On 2/28/2024 2:15 AM, Eliot Lear wrote:
Hi Christian,
Just on this point:
On 28.02.2024 10:05, Christian Huitema wrote:
How do you know that a specific URL is a rollback? It looks easy when
the example say "revision1" and "revision2", but I am sure there are
cases where you cannot tell by just looking at the URL. You may be
able to download the "old" and "new" URL, and check the date of the
signature. But then, please describe the process so implementers are
not confused.
The MUD manager should keep a history of bindings between devices and
MUD-URLs. That's obviously only as secure as the binding of that URL to
the device (I would also note that that is improving day-by-day).
I am not entirely convinced. This looks like keeping logs, keeping them
online, and accessing them in real-time. That can be challenging in many
environments. I would prefer that the draft be updated to present the
"play old URL back" issue, and then that this log-based rule be proposed
as one of the possible solutions. If I was implementing this, I would
probably prefer some kind of real-time mitigation.
-- Christian Huitema
_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg