Ben Schwartz <bemasc=40google....@dmarc.ietf.org> wrote: > solution would be to recommend against this permission, and introduce a new > one that provides explicit coupling between DNS resolution, transport > setup, and the MUD gateway (e.g. using a SOCKS5 proxy).
The MUD controller is a thing that programs ACLs into a standard gateway. I don't think we have a "MUD gateway" in any of the architectures. Yes, it would be a great idea if such a thing was deployable. Which currently shipping home routers include SOCKS5 proxy? Is SOCKSv5 it a standard part of MATTER, or Google Fiber, or Xfinity, or free.fr routers? How would the IoT device negotiate the authentication for the firewall traversal, if that was part of the SOCKSv5? It would be totally awesome if IoT vendors could rely on that? Unfortunately, recommending against urn:ietf:params:mud:dns is recommending against RFC8520. -- Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg