-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/24/17 07:48, Eliot Lear wrote:
> I want to confirm this with the WG and the chairs. I'm okay
> removing this if others are as well. It's past WGLC and I am about
> to post -13. Objections?
This seems better for security and clarity with respect to other MUD
elements. But does this break any current implementations?
Joe
>
> On 10/24/17 12:02 AM, M. Ranganathan wrote:
>> Hello,
>>
>> I am wondering about the utility of the actions part of the ACE.
>>
>> In the latest MUD draft, I see "Appendix B : Default MUD nodes"
>> where it is suggested that one could, for example, set up to drop
>> packets to the DNS server by setting actions
>>
>>
>> "actions": { "forwarding": "drop" }
>>
>> But this is only because there is a notion of default access in
>> MUD which assume the IOT device isallowed to access DNS and NTP
>> by default, which now has to be overriden by a "drop" action.
>> This goes aginst the basic MUD working principle that everything
>> is denied unless explictly stated. I am just voicing an opinon
>> here : Perhaps it would be less confusing if NTP and DNS were not
>> given any special treatment. It really does not save much by way
>> of length of the MUD file to explicitly state rules for them
>> Perhaps it is a bit late to suggest this but may I suggest
>> removing the idea of default permit access to DNS and NTP. It
>> would simplify some things. Thanks, Regards, Ranga.
>>
>>
>>
>>
>>
>> -- M. Ranganathan
>>
>>
>> _______________________________________________ OPSAWG mailing
>> list OPSAWG@ietf.org
>> https://www.ietf.org/mailman/listinfo/opsawg
>
>
>
> _______________________________________________ OPSAWG mailing
> list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
>
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTMiWQHc8wChijkr7lvaI+K/hTPhwUCWe82kQAKCRBvaI+K/hTP
h3OqAKCadr2ODxshWc7bo9gW/QycPgqCuACeL2R0U9iChi1CO3Kg0gQXiu3SqD8=
=sCr9
-----END PGP SIGNATURE-----
_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg
