Re: [OPSAWG] Fwd: New Version Notification for draft-reddy-opswg-mud-tls-00.txt
Hi Qin, Please see inline On Tue, 9 Jul 2019 at 08:30, Qin Wu wrote: > Interesting work, three questions: > > 1. Can the IoT device (D)TLS profile be disclosed to malicious agent or > IoT device? If not, how do you prevent these sensitive information leaking? > > It is not sensitive information, on-path network devices can inspect or monitor the TLS handshake without acting as a TLS proxy. In TLS 1.3, ClientHello message is not encrypted and few parameters in the ServerHello message are still visible (such as the chosen cipher). > 2. Do you frequently update DTLS profile disclosed to IoT device to > prevent malicious agent from snooping? > > No, Malware frequently uses its own libraries (SSL config) for its activities, and malware developers will have to develop malicious agents per IoT device type, manufacturer and model (which will be several thousands and practically not possible). > 3. How does enterprise firewal use DTLS profile to detect malicious > flow or legitimate flow? > > If (D)TLS session from the IoT device violates MUD (D)TLS profile, firewall detects the flow is malicious and blocks it. As you may know, Enterprise firewalls inspect TLS handshake and are capable of acting as a (D)TLS proxy (please see https://tools.ietf.org/html/draft-camwinget-tls-use-cases-05). Cheers, -Tiru -Qin > > *发件人:* OPSAWG [mailto:opsawg-boun...@ietf.org] *代表 *tirumal reddy > *发送时间:* 2019年7月8日 22:03 > *收件人:* opsawg@ietf.org; m...@ietf.org > *主题:* [OPSAWG] Fwd: New Version Notification for > draft-reddy-opswg-mud-tls-00.txt > > > > This draft https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 > discusses Manufacturer Usage Description (MUD) extension to model (D)TLS > profile on IoT devices. This allows a firewall to notice abnormal DTLS or > TLS usage, which has been a strong indicator of other software running on > the endpoint, typically malware. > > > Comments, suggestions, and questions are more than welcome. > > Cheers, > -Tiru > > > > -- Forwarded message - > From: > Date: Mon, 8 Jul 2019 at 19:18 > Subject: New Version Notification for draft-reddy-opswg-mud-tls-00.txt > To: Tirumaleswar Reddy , Dan Wing > > > > > A new version of I-D, draft-reddy-opswg-mud-tls-00.txt > has been successfully submitted by Tirumaleswar Reddy and posted to the > IETF repository. > > Name: draft-reddy-opswg-mud-tls > Revision: 00 > Title: MUD (D)TLS profiles for IoT devices > Document date: 2019-07-08 > Group: Individual Submission > Pages: 16 > URL: > https://www.ietf.org/internet-drafts/draft-reddy-opswg-mud-tls-00.txt > Status: > https://datatracker.ietf.org/doc/draft-reddy-opswg-mud-tls/ > Htmlized: https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-reddy-opswg-mud-tls > > > Abstract: >This memo extends Manufacturer Usage Description (MUD) to model DTLS >and TLS usage. This allows a network element to notice abnormal DTLS >or TLS usage which has been strong indicator of other software >running on the endpoint, typically malware. > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
Re: [OPSAWG] Fwd: New Version Notification for draft-reddy-opswg-mud-tls-00.txt
Interesting work, three questions: 1. Can the IoT device (D)TLS profile be disclosed to malicious agent or IoT device? If not, how do you prevent these sensitive information leaking? 2. Do you frequently update DTLS profile disclosed to IoT device to prevent malicious agent from snooping? 3. How does enterprise firewal use DTLS profile to detect malicious flow or legitimate flow? -Qin 发件人: OPSAWG [mailto:opsawg-boun...@ietf.org] 代表 tirumal reddy 发送时间: 2019年7月8日 22:03 收件人: opsawg@ietf.org; m...@ietf.org 主题: [OPSAWG] Fwd: New Version Notification for draft-reddy-opswg-mud-tls-00.txt This draft https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 discusses Manufacturer Usage Description (MUD) extension to model (D)TLS profile on IoT devices. This allows a firewall to notice abnormal DTLS or TLS usage, which has been a strong indicator of other software running on the endpoint, typically malware. Comments, suggestions, and questions are more than welcome. Cheers, -Tiru -- Forwarded message - From: mailto:internet-dra...@ietf.org>> Date: Mon, 8 Jul 2019 at 19:18 Subject: New Version Notification for draft-reddy-opswg-mud-tls-00.txt To: Tirumaleswar Reddy mailto:kond...@gmail.com>>, Dan Wing mailto:danw...@gmail.com>> A new version of I-D, draft-reddy-opswg-mud-tls-00.txt has been successfully submitted by Tirumaleswar Reddy and posted to the IETF repository. Name: draft-reddy-opswg-mud-tls Revision: 00 Title: MUD (D)TLS profiles for IoT devices Document date: 2019-07-08 Group: Individual Submission Pages: 16 URL: https://www.ietf.org/internet-drafts/draft-reddy-opswg-mud-tls-00.txt Status: https://datatracker.ietf.org/doc/draft-reddy-opswg-mud-tls/ Htmlized: https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-reddy-opswg-mud-tls Abstract: This memo extends Manufacturer Usage Description (MUD) to model DTLS and TLS usage. This allows a network element to notice abnormal DTLS or TLS usage which has been strong indicator of other software running on the endpoint, typically malware. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>. The IETF Secretariat ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
[OPSAWG] Fwd: New Version Notification for draft-reddy-opswg-mud-tls-00.txt
This draft https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 discusses Manufacturer Usage Description (MUD) extension to model (D)TLS profile on IoT devices. This allows a firewall to notice abnormal DTLS or TLS usage, which has been a strong indicator of other software running on the endpoint, typically malware. Comments, suggestions, and questions are more than welcome. Cheers, -Tiru -- Forwarded message - From: Date: Mon, 8 Jul 2019 at 19:18 Subject: New Version Notification for draft-reddy-opswg-mud-tls-00.txt To: Tirumaleswar Reddy , Dan Wing A new version of I-D, draft-reddy-opswg-mud-tls-00.txt has been successfully submitted by Tirumaleswar Reddy and posted to the IETF repository. Name: draft-reddy-opswg-mud-tls Revision: 00 Title: MUD (D)TLS profiles for IoT devices Document date: 2019-07-08 Group: Individual Submission Pages: 16 URL: https://www.ietf.org/internet-drafts/draft-reddy-opswg-mud-tls-00.txt Status: https://datatracker.ietf.org/doc/draft-reddy-opswg-mud-tls/ Htmlized: https://tools.ietf.org/html/draft-reddy-opswg-mud-tls-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-reddy-opswg-mud-tls Abstract: This memo extends Manufacturer Usage Description (MUD) to model DTLS and TLS usage. This allows a network element to notice abnormal DTLS or TLS usage which has been strong indicator of other software running on the endpoint, typically malware. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat ___ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg