Hi,
I have read this document and its support adoption here. There’s one comment, maybe the authors can clarify this in the draft. I believe though not widely used, was recently involved in a talk about usefulness of TLS session resumption in IoT implementations to improve session establishment efficiency and speed. As the resumption handshake would not carry the typical ClientHello parameters , how would the MUD IoT firewall profile such legitimate ingress with no specific profile parameters or indications in the handshake ? Probably this is expressed in ‘mud-tls-profile’ with an attribute such as “sessionTicket” : "T/F" or in “extension-types” indicating the possibility of such behaviour of the IoT device and let Firewall handle it in its implementation. Will help to get some clarity around this in the document. Thanks -Sandeep > > ---------- Forwarded message --------- > From: Joe Clarke (jclarke) <[email protected]> > Date: Wed, 2 Sep 2020 at 20:36 > Subject: [OPSAWG] CALL FOR ADOPTION: draft-reddy-opsawg-mud-tls > To: opsawg <[email protected]> > > > Hello, opsawg. This draft as underwent a number of revisions based on > reviews and presentations at the last few IETF meetings. The authors feel > they have addressed the issues and concerns from the WG in their latest > posted -05 revision. As a reminder, this document describes how to use > (D)TLS profile parameters with MUD to expose potential unauthorized > software or malware on an endpoint. > > To that end, this serves as a two-week call for adoption for this work. > Please reply with your support and/or comments by September 16, 2020. > > Thanks. > > Joe and Tianran > _______________________________________________ > OPSAWG mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsawg >
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
