Hi Eliot,
Adding device information (manufacture/device-type etc.) in MUD file provides
visibility in network, in addition to policy.
If visibility is not that important for MUD, we could have it as optional
parameters.
IMHO, it’s important because MUD will not be the only policy for the device and
if admin has to apply other policies, he/she needs to know what the device is.
Device manufacturer is the most reliable source to provide information about
the device.
Based on your comment
> Yes, there is. If the MUD-URL is "burned in" via 802.1AR and the
> software can be updated, then one oughtn't provide software
> information for the simple reason that it would be most likely
> wrong. Hardware info? Sure. Software when using DHCP or LLDP?
> Sure. But otherwise no.
For this, it’s important that we have version number in the MUD URL – Either as
v1, v2 or <software version> itself.
Device description and access policy may change when software is upgraded. A
newly released device with a different software version may have different
access pattern compared to older version of the device.
MUD file is a static file and in a static file serving web-server like apache
(or even an object store like AWS S3) it is most likely to be stored in the
disk (on in object store) as path <</.well-known/mud/model>> .
MUD file would be read directly from the disk path when the file is served to
the requester.
It’s going to be very difficult to host multiple policy files for the same
model unless we have a way to distinguish them in the URL itself.
If we have software version in the URL, we not need to have it in the file.
Two different software version (therefore different URLs) could point to the
same MUD file, if there is a need for that.
This mapping can be done fairly easily inside a webserver.
Thanks,
Saswat
On 1/26/18, 2:05 AM, "Joe Clarke (jclarke)" <[email protected]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 1/24/18 06:24, Eliot Lear wrote:
>
>
> On 24.01.18 12:20, Joe Clarke wrote:
>> Is there a reason why they wouldn't be mandatory? Seems like
>> these data would be readily available and having them would make
>> a number of use case cases possible.
>
> Yes, there is. If the MUD-URL is "burned in" via 802.1AR and the
> software can be updated, then one oughtn't provide software
> information for the simple reason that it would be most likely
> wrong. Hardware info? Sure. Software when using DHCP or LLDP?
> Sure. But otherwise no.
Fair, but why not mandatory then for device-type, model-number, and
manuf-name?
Joe
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTMiWQHc8wChijkr7lvaI+K/hTPhwUCWmr9TwAKCRBvaI+K/hTP
h4UhAJ9C7cFxWuDxndYipyAFnunsWUrllQCfRhK/8Gnk4t7YMM26hCsxUCt3rVY=
=eEtq
-----END PGP SIGNATURE-----
_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg
