On 10/24/17 2:48 PM, Joe Clarke wrote: > On 10/24/17 07:48, Eliot Lear wrote: > > I want to confirm this with the WG and the chairs. I'm okay > > removing this if others are as well. It's past WGLC and I am about > > to post -13. Objections? > > This seems better for security and clarity with respect to other MUD > elements. But does this break any current implementations?
This is a draft. The underlying model has changed, so this is small
potatos.
Eliot
>
> Joe
>
>
> > On 10/24/17 12:02 AM, M. Ranganathan wrote:
> >> Hello,
> >>
> >> I am wondering about the utility of the actions part of the ACE.
> >>
> >> In the latest MUD draft, I see "Appendix B : Default MUD nodes"
> >> where it is suggested that one could, for example, set up to drop
> >> packets to the DNS server by setting actions
> >>
> >>
> >> "actions": { "forwarding": "drop" }
> >>
> >> But this is only because there is a notion of default access in
> >> MUD which assume the IOT device isallowed to access DNS and NTP
> >> by default, which now has to be overriden by a "drop" action.
> >> This goes aginst the basic MUD working principle that everything
> >> is denied unless explictly stated. I am just voicing an opinon
> >> here : Perhaps it would be less confusing if NTP and DNS were not
> >> given any special treatment. It really does not save much by way
> >> of length of the MUD file to explicitly state rules for them
> >> Perhaps it is a bit late to suggest this but may I suggest
> >> removing the idea of default permit access to DNS and NTP. It
> >> would simplify some things. Thanks, Regards, Ranga.
> >>
> >>
> >>
> >>
> >>
> >> -- M. Ranganathan
> >>
> >>
> >> _______________________________________________ OPSAWG mailing
> >> list OPSAWG@ietf.org
> >> https://www.ietf.org/mailman/listinfo/opsawg
>
>
>
> > _______________________________________________ OPSAWG mailing
> > list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
>
>
>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
