns-considerations@ietf.org>
Thread-Topic: AD review of draft-ietf-opsawg-mud-iot-dns-considerations-08
Thread-Index: Adn9uohvN+3E1lC3TL27lly1AEZWBQEHmbYAAF7pIlA=
Date: Fri, 20 Oct 2023 13:08:46 +0000
Message-ID: <BY5PR11MB4196CE6084B4DC26BD0EC11EB5DBA@BY5PR11MB4196.namprd11.prod.outlook.com>
References: <BY5PR11MB419663E50375EFC179E7CE65B5D2A@BY5PR11MB4196.namprd11.prod.outlook.com> <12876.1697643420@localhost>
In-Reply-To: <12876.1697643420@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BY5PR11MB4196:EE_|SN7PR11MB6557:EE_
x-ms-office365-filtering-correlation-id: 47c9c216-f4ce-4ca0-a624-08dbd16db1c3
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: p2PLk0If1YLrISZluRBJDj6lc24mb24Jwg0/mdUi+0KP81PIw1aZuKVH3nMo4VacfFqf6v44WhSYEC/LsRGrIILsbn5lsgB8jHdT1ztOTcG2vvFjKLyALSxTB2nsjGm7JU4hmPcofhq9cbLpX4jLUCySvNfJHF4VnYA/pvXh7QrHaqE0eDGyO89K7QSUeI23pe9kSDyHhYwPvH8osW5jSICkrBu31P+3PhmIi4sioeG2+Se9DvsdpNkQc6FCMUFVo00AXiE/5Z0EuZuNYRZFPsr1qb79rwcftXpwKBTR80psiuZajWZjIteL1pqPu/Z0Oui0+DimTYPRjf23qedVmLXNcQRcEC/ZWNUtBytr7bNzcnXKOmq2arbfxO7ZHwC9TKjH9WJ+sVaUf1YRlTweWm0e5qu6GOYd6RLccsxmgBsUhuYE24u5OIPGDyL821umvpA86/hp4EAH5AdvOoH2hdvySigJDy355wbiYa9sekWLeKDf7dD4pZOGn4e2uGYe7HDQb8Of4QMgzoi+Uep3a7i5Z1I6m3JXHV2NaKV0Qgk4j+6uKniTmfTWS4B7w6IWBRYz3Dk3Wvnbd3K5ACL9UczUMVZgg9jH4o/FeyIiOho=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR11MB4196.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376002)(366004)(136003)(396003)(39860400002)(346002)(230922051799003)(64100799003)(451199024)(1800799009)(186009)(66899024)(33656002)(52536014)(55016003)(5660300002)(8676002)(41300700001)(4326008)(2906002)(86362001)(8936002)(38100700002)(122000001)(64756008)(38070700009)(26005)(71200400001)(966005)(83380400001)(9686003)(6506007)(7696005)(53546011)(316002)(478600001)(66556008)(66946007)(66476007)(66446008)(54906003)(6916009)(76116006); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: R05YPZ7j5XY0JIDJAIAnVOjRm7LaWIuH1pYiEw/I+CXt17++iSulsHAfgysE6ue1hjqlWtcPsYsodf0DRW2ndDYWTo25BtzzVzMzV0YZnYeDBOFGQIV4wsxG9kEm/IzP1KioDk0IEbV/H512Cw67ofmoyt1jwp4Y8by9VIRUPWa4C3TvJ/5vIyfXt/RpJV3jykyF+EJ7/KXg98bnEcwq8B4usTFy7oPyTPwRVXROUeNlCfHnkdjxZ5coEuNDH9uUY2TTFQwnY8P3KouaXKSJi7qBvQfJMXU2J1NQWa3PDAGGiKg+USpaK9jSkw+/hFz/U+AAvmvERmSVMlo6V3T98Lp8zZ8qSroBkHxnQbX/ewfFrpY7VcTaOApuwHfiorjuYIEXSFS6PZ2ntUlcI8pUKDHXURqYU4IVeH8tkinBbK2U8d3ea5XMuMxOiRaTJqD/+2MBUVgSeENAR5vwpdnOmxso5Nv9PtJ69yiRyFDDsLbSq6CGzI99XVfOeIqXKSsASBE6bBCXHgYM5VcZhlCpgFpOZDA2W9VYgLk3VNnCcg3CeJYnmpyAQvCUvTM/8fucIA6Y6lh9mxUCMZzcitPGDr6nIPljuXRmnjl3FAQBG4+3vKWwTPfCW5F/igDqw3nFSrP+eUSoMpKxHKSeif6LrklvUmaCypdQEfpfrYIXTJFmgZJ9wb/VSvbbQyk1vRYAhlPLvcS309xGeozI30lC5WpNGIiYnbv5T50gqNQ6KLyedNKrZ9US1vuDfNfx8eFNBNprKPioKTJ+VgFqFZPywNK4eL220yxuxzZwOw2mE3r4KDlrHwjlVzfZEjWs0nJcc0Bsu7GCQlN4VbgRcwmba45P6EFZrjyBjRP3NC7OYg6DMuDWGvGNhePbMbOUpQukMYHgoiCXhFnXilgtXQ5CRc14+iGkGWBvXfueqUhHMj9hNO/dDp4Fr6ST6LJfumZEWoUDWMC8cqbwULimKNl4aOImJuirlDwjrcrvOeTe94b9GAaXh9hqZ3oBWbCQaF4O3/a1of90P/TEk3oiCFreRo8hw/1Zrn4GQO0vrL/KqGmmzhaZOK9QlYyqQ0MYzWcQY2684CisxxxQApLrKy5WFvfK+qGwZk+8u4ck/O/HtOx7jNt1Z9JMKHwrDX5vqiPvzlQ1UVr3tscDVm03aD+ttPhJzNiLbyHNKXTgqFqPtJv41en2srAgiKB2ybStY2g3CS5Oqn1mfRau7wnQXqEdG8KIIuQyXVjbY7iCq8IJwV6+X6HXRsbqyDmRfugl2RJpiEfEWXH6zV7L+hXXu/fyKnvTmVa+JVf9+BNLeEN7cArK80wuVHPcN2Uqaw0egNDMTYHHGJ2zc21YQcC8wZE1IkNhMI9RBPvFgQXyICWfj/4IY8N2/vwbzWZEHJeS7+STQwGHHulnpTVIgYa8NltkPy0qh9c6ECVZZ7UrF1i6r+U42CBlZSPyx0F6vTrm9L1YaRL+cpFulSqGqDhLFXSNVNVUPpjvtXXeeWynnW/HXYPVD0dCRud+X78lf49u3fJ4Ta8ZHunLZaSZo1muA0t4i0JfPkyLuLZ2u2StmYamXcM=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4196.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 47c9c216-f4ce-4ca0-a624-08dbd16db1c3
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Oct 2023 13:08:46.6704 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MxF68+dNQh6WmM97fDR1ry31HLScql6MaqZCXXB0q5q+5aLRY+a5Ozk9bsD5u4j21UHlVEuFWlpCvqIMcJwf4A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR11MB6557
X-Outbound-SMTP-Client: 173.37.147.252, alln-opgw-4.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/YbP14uySg3X58lPzf4Zs6hWog9c>
Subject: Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-iot-dns-considerations-08
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Oct 2023 13:09:06 -0000
Hi Michael, A few comments/clarifications inline ... > -----Original Message----- > From: Michael Richardson <mcr@sandelman.ca> > Sent: Wednesday, October 18, 2023 4:37 PM > To: Rob Wilton (rwilton) <rwilton@cisco.com> > Cc: opsawg@ietf.org; draft-ietf-opsawg-mud-iot-dns-considerations@ietf.org > Subject: Re: AD review of draft-ietf-opsawg-mud-iot-dns-considerations-08 > > > > (10) p 12, sec 7. Privacy Considerations > > > The use of DoT and DoH eliminates the minimizes threat from passive > > eavesdropped, but still exposes the list to the operator of the DoT > > or DoH server. There are additional methods, such as described by > > [I-D.pauly-dprive-oblivious-doh]. > > The use of unencrypted (Do53) requests to a local DNS server exposes > > the list to any internal passive eavesdroppers, and for some > > situations that may be significant, particularly if unencrypted WiFi > > is used. Use of Encrypted DNS connection to a local DNS recursive > > resolver is a preferred choice, assuming that the trust anchor for > > the local DNS server can be obtained, such as via > > [I-D.reddy-add-iot-byod-bootstrap]. > > > Presumably there should also be a recommendation to use encrypted WiFi > too. > > Well, I want to push back here on what we suggest and where. > We can make all sorts of security suggestions, but this document is about > DNS, not general network security. And actually unencrypted WiFi is not a > problem if you are using DoT/DoH! "Encrypted" Wifi through coffee-shop > WPA-PSK is subject to trivial on-path attacks that allow for active > eavesdropping. I don't think this document should go there. [Rob Wilton (rwilton)] Okay. > > > (11) p 12, sec 7. Privacy Considerations > > > While possession of a Large (Kitchen) Appliance at a residence may be > > uninteresting to most, possession of intimate personal devices (e.g., > > "sex toys") may be a cause for embarrassment. > > > Not sure whether the example is needed here, but don't object if you > > want to keep it. I would change "Large (Kitchen) Appliance" to just > > "kitchen appliance". > > I said large for a reason: refridgerators do not move, while a small > counter-top coffee maker might be loaned to neighbours or taken to/from > office. [Rob Wilton (rwilton)] Okay. > > > (12) p 13, sec 8. Security Considerations > > > This document takes the view that the two requirements do not need to > > be in conflict, but resolving the conflict requires some advance > > planning by all parties. > > > Rather than "requires some advance planning by all parties", perhaps > > "requires careful planning on how the DNS can be safely and effectively > > used by MUD controllers and IOT devices." > > I'm using your text, but the reason I said "advance" is that it the situation > needs to be considered when writing the code, planning the software updates, > and exactly how DNS names are going to be used. This needs to be done by > the IoT vendor. [Rob Wilton (rwilton)] Okay. Maybe "careful design and planning on how"? > > > (14) p 4, sec 3.1.1. Too slow > > > While subsequent connections to the same site (and subsequent packets > > in the same flow) will not be affected if the results are cached, the > > effects will be felt. The ACL results can be cached for a period of > > time given by the TTL of the DNS results, but the lookup must be > > performed again in a number of hours to days. > > > hours to days => hours or days. > > No, it's not hours or days, it's >hours <days. > (Also: it's mutually exclusive: hours xor days) > I think that my text is correct. [Rob Wilton (rwilton)] I think that your text is hard to comprehend, as is your explanation ;-) You first comment seems to suggest that the range is between 1 hours and 23 hours, but your second comment suggests it can be X hours or Y days. > > > (24) p 8, sec 4.1. Use of IP address literals in-protocol > > > Third-party content-distribution networks (CDN) tend to use DNS names > > in order to isolate the content-owner from changes to the > > distribution network. > > > I suggest "Finally, Third-party content-distribution ..." > > fixed. > upper-case Third? I don't think so. [Rob Wilton (rwilton)] Yes, "Finally, third-party ..." > > > (34) p 13, sec 8. Security Considerations > > > This document deals with conflicting Security requirements: > > > Security => security > > i loaded it all into Google Docs, which does pretty well with markdown, and > used it to check this all. [Rob Wilton (rwilton)] Okay. Thanks. I presume you will post (or point to an updated version of the doc) once you have text for the other issues that you have flagged as github issues. Regards, Rob > > > -- > ] Never tell me the odds! | ipv6 mesh networks [ > ] Michael Richardson, Sandelman Software Works | IoT architect [ > ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
- [OPSAWG] AD review of draft-ietf-opsawg-mud-iot-d… Rob Wilton (rwilton)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Michael Richardson
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Michael Richardson
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… mohamed.boucadair
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Rob Wilton (rwilton)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Michael Richardson
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Michael Richardson
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Eliot Lear
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Michael Richardson
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Toerless Eckert
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Michael Richardson
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Toerless Eckert
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Michael Richardson
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Toerless Eckert
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Rob Wilton (rwilton)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Michael Richardson
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Qin Wu
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Michael Richardson
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Qin Wu
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Michael Richardson
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Michael Richardson
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Rob Wilton (rwilton)
- Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-i… Michael Richardson