Authorized update to MUD URLs
draft-ietf-opsawg-mud-acceptable-urls-03

Document Type Active Internet-Draft (opsawg WG)
Authors Michael Richardson  , Wei Pan  , Eliot Lear 
Last updated 2021-02-19
Replaces draft-richardson-opsawg-mud-acceptable-urls
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Formats plain text html xml pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
OPSAWG Working Group                                       M. Richardson
Internet-Draft                                  Sandelman Software Works
Updates: 8520 (if approved)                                       W. Pan
Intended status: Best Current Practice               Huawei Technologies
Expires: 23 August 2021                                          E. Lear
                                                           Cisco Systems
                                                        19 February 2021

                     Authorized update to MUD URLs
                draft-ietf-opsawg-mud-acceptable-urls-03

Abstract

   This document provides a way for an RFC8520 Manufacturer Usage
   Description (MUD) definitions to declare what are acceptable
   replacement MUD URLs for a device.

   RFCEDITOR-please-remove: this document is being worked on at:
   https://github.com/mcr/iot-mud-acceptable-urls

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 23 August 2021.

Copyright Notice

   Copyright (c) 2021 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components

Richardson, et al.       Expires 23 August 2021                 [Page 1]
Internet-Draft             mud-acceptable-urls             February 2021

   extracted from this document must include Simplified BSD License text
   as described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Updating the MUD files in place . . . . . . . . . . . . . . .   3
     2.1.  Adding capabilities . . . . . . . . . . . . . . . . . . .   3
     2.2.  Removing capabilities . . . . . . . . . . . . . . . . . .   4
     2.3.  Significant changes to protocols  . . . . . . . . . . . .   4
     2.4.  Motivation for updating MUD URLs  . . . . . . . . . . . .   5
   3.  Updating the MUD URLs . . . . . . . . . . . . . . . . . . . .   5
     3.1.  Leveraging the manufacturer signature . . . . . . . . . .   6
     3.2.  Concerns about same-signer mechanism  . . . . . . . . . .   6
   4.  Proposed mechanism  . . . . . . . . . . . . . . . . . . . . .   7
   5.  Privacy Considerations  . . . . . . . . . . . . . . . . . . .   8
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
     6.1.  Updating files vs Updating MUD URLs . . . . . . . . . . .   9
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   9
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   9
     7.2.  Informative References  . . . . . . . . . . . . . . . . .  10
   Appendix A.  Appendices . . . . . . . . . . . . . . . . . . . . .  11
   Contributors  . . . . . . . . . . . . . . . . . . . . . . . . . .  11
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  11

1.  Introduction

   [RFC8520] provides a standardized way to describe how a specific
   purpose device makes use of Internet resources and associated
   suggested network behavior, which are described in a MUD file hosted
   in its manufacturer's server.  By providing a MUD URL by the device,
   the network manager can locate this MUD file and determine the
   required network authorization of the device.

   In some cases, e.g., the firmware update, the network behaviors of
   the device may change, and the description in the original MUD file
   will no longer apply.  To solve this problem, there are two common
   ways which the manufacturer can use.

   One is to change what is in the MUD file, i.e., update the MUD file
   in place, whenever the behavior of the firmware changes.  Section 2
   discusses three scenarios for updating the MUD file and the
   corresponding potential issues.

Richardson, et al.       Expires 23 August 2021                 [Page 2]
Internet-Draft             mud-acceptable-urls             February 2021

   The other is to change which MUD file is processed by changing the
Show full document text