IETF Logo Mail Archive

Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg-mud-iot-dns-considerations-05

tirumal reddy <kondtir@gmail.com> Mon, 30 January 2023 09:39 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 877CEC1524B3 for <opsawg@ietfa.amsl.com>; Mon, 30 Jan 2023 01:39:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5N1mPeQG0wF6 for <opsawg@ietfa.amsl.com>; Mon, 30 Jan 2023 01:39:27 -0800 (PST)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCAF1C14F72F for <opsawg@ietf.org>; Mon, 30 Jan 2023 01:39:27 -0800 (PST)
Received: by mail-lj1-x231.google.com with SMTP id a37so12003013ljq.0 for <opsawg@ietf.org>; Mon, 30 Jan 2023 01:39:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=9tiH8dC2ZirY2KsD5rGesWs7xZFTY9XiIX7OLI0g3NM=; b=G1Wku69LgkIkAdQlyFOYXZSH3ki5Cbt98THOLW4XaTzzLuZpATfWnDpB7lvTOutsZh 4oNDY02M0wsiCEey6y8AlPxwcmsp3Vxg984kruDinwxqI05eM+HmvdyGzLkz9do7Pzqy n5/ksN7p8kpc0KA1lqICKk4nGarJ7eCaUx1YM5eBWDF8EfOngNN5aJsIqMRQmKInhtMN 0ipqru8UhxVnY38Jxy8HV1hvTQ1kY0LCz7qHN44WpekilImeMaJRP5Jviqhn2TUysJNv mZJ/wUKSiPEIcWi9eN2crreEcVeqB5AvrTDZYtc8MUznfb5bkvQQxPHD5lW4YenA1/Ju ApLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9tiH8dC2ZirY2KsD5rGesWs7xZFTY9XiIX7OLI0g3NM=; b=Xfp1BinGsu6eKJAJ9bjREDFWwsh5Wm3BL5no14kka0tINOrPqWuFmFC9aADmskXEdr +5gX2LNNmHXGxjAFlD+E0qotpmk5xA1I7r06VBWFgNp2luIjcetao3TMDzXoim4BCHgw jXgEX5no9njuicWv5OgHVh1hQn4jj3NIw+oXGLDvhj9SSxVCETbJ5S7TnsJg3tyIGjsU v/d+ovRp/96NxUVBsD3QsyxlgDiQ6VR6pHN0+gjm6S6QMOxlOLnL0fHphFIECQ4wwlXE KxrqWa5JjqV5XKqQBXHMnmrQb3e9NxwOPHkaOLpbnp0OQ8492oqPwtbFRSVY/KZhMFj9 3OJA==
X-Gm-Message-State: AO0yUKVaNryOHXwPAfBBOrhADK5zmiyBdLYbAcYs8jojwJA2ElPZbMne hNYWneKeddB4aiEi8GsEA7Tn8GuguA2AJDpo5TyQ5kqzoww=
X-Google-Smtp-Source: AK7set+6H72xexwN9YdxClCVIOq2DLJIJKBPfPoSLZ2s+3N95+qdwMiTsmv9G5LqzcbyTum6JHYcEWdADF3vVN9E2SQ=
X-Received: by 2002:a05:651c:32a:b0:290:5b7c:4838 with SMTP id b10-20020a05651c032a00b002905b7c4838mr605690ljp.51.1675071565632; Mon, 30 Jan 2023 01:39:25 -0800 (PST)
MIME-Version: 1.0
References: <fb4c37ad-870f-c462-c876-e85e38892c57@sit.fraunhofer.de> <CAFpG3ge2-Q1=zCbJud=Xrh8UG-vvomWfid8cJRoJYANgDGAuqQ@mail.gmail.com> <26470.1674407823@localhost> <CAFpG3gcGRMwQsMHAoKsYYNzrZ=FH=pacGWWJdhiHbNdev6+nsw@mail.gmail.com> <14183.1674572218@localhost>
In-Reply-To: <14183.1674572218@localhost>
From: tirumal reddy <kondtir@gmail.com>
Date: Mon, 30 Jan 2023 15:09:13 +0530
Message-ID: <CAFpG3geO6MydCkXvG0VFW_edPUsyHiDsZRjf61W9pRdV7kHA+g@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: opsawg <opsawg@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a496d405f377fdea"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/YuNW8ySSqiwmi79xo2mg8MhH-WY>
Subject: Re: [OPSAWG] 🔔 WG Last Call for draft-ietf-opsawg-mud-iot-dns-considerations-05
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jan 2023 09:39:28 -0000

On Tue, 24 Jan 2023 at 20:27, Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> tirumal reddy <kondtir@gmail.com> wrote:
>     > Agreed. My suggestion is to update the text as follows:
>
>     > In TLS 1.3 with or without the use of ECH, middlebox cannot rely on
> SNI
>     > inspection because a malware could lie about the SNI and middlebox
> without
>     > acting as a TLS proxy does not have visibility into the server
>     > certificate.
>
> Inserted, at:
>
> https://github.com/IETF-OPSAWG-WG/draft-ietf-opsawg-mud-iot-dns-considerations/commit/36538767d4e2ed935bd52ed0f2d19f7bac879bba
>
>     >> Is this still the right reference?  It seems that section 4 is still
>     >> correct.
>     >>
>
>     > No, you will have to refer to DDR
>     > (https://datatracker.ietf.org/doc/draft-ietf-add-ddr/) and DNR
>     > (https://datatracker.ietf.org/doc/draft-ietf-add-dnr/).
>     > The draft ietf-add-split-horizon-authority is specific to
> establishing
>     > local DNS authority in Split-Horizon Environments. I don't think it
> is
>     > relevant to this document.
>
> I have removed the second sentence/reference, and also the reference to
> peterson-doh-dhcp. I think that the existing DNR reference is enough.
>
>
> https://author-tools.ietf.org/iddiff?url1=draft-ietf-opsawg-mud-iot-dns-considerations-07&url2=draft-ietf-opsawg-mud-iot-dns-considerations-08&difftype=--html
>
> This is includes RFC9019 fix. Are there any other WGLC comments?
>

Updates look good to me.

Cheers,
-Tiru

>
>
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>            Sandelman Software Works Inc, Ottawa and Worldwide
>
>
>
>
>

v2.23.0 | Report a Bug | By Email