IETF Logo Mail Archive

Re: [RTG-DIR] RTG-DIR review of draft-ietf-opsawg-mud-13

"Adrian Farrel" <adrian@olddog.co.uk> Thu, 02 November 2017 11:14 UTC

Return-Path: <adrian@olddog.co.uk>
X-Original-To: rtg-dir@ietfa.amsl.com
Delivered-To: rtg-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28BEA139982; Thu, 2 Nov 2017 04:14:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4fWKHgBzrrZx; Thu, 2 Nov 2017 04:14:21 -0700 (PDT)
Received: from asmtp5.iomartmail.com (asmtp5.iomartmail.com [62.128.201.176]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8E2713F4CB; Thu, 2 Nov 2017 04:14:19 -0700 (PDT)
Received: from asmtp5.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp5.iomartmail.com (8.13.8/8.13.8) with ESMTP id vA2BEDR7012431; Thu, 2 Nov 2017 11:14:13 GMT
Received: from 950129200 (254.196.113.87.dyn.plus.net [87.113.196.254]) (authenticated bits=0) by asmtp5.iomartmail.com (8.13.8/8.13.8) with ESMTP id vA2BECCn012405 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 2 Nov 2017 11:14:13 GMT
Reply-To: adrian@olddog.co.uk
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Eliot Lear' <lear@cisco.com>, rtg-ads@ietf.org
Cc: draft-ietf-opsawg-mud@ietf.org, ietf@ietf.org, rtg-dir@ietf.org
References: <01d501d35342$b90d7450$2b285cf0$@olddog.co.uk> <5f1c796d-3700-cda3-0bce-f5c6e70ffc9a@cisco.com> <022901d3536d$d01d7b10$70587130$@olddog.co.uk> <44f7279c-aef8-b8ab-dfb5-a941f52e7899@cisco.com>
In-Reply-To: <44f7279c-aef8-b8ab-dfb5-a941f52e7899@cisco.com>
Date: Thu, 02 Nov 2017 11:14:09 -0000
Message-ID: <02b901d353cb$b54a7aa0$1fdf6fe0$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Content-Language: en-gb
Thread-Index: AQHbXiOVWYUGr+virfAy7t490kIJlgFDRd+PAaRHM/gA4lCt+aLSgX2g
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1679-8.1.0.1062-23434.005
X-TM-AS-Result: No--19.810-10.0-31-10
X-imss-scan-details: No--19.810-10.0-31-10
X-TMASE-MatchedRID: Kx0w2sAofbsRqNE+xcwLcPHkpkyUphL9/NqdnmyTYHNcKZwALwMGswPa oyNK+Jv3xILoPou7rqmZ5rXmZbU9pX8RWuGQxsOi081phgl5F/lReWnUUdhI9a2PbheqHTJct/b KbgYFIpodfitjgIfGwGuQ7Ro4lHrcGBntNyPrRBurfZ+usyeESClayzmQ9QV0h868MqJkrtyTqM woXHwYFHF6xI97o6MHAhPLyEMdtHermmW6xY+ZmNh3b7/zBhN10Wobj8GkNVrKY//WmIj/ofi0j vfWRgUfPOeTGEP3OBanQTgw3dez4gjgWUfbdVp/z5rIW0RbS5h9SoM2kg9cUvYnOqnd+Q0TkGYM 14lC/DWhY1RK7RrSZ/H58jGrRTfoNA4kPXMXcBLYxkZC4pzxSEbxaqRa2zEnh8BhJvgqWBlY9QW glzfLgd9J2PHe9WriZ1cUcXza30wWFyz6902fByQIIQf/f8GJRvyVHewb0kKdwU/qXYxHvGeO90 L8tOZ6jF6wvhtRU7eILExmshQCk/l9KkqHi12rcFEiuPxHjsWLB4sTRpOnCes6rusujBXfdodzZ VKMVFxhYIpB42crUu9EJt2F5Oksv1l2Uvx6idpWdFebWIc3VsRB0bsfrpPI6T/LTDsmJmg=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-dir/zQCC92t_pSNylaU2XGpoh9KpU1Y>
Subject: Re: [RTG-DIR] RTG-DIR review of draft-ietf-opsawg-mud-13
X-BeenThere: rtg-dir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Routing Area Directorate <rtg-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-dir/>
List-Post: <mailto:rtg-dir@ietf.org>
List-Help: <mailto:rtg-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 11:14:23 -0000

Getting close.

> >> With all that in mind, what I propose is the following:
> >> • Add text that RECOMMENDs that devices make use of TEAP when there
> >>     may be privacy concerns and when it is available; and
> >> • In other cases where privacy may be a concern, we should RECOMMEND
> >>    that a configuration option be provided, particularly when devices are
> >>    designed to be mobile, which is where I think most of your concerns
> >>    stem from.
> > This is getting gooder. Thanks.
> > Even when the MUD controller is on the premises (the not mobile case), it
> > contacts an offsite file server, and that act is visible.
> > Suppose my Hi-Fi uses MUD - now you know that my house is worth robbing.
> > Suppose my intruder alarm uses MUD - now you know what security system I
> > have.
> 
> Here, I think you have some cause for hope, because on the whole, in the
> home, wireless encryption is generally used.  It's not perfect but would
> address the point you make above.

Yes. This addresses communications between device and router, and between router and MUD controller.
Of course, there are some issues with the use of wireless encryption in the home (like security concerns) added to the fact that far fewer people use wireless security than you might think given that you hang out with technology-aware folk. But that's OK because (nominally) we have a protection mechanism.

But when the home-based MUD controller uses a URL to access a MUD server, isn't that pretty visible and associated with the home (via the IP address)?

> > Of course, when the MUD controller is remote (the mobile case), it's all even
> > more worrying.
> 
> Yes, and to that end I propose to highlight a particular warning for
> open networks (this would be one amongst many that developers should
> heed with regard to open networks).

OK. That works.

> > I know you are trying to trade between perfect and getting something that will
> > be implemented and so make the world a somewhat better place. But just recall
> > that someone implemented those devices that "leak like sieves" and those folk
> > are unlikely to see a Recommendation as anything like a strong hint.
> 
> My hope is that this problem will abate over time, but I really cannot
> say.  My guess is that the same who are unlikely to heed such a
> recommendation are also highly unlikely to implement MUD in the first place.

Yeah, you're right.

I assume you have already written the paper titled "As Clear As MUD".

> >>> There seems to be some overlap of terms and definitions in 1.5 and 1.6.
> >> Can you be more specific?
> > 1.5 and 1.6 both have "manufacturer".
> > 1.5 has "controller" and 1.6 has "MUD controller".
> > The definitions don't match.
> 
> Ah- that is because they are being used in different contexts.  One is
> intended as a YANG node and the other really means those people who
> build the thing.

Yeah, got that. But isn't the YANG node supposed to encode the information about the real things?

Well, if everyone else thinks this is clear.

> >>> Introduction
> >>>
> >>>   The key points are that the device itself is expected
> >>>   to serve a limited purpose,
> >>>
> >>> I think you mean s/expected/intended/
> >> How about "assumed"?
> > We're both being overly passive. Who has the
> > expectation/intention/assumption.
> >
> > By "intended" I meant "intended by the manufacturer".
> > So, actually, any one of the three words is fine, if you can attribute the verb to
> > someone.
> 
> Ok, I think we might have to disagree.  The use of passive in this case
> is appropriate because the assumption is general and not attached to a
> single party.  Also, the following phrase – and the rest of the document
> – make clear who is doing what.

Sigh. You'll not convince me that passive voice is ever a good thing in a spec. 
A general assumption is pretty risky. It's a second order assumption: you're assuming that I assume. I'm reminded that the US has actually written laws about "intended use" because those assumptions were not necessarily shared.

Maybe it's just writing style.

Thanks,
Adrian

v2.23.0 | Report a Bug | By Email