On 2/29/2024 4:49 PM, Michael Richardson wrote:
Eliot Lear <l...@lear.ch> wrote:
> The data we are talking about scales to number of devices X number of
> MUD-URL changes. This can further be reduced by whether or not the MUD
> file actually exists. These are not large #s in the home, and in the
> enterprise, we have iron for such cases.
Also, if you have 1000 instances of device-type X, then one could put all the
potential MUD-URLs into a single table, and then reference them from the
device X definition. That is, 3rd normal form it, and do data deduplication.
Such a table also can keep one from retrieving the same MUD file (and
signature) 1000 times.
If you really had a problem with the number of URLs stored, which I don't
think anyone will really have.
I don't think we need to keep track of malicious URLs that we ignored.
Yes, I realize that this scales as the number of device types, not the
number of devices, times the number of valid URL revisions per type, not
the number of attack URL. So, you are right, this should be manageable.
I did approve your PR on GitHub.
-- Christian Huitema
_______________________________________________
OPSAWG mailing list
OPSAWG@ietf.org
https://www.ietf.org/mailman/listinfo/opsawg
