IETF Logo Mail Archive

Re: [OPSAWG] Fwd: New Version Notification for draft-reddy-opswg-mud-tls-00.txt

Qin Wu <bill.wu@huawei.com> Tue, 09 July 2019 03:00 UTC

Return-Path: <bill.wu@huawei.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1FBE1200EF; Mon, 8 Jul 2019 20:00:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H6fnJo_VPyT4; Mon, 8 Jul 2019 20:00:13 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81F291200DB; Mon, 8 Jul 2019 20:00:13 -0700 (PDT)
Received: from lhreml702-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id B29D23DBCA851177A11A; Tue, 9 Jul 2019 04:00:11 +0100 (IST)
Received: from NKGEML411-HUB.china.huawei.com (10.98.56.70) by lhreml702-cah.china.huawei.com (10.201.108.43) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 9 Jul 2019 04:00:10 +0100
Received: from NKGEML513-MBX.china.huawei.com ([169.254.1.66]) by nkgeml411-hub.china.huawei.com ([10.98.56.70]) with mapi id 14.03.0415.000; Tue, 9 Jul 2019 11:00:05 +0800
From: Qin Wu <bill.wu@huawei.com>
To: tirumal reddy <kondtir@gmail.com>, "opsawg@ietf.org" <opsawg@ietf.org>, "mud@ietf.org" <mud@ietf.org>
Thread-Topic: [OPSAWG] Fwd: New Version Notification for draft-reddy-opswg-mud-tls-00.txt
Thread-Index: AdU2AVjIwWlWa71ASK6RTWGQe4z2rw==
Date: Tue, 09 Jul 2019 03:00:05 +0000
Message-ID: <B8F9A780D330094D99AF023C5877DABAA49CD8C1@nkgeml513-mbx.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.134.31.203]
Content-Type: multipart/alternative; boundary="_000_B8F9A780D330094D99AF023C5877DABAA49CD8C1nkgeml513mbxchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/qhxHlnruhO4rG56QendIBV7e9ns>
Subject: Re: [OPSAWG] Fwd: New Version Notification for draft-reddy-opswg-mud-tls-00.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 03:00:17 -0000

Interesting work, three questions:

1.       Can the IoT device (D)TLS profile be disclosed to malicious agent or IoT device? If not, how do you prevent these sensitive information leaking?

2.       Do you frequently update DTLS profile disclosed to IoT device to prevent malicious agent from snooping?

3.       How does enterprise firewal use DTLS profile to detect malicious flow or legitimate flow?

-Qin
发件人: OPSAWG [mailto:opsawg-bounces@ietf.org] 代表 tirumal reddy
发送时间: 2019年7月8日 22:03
收件人: opsawg@ietf.org; mud@ietf.org
主题: [OPSAWG] Fwd: New Version Notification for draft-reddy-opswg-mud-tls-00.txt

This draft https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 discusses Manufacturer Usage Description (MUD) extension to model (D)TLS profile on IoT devices. This allows a firewall to notice abnormal DTLS or TLS usage, which has been a strong indicator of other software running on the endpoint, typically malware.

Comments, suggestions, and questions are more than welcome.

Cheers,
-Tiru

---------- Forwarded message ---------
From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
Date: Mon, 8 Jul 2019 at 19:18
Subject: New Version Notification for draft-reddy-opswg-mud-tls-00.txt
To: Tirumaleswar Reddy <kondtir@gmail.com<mailto:kondtir@gmail.com>>, Dan Wing <danwing@gmail.com<mailto:danwing@gmail.com>>



A new version of I-D, draft-reddy-opswg-mud-tls-00.txt
has been successfully submitted by Tirumaleswar Reddy and posted to the
IETF repository.

Name:           draft-reddy-opswg-mud-tls
Revision:       00
Title:          MUD (D)TLS profiles for IoT devices
Document date:  2019-07-08
Group:          Individual Submission
Pages:          16
URL:            https://www.ietf.org/internet-drafts/draft-reddy-opswg-mud-tls-00.txt
Status:         https://datatracker.ietf.org/doc/draft-reddy-opswg-mud-tls/
Htmlized:       https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00
Htmlized:       https://datatracker.ietf.org/doc/html/draft-reddy-opswg-mud-tls


Abstract:
   This memo extends Manufacturer Usage Description (MUD) to model DTLS
   and TLS usage.  This allows a network element to notice abnormal DTLS
   or TLS usage which has been strong indicator of other software
   running on the endpoint, typically malware.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>.

The IETF Secretariat

v2.23.0 | Report a Bug | By Email