Hi Eliot, I am definitely interested in a MUD controller RFC and would be glad to help in its defintion. It would be nice to see some clear definition on how to interact with a MUD controller - i.e. a YANG model such as this one would make sense to include. Another item to consider in such an RFC would be MUD controller discovery (maybe a DNS SRV record can be defined).
Thanks, Ranga On Wed, Sep 20, 2017 at 8:05 AM, Eliot Lear <[email protected]> wrote: > Hi Ranga, > I think this makes sense for a MUD controller YANG model, but doesn't do > well in a MUD file itself. We stop short of that in the document, for fear > of boiling the ocean, but I would happily do some follow-up work with you > that would include this, if you're interested. The model *is* structured > so that you can "use" appropriate elements. > > Eliot > > > On 9/20/17 4:22 AM, M. Ranganathan wrote: > > Hi Eliot, > > Attached is a proposed YANG file that defines a device to MUD association. > May I suggest words to the following effect: > > Implementations MAY choose to implement a mapping between a MUD URL > and a device identifier. Such a mapping may be communicated to the MUD > controller, which can then install access control rules based on a > previously retrieved MUD file. The mapping must conform to the YANG > specification below. > > How does this sound? Thanks. > > > > On Tue, Sep 19, 2017 at 5:39 PM, Eliot Lear <[email protected]> wrote: > >> Hi Ranga, >> >> The way we did the early code on github was just with FreeRadius and >> leveraging sessions which are indexed precisely by MAC address. And so the >> MUD Controller functionality sits next to FreeRadius through callouts. I >> don't think we want to get that specific in the draft, and there are others >> who don't want to bother with Radius at all in their implementations but >> would just assume use other control functions. And that's fine. In fact, >> you could build the functionality into a DHCP server, which I did in my >> first implementation. So I'm not quite sure what to write. Suggestions >> welcome ;-) >> >> Eliot >> >> ps: thanks for kinking out the example. Chairs, I'll submit an updated >> draft with the example corrected. >> >> On 9/19/17 10:10 PM, M. Ranganathan wrote: >> >> Hello! >> >> MUD profiles are globally identified by the MUD URL. Devices are >> identified by a global Identifier (e.g. MAC address). >> >> In implementing this, I need to associate a specific MUD profile with a >> specific device. >> >> Would the authors consider it within scope to provide some guidance on >> this (for example a simple YANG model that provides the structure of a JSON >> document that can give such a mapping) ? >> >> >> Thanks for reading. >> >> Ranga. >> >> >> -- >> M. Ranganathan >> >> >> _______________________________________________ >> OPSAWG mailing >> [email protected]https://www.ietf.org/mailman/listinfo/opsawg >> >> >> > > > -- > M. Ranganathan > > > -- M. Ranganathan
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
