Hi authors, all, I've read the draft and I support adoption. This draft is useful for the network element, e.g., firewalls, to identity and prevent the unintended usage of (D)TLS encryption, which will help increase the security especially in the Enterprise networks. The unexpected usage of (D)TLS can include two aspects, one is using the old version or weak algorithms, the other is communicating with unauthorized servers. I'm glad to see this draft has covered these two aspects.
Two comments: 1. The 'application-protocols' defined in the YANG module is string-type, can it be defined in a more accurate way, like port numbers or enumerations? Because I think different entities may have different interpretations of the strings. 2. It does be a problem if the updates of the MUD file can't follow the pace of the updates of IoT devices. This draft has considered this problem in some places, but I think it's better to outline this problem separately and systematically. Regards & Thanks! Wei Pan -----Original Message----- From: OPSAWG [mailto:[email protected]] On Behalf Of Joe Clarke (jclarke) Sent: Wednesday, September 2, 2020 11:06 PM To: opsawg <[email protected]> Subject: [OPSAWG] CALL FOR ADOPTION: draft-reddy-opsawg-mud-tls Hello, opsawg. This draft as underwent a number of revisions based on reviews and presentations at the last few IETF meetings. The authors feel they have addressed the issues and concerns from the WG in their latest posted -05 revision. As a reminder, this document describes how to use (D)TLS profile parameters with MUD to expose potential unauthorized software or malware on an endpoint. To that end, this serves as a two-week call for adoption for this work. Please reply with your support and/or comments by September 16, 2020. Thanks. Joe and Tianran _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
