Hi, Michael, Introducing root MUD URL is a good way for authorized updating, and is the firstly initially inside devices, which can fetch the version-0 mud file.
But perhaps in some scenarios, like mud server moved for follow-up maintenance, this current acceptable URL will be changed. So Can we specify the fixed parts and variable in Root URL clearly in the generation rule initially? I think this solution will be more general. Here, the fixed parts can be be the right of the last "/" in the root URL, like your draft's description, also can be some invariable attributes like manufacture and devices, which can be convert to some parts of standard URL.. And this fixed parts can be built-in initial certification, used as the trust basis for the final valid URL. The variable parts can be get from device storage, or from some file in this device. I think, this MUD URL updating mechanism is more flexible. By the way, introduction on ACL and DNS in the beginning of this draft, may be no need. Best Regards, Jay.
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
