Rob Wilton (rwilton) wrote:
> The TD;LR is I think that your latest changes are good and I’ll send
> -12 to IETF LC.
I think that I got the rest of your nits as well in the version I posted
yesterday.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software
Hi Michael,
The TD;LR is I think that your latest changes are good and I’ll send -12 to
IETF LC.
When checking the changes, diff, 3 minor nits:
1. “a IP address literal in the URL” to “an IP …
1. I still think “inprotocol” should be something else, perhaps “within the
protocol”.
{noting that you reviewed -08, and we are up to -10 since, so some of
your comments/text are no longer applicable}
Rob Wilton (rwilton) wrote:
> I’ve just re-reviewed -10.I still think that the English to be cleaned
> up further. I know that the RFC editor would likely find and fix
some situations that may be
significant, particularly if unencrypted WiFi is used.
Warning: Did you mean Wi-Fi? (This is the officially approved term by the
Wi-Fi Alliance.)
Suggested change: "Wi-Fi"
Regards,
Rob
From: Toerless Eckert
Date: Thursday, 26 October 2023 at 23:21
To:
> Thank for clarification, Michael. I believe my confusion comes from the
> following paragraph:
"
While subsequent connections to the same site (and subsequent packets
in the same flow) will not be affected if the results are cached, the
effects will be felt. The ACL results can be
ect.
-Qin
-邮件原件-
发件人: Michael Richardson [mailto:mcr+i...@sandelman.ca]
发送时间: 2023年11月1日 22:56
收件人: Qin Wu
抄送: Eliot Lear ; Rob Wilton (rwilton)
; opsawg@ietf.org;
draft-ietf-opsawg-mud-iot-dns-considerati...@ietf.org
主题: Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-iot-dns-consideration
Qin Wu wrote:
> Hi Michale: If my interpretation is correct, the mapping between IP
> address and Name is only valid for specific session or connection, when
I don't understand your comment.
The policy might say, "permit TCP port 1245 to example.com"
In order to enact this policy, the
-opsawg-mud-iot-dns-considerati...@ietf.org
主题: Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-iot-dns-considerations-08
Eliot Lear wrote:
> On 23.10.2023 17:27, Michael Richardson wrote:
>> Maybe someone else can explain it back to me in a better way.
> The funda
On Thu, Oct 26, 2023 at 05:49:08PM -0400, Michael Richardson wrote:
> > Sure, but that DNSSEC issue equally applies to TLS proxies, right ?
> > DNSSEC is not mentioned in the docs paragraphs discussing TLS.
>
> TLS proxies do not change/break DNS(SEC).
> They "attack" at the TCP layer (in
Toerless Eckert wrote:
>> > If this geofenced is what i think, then i don't believe it is a valid
>> > argument:
>>
>> > The draft outlines how TLS proxying does not work with 1.3
>> > anymore. However, TCP and UDP proxying would still work, as long as
>> > servers do not
On Thu, Oct 26, 2023 at 09:43:57AM -0400, Michael Richardson wrote:
>
> Toerless Eckert wrote:
> > Randomnly jumping into the discussion, probavbly too late for any
> > impact, but:
>
> > I am not quite sure that section 6.4 "geofenced names" exactly means, a
> > RFC reference
Toerless Eckert wrote:
> Randomnly jumping into the discussion, probavbly too late for any
> impact, but:
> I am not quite sure that section 6.4 "geofenced names" exactly means, a
> RFC reference would help. Also a reference for the described problems.
I see that it's not in
Randomnly jumping into the discussion, probavbly too late for any impact, but:
I am not quite sure that section 6.4 "geofenced names" exactly means, a RFC
reference would help. Also a reference for the described problems.
If this geofenced is what i think, then i don't believe it is a valid
Eliot Lear wrote:
> On 23.10.2023 17:27, Michael Richardson wrote:
>> Maybe someone else can explain it back to me in a better way.
> The fundamental issue is this:
> * If you are permitting an IP address in an ACL based on a name in a
> MUD file, the mapping to that
On 23.10.2023 17:27, Michael Richardson wrote:
Maybe someone else can explain it back to me in a better way.
The fundamental issue is this:
* If you are permitting an IP address in an ACL based on a name in a
MUD file, the mapping to that address is valid for the greater of
the TTL on
Rob Wilton \(rwilton\) wrote:
>> > (14) p 4, sec 3.1.1. Too slow
>>
>> > While subsequent connections to the same site (and subsequent packets
>> > in the same flow) will not be affected if the results are cached, the
>> > effects will be felt. The ACL results can be cached
This changes I made based upon your comments are at:
https://github.com/IETF-OPSAWG-WG/draft-ietf-opsawg-mud-iot-dns-considerations/pull/12
I've merged it to make/post -10, but if you are further comments and want to
suggest other changes in the github, please go ahead.
Hi,
I've been through the issues that I opened last Wednesday.
The pull requests are:
https://github.com/IETF-OPSAWG-WG/draft-ietf-opsawg-mud-iot-dns-considerations/pull/11
https://github.com/IETF-OPSAWG-WG/draft-ietf-opsawg-mud-iot-dns-considerations/pull/10
AD review of draft-ietf-opsawg-mud-iot-dns-considerations-08
>
>
> > (10) p 12, sec 7. Privacy Considerations
>
> > The use of DoT and DoH eliminates the minimizes threat from passive
> > eavesdropped, but still exposes the list to the operator of the DoT
Wilton (rwilton)
> Cc : opsawg@ietf.org; draft-ietf-opsawg-mud-iot-dns-
> considerati...@ietf.org
> Objet : Re: [OPSAWG] AD review of draft-ietf-opsawg-mud-iot-dns-
> considerations-08
>
>
>
> > (7) p 11, sec 6.5. Prefer DNS servers learnt from DHCP/Route
>
Rob Wilton (rwilton) wrote:
> I've also run the text
> through a grammar checker which may highlight potential additional
> changes, but can also have some false positives (MCR, please can you
> check these).
okay.
> Minor level comments:
> (1) p 2, sec 1.
Thank you for the comments, I'll try to get a new document out next week.
I'm sorry that the grammar was poor, and I'll re-edit again.
--
Michael Richardson. o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP
Hi,
Here is my AD review of draft-ietf-opsawg-mud-iot-dns-considerations-08.
I found quite a few cases where the grammar is incorrect, which I find somewhat
distracting and makes the document harder to review for technical
content/correctness. I've flagged as many of these that I can in my
23 matches
Mail list logo