Hi Wei, Thanks for the feedback. Please see inline
On Fri, 11 Sep 2020 at 09:43, Panwei (William) <[email protected]> wrote: > Hi authors, all, > > I've read the draft and I support adoption. This draft is useful for the > network element, e.g., firewalls, to identity and prevent the unintended > usage of (D)TLS encryption, which will help increase the security > especially in the Enterprise networks. The unexpected usage of (D)TLS can > include two aspects, one is using the old version or weak algorithms, the > other is communicating with unauthorized servers. I'm glad to see this > draft has covered these two aspects. > > Two comments: > 1. The 'application-protocols' defined in the YANG module is string-type, > can it be defined in a more accurate way, like port numbers or enumerations? MUD ACL rules can already include port numbers (see https://tools.ietf.org/html/rfc8520#section-9). > Because I think different entities may have different interpretations of > the strings. > 2. It does be a problem if the updates of the MUD file can't follow the > pace of the updates of IoT devices. This draft has considered this problem > in some places, but I think it's better to outline this problem separately > and systematically. > Sure, we will update the draft. You may also want to look into https://datatracker.ietf.org/doc/html/draft-richardson-opsawg-mud-acceptable-urls-01, it can help with rapidly updating the (D)TLS profile as new firmware is installed. Cheers, -Tiru > > Regards & Thanks! > Wei Pan > > -----Original Message----- > From: OPSAWG [mailto:[email protected]] On Behalf Of Joe Clarke > (jclarke) > Sent: Wednesday, September 2, 2020 11:06 PM > To: opsawg <[email protected]> > Subject: [OPSAWG] CALL FOR ADOPTION: draft-reddy-opsawg-mud-tls > > Hello, opsawg. This draft as underwent a number of revisions based on > reviews and presentations at the last few IETF meetings. The authors feel > they have addressed the issues and concerns from the WG in their latest > posted -05 revision. As a reminder, this document describes how to use > (D)TLS profile parameters with MUD to expose potential unauthorized > software or malware on an endpoint. > > To that end, this serves as a two-week call for adoption for this work. > Please reply with your support and/or comments by September 16, 2020. > > Thanks. > > Joe and Tianran > _______________________________________________ > OPSAWG mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsawg > > _______________________________________________ > OPSAWG mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsawg >
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
