Hi everyone, I wanted to give a brief update on this draft. Right now we've resolved a lot of comments in our previous version. I am awaiting an update on draft-ietf-netmod-acl-model, which is undergoing revisions, as discussed in the last opsawg meeting. Once that has taken place I will rev the draft again. At the same time, we have gotten some amount of experience in terms of generating config that we can share in the draft, much of which is common sense. And so, for instance, we would want to probably at least suggest or perhaps require that MUD files that are generated use "permit" parts of the ACLs to keep things simple at the beginning. Also, making use of IP addresses themselves in the ACL would be considered unfriendly, unless it's a multicast address. This is because the whole scaling function of MUD is to abstract those addresses out.
Beyond that, look for more before the last call cutoff. Eliot
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg