I like how this is evolving ... few things Few small things ....
If you use CMS, I think you need to deal with how the JSON in canonicalized before being signed. I will suggest that the standards the IETF created for signing JSON would be a better choice for signing JSON than CMS - that's how most other JSON based stuff does it. Putting the last updated and cache validity in the file may not be a good plan. More importantly putting it inside the stuff that is singed seems problematic. The "ietf-mud:direction" stuff seems a bit under specified. Does from-device mean that if the device imitates the flow, responses to the flow also need to flow to the device? It seems like the ietf-netmod-acl-model draft might be a better place to specify this. Use of "ietf-mud" as prefix in the JSON for "ietf-mud:direction" is not how JSON typically does this. You don't need a namespace because we know this is a mud file thus know the namespace. A big reason some people moved from XML to JSON was exactly to get rid of namespace. It's not a great practice to put ":" in the names of json attributes because the way people use them in some languages often have them unquoted which you can't do if there is a : in the name. You can do it, but "-" or "_" might be better than ":" here. It would be great to have an simple example JSON file in the introduction instead of (as well as a complete example in section 6) PS this as a PS because I view the odds of anything changing here to be about zero but from the peanut gallery ... The JSON for the MUD file is hideous. It's crap like this from the IETF that causes people to go no, thanks, I'll just made a standard on github with some open source. It as awful as Cisco's IOS CLI. Wait, it is the IOS CLI moved to have lots of angles brackets then translated to be JSON. If you were designing a JSON representation to describe the network flows of a device, this is not what it would be. _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
