Re: [TLS] [OPSAWG] CALL FOR ADOPTION: draft-reddy-opsawg-mud-tls

Eliot Lear <lear@cisco.com> Sun, 20 September 2020 08:35 UTC

Return-Path: <lear@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC1603A0803; Sun, 20 Sep 2020 01:35:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.901
X-Spam-Level:
X-Spam-Status: No, score=-11.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TM7sP26nx0M0; Sun, 20 Sep 2020 01:35:52 -0700 (PDT)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C41F63A1167; Sun, 20 Sep 2020 01:35:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1453; q=dns/txt; s=iport; t=1600590952; x=1601800552; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=oVOh2hfPttU698daQXzPMAJmYBaZfX70oBkjcivn8TM=; b=ZFMg/PYQuvy5sd4X1pIXn+lac2nnQGW/3+66/j6itEe79CyE88pg33er 0pFg0hk+qmlYrOrjojJBp8DC/jgCn1mLfwkiK2MIC9EI6y/HVLKhW8ZiO H7K6+59Qq4ePseLtzH7vNLfL2gvsGSPARYQ+XX8gpANIVaCgbM1PXiHys k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CzAADWE2df/xbLJq1VChoBAQEBAQE?= =?us-ascii?q?BAQEBAwEBAQESAQEBAQICAQEBAUCBTwIBg2wBMiyEOokCiD2KDpIRCwEBAQ0?= =?us-ascii?q?BAS8EAQGESwKCLCU5BQ0CAwEBCwEBBQEBAQIBBgRthWhDARABhR0BAQEBAgE?= =?us-ascii?q?dBlYFCwsOBAYCAiYCAiEoDgYTgyaCTAMOILMJdoEyhVOCVg2CJIEOKgGNDji?= =?us-ascii?q?CAIERJxyCTT6CGoF2LYMXM4ItBJAmgkyja1GCcYMRkjOFCAMegwyPCCmORKB?= =?us-ascii?q?GjlWDXAIEBgUCFYFsIoFXMxoIGxVlAYI+PhIZDY4rF44mPwMwNwIGAQkBAQM?= =?us-ascii?q?JgnCLbwEB?=
X-IronPort-AV: E=Sophos;i="5.77,282,1596499200"; d="scan'208";a="29703055"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 20 Sep 2020 08:35:47 +0000
Received: from [10.61.213.221] ([10.61.213.221]) by aer-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 08K8Zl6d018165 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 20 Sep 2020 08:35:47 GMT
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
From: Eliot Lear <lear@cisco.com>
In-Reply-To: <20200911114054.184988dc@totoro.tlrmx.org>
Date: Sun, 20 Sep 2020 10:35:46 +0200
Cc: tirumal reddy <kondtir@gmail.com>, opsawg <opsawg@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <FF4995F8-53F1-450B-A305-A095A7BAE057@cisco.com>
References: <21BA8D05-DD83-44DE-81B9-457692484CAD@cisco.com> <053b286e-4780-1818-a79d-71b9c967bbd2@sandelman.ca> <CAHbrMsANEA4omTm5dPYLN9zGde2YdT_71ujpBcCEer_xSkPhbw@mail.gmail.com> <CAFpG3gepojPJoK8W+o9Qr66gPSUqHY+sDX-v+-fuwcM9Y56C_g@mail.gmail.com> <20200911114054.184988dc@totoro.tlrmx.org>
To: Nick Lamb <njl@tlrmx.org>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
X-Outbound-SMTP-Client: 10.61.213.221, [10.61.213.221]
X-Outbound-Node: aer-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PLPbIsDBdhnSGp4WWVkC58trrD4>
Subject: Re: [TLS] [OPSAWG] CALL FOR ADOPTION: draft-reddy-opsawg-mud-tls
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Sep 2020 08:35:54 -0000


> On 11 Sep 2020, at 12:40, Nick Lamb <njl@tlrmx.org> wrote:
> 
> On Fri, 11 Sep 2020 12:32:03 +0530
> tirumal reddy <kondtir@gmail.com> wrote:
> 
>> The MUD URL is encrypted and shared only with the authorized
>> components in the network. An  attacker cannot read the MUD URL and
>> identify the IoT device. Otherwise, it provides the attacker with
>> guidance on what vulnerabilities may be present on the IoT device.
> 
> RFC 8520 envisions that the MUD URL is broadcast as a DHCP option and
> over LLDP without - so far as I was able to see - any mechanism by which
> it should be meaningfully "encrypted" as to prevent an attacker on your
> network from reading it.

That’s a bit of an overstatement.  RFC 8520 specifies a component architecture.  It names three ways of emitting a URL (DHCP, LLDP, 802.1X w/ certificate).  Two other mechanisms have already been developed (QR code, Device Provisioning Protocol), and a 3rd new method is on the way for cellular devices.

I would not universally claim that a MUD URL is secret but neither would I claim it is not.  The management tooling will know which is which, as will the manufacturer, and can make decisions accordingly.

This having been said, it seems to me we are off on the wrong foot here.  The serious argument that needs to be addressed is Ben’s and EKR's.  We have to be careful about ossification.

Eliot