Hi Christian, Just on this point:
On 28.02.2024 10:05, Christian Huitema wrote:
How do you know that a specific URL is a rollback? It looks easy when the example say "revision1" and "revision2", but I am sure there are cases where you cannot tell by just looking at the URL. You may be able to download the "old" and "new" URL, and check the date of the signature. But then, please describe the process so implementers are not confused.
The MUD manager should keep a history of bindings between devices and MUD-URLs. That's obviously only as secure as the binding of that URL to the device (I would also note that that is improving day-by-day).
Eliot
OpenPGP_0x87B66B46D9D27A33.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
