IETF Logo Mail Archive

Re: [OPSAWG] Last Call Review of draft-ietf-opsawg-mud-acceptable-urls-10

Michael Richardson <mcr@sandelman.ca> Thu, 29 February 2024 23:31 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7513DC1CAF5E; Thu, 29 Feb 2024 15:31:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.406
X-Spam-Level:
X-Spam-Status: No, score=-4.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ODyOsXXHVDPq; Thu, 29 Feb 2024 15:31:04 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C31CC1D3D40; Thu, 29 Feb 2024 15:31:04 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id D20583898E; Thu, 29 Feb 2024 18:31:02 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id eTnJO8N0TWyS; Thu, 29 Feb 2024 18:31:00 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 9993F3898D; Thu, 29 Feb 2024 18:31:00 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1709249460; bh=2k+bDOLLG14DZrSp+YD/8C/xV/Vc7bGsBme7FLvcnuI=; h=From:To:cc:Subject:In-Reply-To:References:Date:From; b=xJN194TwQX8C789jOJG7D5msvfq6km2blE9L74a/CC9nBsiZDwOR5VLnIy/+M5zSr Akcp06FyEhHvbbyYBDF4YEoIv9rolEHX/89UoDS4rrwjqY6rGBKOiCKYWdL2JaOS8U b+nB58LB6eFUGkzBRW17EJwIx8FfQCNyVBafv0j/adx2u2EcnhfBkbcd1PyZxPF22Y CCDd8aBQlsu2IReEgZJOv7ZxPvc3YoWugjJEc4xV1hDnuwOXEZ8jgnp6Bkuk1C0EPE kySqmFwrSpVwUxJHOsb3k9rN4fIUcmqKelf6CUKX1GVyDidZHR9ehc5RKSshEoifAB RLx+40TFBVe4w==
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 904DC873; Thu, 29 Feb 2024 18:31:00 -0500 (EST)
From: Michael Richardson <mcr@sandelman.ca>
To: Christian Huitema <huitema@huitema.net>
cc: Eliot Lear <lear@lear.ch>, "opsawg@ietf.org" <opsawg@ietf.org>, draft-ietf-opsawg-mud-acceptable-urls@ietf.org
In-Reply-To: <66588cac-0f33-4924-920f-6b4dbd5c2964@huitema.net>
References: <8a2c556a-905b-46f9-926c-03f09ed98f32@lear.ch> <66588cac-0f33-4924-920f-6b4dbd5c2964@huitema.net>
X-Mailer: MH-E 8.6+git; nmh 1.8+dev; GNU Emacs 28.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 29 Feb 2024 18:31:00 -0500
Message-ID: <20112.1709249460@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/jm0_nxA0TcF8x3gGlAAnswG6sFI>
Subject: Re: [OPSAWG] Last Call Review of draft-ietf-opsawg-mud-acceptable-urls-10
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Feb 2024 23:31:09 -0000

Christian, I don't know if I am understanding your shotgun parser comment
right.  My understanding is that I have unwittingly invoked one via my
informal description how URLs should be matched, and that this is something
to avoid.

I have written the following diff:

https://github.com/IETF-OPSAWG-WG/draft-ietf-opsawg-mud-acceptable-urls/pull/3/files#diff-7aca3461cf4d4087c17882e209f0b93f8c2b26fafa0d9a985555b097db3ea3ceR266-R272

which essentially says:
      Section 3.3 of {{RFC3986}} explains how the different parts of the URL are
      described.
      As explained in that section, a _path_ component consists of a series of
      _segment_ seperated by slash ("/") characters.
      The new URL is considered acceptable if it contains the same series of
      segments in its path, excepting that the last segment may be different.

I have further created headings for "Small Changes to MUD URL" and "Big Changes
to MUD URL" to explain the two mechanisms.  I hadn't really thought of it as
two mechanisms, but it's a good observation.

I'm not sure if this rewrite is what you had in mind.
I struggled with this for a few days now thinking that you were asking for
something much more formal, but finally came to this short description.
Does it work for you?

As for your comments about signature verification, I have made some small
changes at:

https://github.com/IETF-OPSAWG-WG/draft-ietf-opsawg-mud-acceptable-urls/pull/4/files

I hope to hear from you soonish if you are happy or unhappy with these
changes, and I'll post a new version on Friday March 1.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

v2.23.0 | Report a Bug | By Email