Re: [RTG-DIR] RTG-DIR review of draft-ietf-opsawg-mud-13
Eliot Lear <lear@cisco.com> Thu, 02 November 2017 15:01 UTC
Return-Path: <lear@cisco.com>
X-Original-To: rtg-dir@ietfa.amsl.com
Delivered-To: rtg-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B08EA13F66C; Thu, 2 Nov 2017 08:01:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m0i3TjjMfdTk; Thu, 2 Nov 2017 08:01:51 -0700 (PDT)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB0D013FA9C; Thu, 2 Nov 2017 08:01:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2582; q=dns/txt; s=iport; t=1509634911; x=1510844511; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to; bh=fv49HHpLt6JYCysPAP5w6KAgOv3qYU4OQfjMeUAbkII=; b=PEeC1xG2KM2td27HgzLm3XdGSnXDRXhtNPLD3wuDOVmNJNJacAiGVoNY laqeRwkhhzfV4Sh3XdGt0El9+nl2SnscVl8pN8PkOhSqQh2Rpohf4fMOE ASngvBh1t5XqnGvGGmPojAaRNUCysKdFAYndMQLXz3XlPWZtwZK5jpdFY g=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0COAADXMvtZ/xbLJq1cGQEBAQEBAQEBAQEBBwEBAQEBhQaEJIofdJAjlkUQggEHA4U7AoUOGAEBAQEBAQEBAWsohR4BBSNWEAsYKgICVwcMCAEBih+ofYInixcBAQEBAQUBAQEBARQPgy6FbIMBhFUmgyuCYgWZBokHhEKCI44Xi3iHOpYWgTkfOIFsNCEIHRWDLoRfQI15AQEB
X-IronPort-AV: E=Sophos;i="5.44,334,1505779200"; d="asc'?scan'208";a="15242"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Nov 2017 15:01:49 +0000
Received: from [10.61.88.6] (ams3-vpn-dhcp6151.cisco.com [10.61.88.6]) by aer-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id vA2F1moe014382; Thu, 2 Nov 2017 15:01:48 GMT
To: adrian@olddog.co.uk, rtg-ads@ietf.org
Cc: draft-ietf-opsawg-mud@ietf.org, ietf@ietf.org, rtg-dir@ietf.org
References: <01d501d35342$b90d7450$2b285cf0$@olddog.co.uk> <5f1c796d-3700-cda3-0bce-f5c6e70ffc9a@cisco.com> <022901d3536d$d01d7b10$70587130$@olddog.co.uk> <44f7279c-aef8-b8ab-dfb5-a941f52e7899@cisco.com> <02b901d353cb$b54a7aa0$1fdf6fe0$@olddog.co.uk>
From: Eliot Lear <lear@cisco.com>
Message-ID: <73c3c46a-46ae-2d41-a6d0-b6c41a1365cf@cisco.com>
Date: Thu, 02 Nov 2017 16:00:57 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <02b901d353cb$b54a7aa0$1fdf6fe0$@olddog.co.uk>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="tcWWjFJUoFA47HjVTekARctxTi3lWogUD"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-dir/PGqUBNICbqmtK-QCUzomjZSVWYA>
Subject: Re: [RTG-DIR] RTG-DIR review of draft-ietf-opsawg-mud-13
X-BeenThere: rtg-dir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Routing Area Directorate <rtg-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-dir/>
List-Post: <mailto:rtg-dir@ietf.org>
List-Help: <mailto:rtg-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 15:01:58 -0000
Hi Adrian, Trimming now. On 11/2/17 12:14 PM, Adrian Farrel wrote: > But when the home-based MUD controller uses a URL to access a MUD > server, isn't that pretty visible and associated with the home (via > the IP address)? The communication occurs via TLS. I just don't know how to do better. Also, I perceive two additional mitigations, one something of a happy accident: I expect that there will be providers that do MUD file management and so many of these URLs will all likely be served from the same places, and not necessarily give away what they are. The second is that much of this data will be served from commercial clouds for reliability purposes. Regarding passive tense let us take that as editorial and I will work with you to find a form that fits. AD and WG permitting of course. Eliot
- [RTG-DIR] RTG-DIR review of draft-ietf-opsawg-mud… Adrian Farrel
- Re: [RTG-DIR] RTG-DIR review of draft-ietf-opsawg… Eliot Lear
- Re: [RTG-DIR] RTG-DIR review of draft-ietf-opsawg… Adrian Farrel
- Re: [RTG-DIR] RTG-DIR review of draft-ietf-opsawg… Eliot Lear
- Re: [RTG-DIR] RTG-DIR review of draft-ietf-opsawg… Adrian Farrel
- Re: [RTG-DIR] RTG-DIR review of draft-ietf-opsawg… Eliot Lear