Interesting work, three questions: 1. Can the IoT device (D)TLS profile be disclosed to malicious agent or IoT device? If not, how do you prevent these sensitive information leaking?
2. Do you frequently update DTLS profile disclosed to IoT device to prevent malicious agent from snooping? 3. How does enterprise firewal use DTLS profile to detect malicious flow or legitimate flow? -Qin 发件人: OPSAWG [mailto:[email protected]] 代表 tirumal reddy 发送时间: 2019年7月8日 22:03 收件人: [email protected]; [email protected] 主题: [OPSAWG] Fwd: New Version Notification for draft-reddy-opswg-mud-tls-00.txt This draft https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 discusses Manufacturer Usage Description (MUD) extension to model (D)TLS profile on IoT devices. This allows a firewall to notice abnormal DTLS or TLS usage, which has been a strong indicator of other software running on the endpoint, typically malware. Comments, suggestions, and questions are more than welcome. Cheers, -Tiru ---------- Forwarded message --------- From: <[email protected]<mailto:[email protected]>> Date: Mon, 8 Jul 2019 at 19:18 Subject: New Version Notification for draft-reddy-opswg-mud-tls-00.txt To: Tirumaleswar Reddy <[email protected]<mailto:[email protected]>>, Dan Wing <[email protected]<mailto:[email protected]>> A new version of I-D, draft-reddy-opswg-mud-tls-00.txt has been successfully submitted by Tirumaleswar Reddy and posted to the IETF repository. Name: draft-reddy-opswg-mud-tls Revision: 00 Title: MUD (D)TLS profiles for IoT devices Document date: 2019-07-08 Group: Individual Submission Pages: 16 URL: https://www.ietf.org/internet-drafts/draft-reddy-opswg-mud-tls-00.txt Status: https://datatracker.ietf.org/doc/draft-reddy-opswg-mud-tls/ Htmlized: https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-reddy-opswg-mud-tls Abstract: This memo extends Manufacturer Usage Description (MUD) to model DTLS and TLS usage. This allows a network element to notice abnormal DTLS or TLS usage which has been strong indicator of other software running on the endpoint, typically malware. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>. The IETF Secretariat
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
