On 10/24/17 2:48 PM, Joe Clarke wrote: > On 10/24/17 07:48, Eliot Lear wrote: > > I want to confirm this with the WG and the chairs. I'm okay > > removing this if others are as well. It's past WGLC and I am about > > to post -13. Objections? > > This seems better for security and clarity with respect to other MUD > elements. But does this break any current implementations?
This is a draft. The underlying model has changed, so this is small potatos. Eliot > > Joe > > > > On 10/24/17 12:02 AM, M. Ranganathan wrote: > >> Hello, > >> > >> I am wondering about the utility of the actions part of the ACE. > >> > >> In the latest MUD draft, I see "Appendix B : Default MUD nodes" > >> where it is suggested that one could, for example, set up to drop > >> packets to the DNS server by setting actions > >> > >> > >> "actions": { "forwarding": "drop" } > >> > >> But this is only because there is a notion of default access in > >> MUD which assume the IOT device isallowed to access DNS and NTP > >> by default, which now has to be overriden by a "drop" action. > >> This goes aginst the basic MUD working principle that everything > >> is denied unless explictly stated. I am just voicing an opinon > >> here : Perhaps it would be less confusing if NTP and DNS were not > >> given any special treatment. It really does not save much by way > >> of length of the MUD file to explicitly state rules for them > >> Perhaps it is a bit late to suggest this but may I suggest > >> removing the idea of default permit access to DNS and NTP. It > >> would simplify some things. Thanks, Regards, Ranga. > >> > >> > >> > >> > >> > >> -- M. Ranganathan > >> > >> > >> _______________________________________________ OPSAWG mailing > >> list OPSAWG@ietf.org > >> https://www.ietf.org/mailman/listinfo/opsawg > > > > > _______________________________________________ OPSAWG mailing > > list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg > > >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg