Yangjie (Jay, IP Standard) <[email protected]> wrote: > But perhaps in some scenarios, like mud server moved for follow-up > maintenance, this current acceptable URL will be changed.
If the MUD server needs to be moved, then the DNS can be updated to point
toward a replacement server. And/or 301/302/307/.. redirects are usually
followed.
As long as the signature on the MUD file still validates, any location is okay.
So I don't think that this is a reasonable concern.
> So Can we specify the fixed parts and variable in Root URL clearly in
> the generation rule initially? I think this solution will be more
> general.
I think this just makes it more complicated for the validator, which means
that it will have more bugs and take more words to explain properly.
> Here, the fixed parts can be be the right of the last "/" in the root
> URL, like your draft's description, also can be some invariable
> attributes like manufacture and devices, which can be convert to some
> parts of standard URL. And this fixed parts can be built-in initial
> certification, used as the trust basis for the final valid URL.
Can you give me an example of what you mean?
> The variable parts can be get from device storage, or from some file in
> this device. I think, this MUD URL updating mechanism is more
> flexible.
> By the way, introduction on ACL and DNS in the beginning of this draft,
may be no need.
Could be.
The WG could provide some feedback about how much introduction we need.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
