Re: [OPSAWG] Mirja Kühlewind's Yes on draft-ietf-opsawg-mud-20: (with COMMENT)

Eliot Lear <lear@cisco.com> Thu, 19 April 2018 09:45 UTC

Return-Path: <lear@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC4BB12D82F; Thu, 19 Apr 2018 02:45:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jub3qnrPoEQl; Thu, 19 Apr 2018 02:45:15 -0700 (PDT)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BB8C127058; Thu, 19 Apr 2018 02:45:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4196; q=dns/txt; s=iport; t=1524131115; x=1525340715; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to; bh=fYtwZphaXLav0H6WFt/SZBIvv1yfJS91rPUwuPvNIzE=; b=dVfRGLnc6cnDABz/h64bfb03Xd5jCsFRLiFDXxW4To127S/7C2+3nqbM 8V2cCQ1r5Q78JZJ7htkEUen6mnK7Erc42x2ehfjRsjmbgKKnZ5W1V2K1o raYVlWG8lSRHk+w2WLUi+VW1AmYvYNH5OKM5JiYPftoaGPWJcoh2KgVkr g=;
X-Files: signature.asc : 488
X-IronPort-AV: E=Sophos; i="5.48,468,1517875200"; d="asc'?scan'208"; a="3275275"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Apr 2018 09:45:12 +0000
Received: from [10.61.210.190] ([10.61.210.190]) by aer-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id w3J9jBYh011361; Thu, 19 Apr 2018 09:45:12 GMT
To: Mirja Kühlewind <ietf@kuehlewind.net>, The IESG <iesg@ietf.org>
Cc: draft-ietf-opsawg-mud@ietf.org, Joe Clarke <jclarke@cisco.com>, opsawg-chairs@ietf.org, opsawg@ietf.org
References: <152406066529.941.10912493457057076569.idtracker@ietfa.amsl.com>
From: Eliot Lear <lear@cisco.com>
Openpgp: preference=signencrypt
Autocrypt: addr=lear@cisco.com; prefer-encrypt=mutual; keydata= xsBNBFMe1UQBCADdYOS5APDpIpF2ohAxB+nxg1GpAYr8iKwGIb86Wp9NkK5+QwbW9H035clT lpVLciExtN8E3MCTPOIm7aITPlruixAVwlBY3g7U9eRppSw9O2H/7bie2GOnYxqmsw4v1yNZ 9NcMLlD8raY0UcQ5r698c8JD4xUTLqybZXaK2sPeJkxzT+IwupRSQ+vXEvFFGhERQ88zo5Ca Sa1Gw/Rv54oH0Dq2XYkO41rhxQ60BKZLZuQK1d9+1y3I+An3AJeD3AA31fJZD3H8YRKOBgqe ILPILbw1mM7gCtCjfvFCt6AFCwEsjITGx55ceoQ+t5B5XGYJEppMWsIFrwZsfbL+gP31ABEB AAHNJUVsaW90IExlYXIgPGxlYXJAb2Zjb3Vyc2VpbXJpZ2h0LmNvbT7CwHsEEwECACUCGwMG CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJTHtXCAhkBAAoJEIe2a0bZ0nozBNoH/j0Mdnyg CgNNmI4DyL9mGfTJ/+XiTxWXMK4TTszwwn/tsXjyPQWjoO6nYqz5i96ItmSpkelSGVpzU+LK LQxSjFeUvKw23bp1rVecfGR+OENSE1m6KfFj3vtzQOZ2/FgK210MWnlYNNyAHX6Pf6hKInTP v6LbZiAQMCmf0aPvRbk/aPSNJAuIKrLrrCgAlwelrTavFsSwnKI3dhSG8DJ9+z/uiXDiHYra Ub3BKp5K/x71Zd8hUsWm2simnE/6HvZaZz7CC29JSZ/5gGtNB3OMNKLzLWUbQacF3IKxpW66 ZFYFYnlBV4jRnKlmb40YcEXWVJkkVC8g+/J9Qo6R8BdmSTXOwE0EUx7VRAEIALRZXth1u/3n FgY+G2FN0KEEik+2Xsk8JX9zr/eISa+Ol8a4U1orgxpyP2V7bQQDkDUEfs+Asagc6I8zrk3K xGln3pFFVfdM18uaEYwWvmE84Y12r7FwYdW62bA9X1Ttsp5Q1GI8XHdh0SQTF12pXYTwWW1P THYVIp7bGzM88cHqBW0xyRflu4j2nUrd9tWFd28SRxhj+MHQkQkbKFLloRty3lwdS8MCRPzX 9gUrkl+DxFHC7WrW3Vi4glI5YBlD0n2hSyDoP1GkKVT60gUGh7eJOnUBR8lzKm5wYqAtgq2m 79rKBylA40diRhbnTTeY+ytqMWFF5UXm97Jwxsezi7kAEQEAAcLAXwQYAQIACQUCUx7VRAIb DAAKCRCHtmtG2dJ6M5K5CADbunatgHsqHbR3KbpXxzralakEcdODGv/fbN6/EdKJeXrG9QKD lPxZTB9STw6+ANwESsr9uUMAxdDNKDeynjnQmFHxGdcdcXlnPZPThfseeUhUkbB/YKOfDIQA kKozNoKYj6Dcia+D/wvifIEW+GUUcO/6Qi8yK6PLJyM8C7vHEqmUGzX8gTCYOgAyOd4WZrC9 95CfB0yFIorw+MpK7MZTm5SbGPcYF9Gq9MzSqmaEw8U6YOElKYfnkcsCTLYyWaolhck+3/0R 9ISEWK5rUzqAuK40S4+Sn7yNycdCoqvQh4e3xSpzAu3aYZ8jKXQVV0X2G9Y+M1HMZuCqhPUO LTdF
Message-ID: <e409a3b8-82cc-ecf0-a408-c2e69d47b7f1@cisco.com>
Date: Thu, 19 Apr 2018 11:45:11 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <152406066529.941.10912493457057076569.idtracker@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="lkI06NIL6USIp8wqLwABADXYhTq5ihfgQ"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/ts_rfRe8TgugVkBX1uP3MFAHVhE>
Subject: Re: [OPSAWG] Mirja Kühlewind's Yes on draft-ietf-opsawg-mud-20: (with COMMENT)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Apr 2018 09:45:17 -0000

Hi Mirja,


On 18.04.18 16:11, Mirja Kühlewind wrote:
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Minor comments:
>
> 1) "is-supported" confused me a bit at the beginning. Maybe "is-maintained" could be a better name?

I suspect this may just be a tech-language issue, but I view the two as
synonymous.  The description does try to define the term.

>
> 2) Why does the MUD file contain the MUD URL? Is this meant to be used as an identifier?
>
>

Oh good question!  Without it, the MUD file itself is not
self-identifying.  This URL provides a means by which one could use
alternative resolution mechanisms.  A good example would be that a MUD
file and signature have been uploaded manually.  The file can inform MUD
manager as to what it is intended to be used for.

I propose to include 2nd and 3rd sentences.

> 3) Given this document talks quite often about possible future extensions, I'm
> also wondering if this should be Experimental. However, I assume the
> framework/architecture that is defined in this doc is not suppoed to change and
> as such PS might be good as well.

This isn't intended to be an experiment, but rather that we make
incremental progress on how we build out this capability.  Also
manufacturers really won't code up to an experiment.  This costs them
real COGS to do, and without them, we can't gain necessary experience.

>
> 4) I understand that the use of YANG is quite convinent for ACLs, however, I'm
> wondering if it is still the right choice if the MUD File would be used to
> describe more detailed behavior/traffic patterns. However, that should probably
> not be changed now, but might be another reason to go for experimental.
> Annother solution would be to further separate the architecture from the MUD
> file format (maybe into different doc?) and include a versioning mechanism in
> the MUD URL.

Welcome to my pain.  The reason we went with JSON + YANG is that the
basic capability an access list.  Other capabilities will follow, and
the perfect way to do that is by referring to another file.  This having
been said, we should leave room for the possibility that the format WILL
change over time, but I expect the timescales to be quite great.

Eliot