idnits 2.17.1 draft-richardson-shg-mud-quarantined-access-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 08, 2019) is 1754 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC8520' is defined on line 176, but no explicit reference was found in the text Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6lo Working Group M. Richardson 3 Internet-Draft Sandelman Software Works 4 Intended status: Standards Track M. Ranganathan 5 Expires: January 9, 2020 NIST 6 July 08, 2019 8 Manufacturer Usuage Description for quarantined access to firmware 9 draft-richardson-shg-mud-quarantined-access-01 11 Abstract 13 The Manufacturer Usage Description is a tool to describe the limited 14 access that a single function device such as an Internet of Things 15 device might need. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at https://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on January 9, 2020. 34 Copyright Notice 36 Copyright (c) 2019 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (https://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 Table of Contents 51 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 52 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 2 53 3. MUD file extensions . . . . . . . . . . . . . . . . . . . . . 2 54 3.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 2 55 3.2. YANG FILE . . . . . . . . . . . . . . . . . . . . . . . . 2 56 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 57 5. Privacy Considerations . . . . . . . . . . . . . . . . . . . 4 58 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 59 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4 60 8. Normative References . . . . . . . . . . . . . . . . . . . . 4 61 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 4 63 1. Introduction 65 The document details an extension to the Manufacturer Usage 66 Description (MUD) mechanism to be able to mark one or more ACLs as 67 being enabled even though the device has quaranteed. 69 2. Requirements Language 71 In this document, the key words "MUST", "MUST NOT", "REQUIRED", 72 "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", 73 and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119 74 [RFC2119] and indicate requirement levels for compliant STuPiD 75 implementations. 77 3. MUD file extensions 79 3.1. Tree Diagram 81 module: cira-shg-mud 82 augment /m:mud: 83 +--rw quaranteed-device-policy 84 +--rw enabled-ace-names* [ace-name] 85 +--rw ace-name -> /acl:acls/acl/aces/ace/name 87 3.2. YANG FILE 89 file "cira-shg-mud@2019-07-08.yang" 90 module cira-shg-mud { 91 yang-version 1.1; 93 namespace 94 "urn:ietf:params:xml:ns:yang:ietf-shg-mud"; 95 prefix "shg"; 96 import ietf-mud { 97 prefix m; 98 description "This module defines the format for a MUD description"; 99 reference "RFC YYYY: MUD YANG"; 100 } 102 organization "CIRALabs Secure Home Gateway project."; 104 contact 105 "WG Web: 106 WG List: 107 Author: Michael Richardson 108 "; 110 description 111 "This module extends the RFC8520 MUD format to two 112 facilities: definition of an Access Control List appropriate 113 to enable device upgrade only, and provide for a history of 114 modifications by third-parties to the MUD file"; 116 revision "2019-07-08" { 117 description 118 "Initial version"; 119 reference 120 "RFC XXXX: MUD profile for Secure Home Gateway Project"; 121 } 123 augment "/m:mud" { 124 description 125 "Adds leaf nodes appropriate MUD usage in the 126 Secure Home Gateway"; 128 container quaranteed-device-policy { 129 description 130 "The policies that should be enforced on traffic 131 coming from the device when it is under quaranteen. 132 These policies are usually a subset of operational policies 133 and are intended to permit firmware updates only. 134 They are intended to keep the device safe (and the network safe 135 from the device) when the device is suspected of being 136 out-of-date, but still considered sufficiently intact to be 137 able to do a firmware update"; 138 list enabled-ace-names { 139 key ace-name; 140 leaf ace-name { 141 type leafref { 142 path "/acl:acls/acl:acl/acl:aces/acl:ace/acl:name"; 143 } 145 } 146 } 147 } 148 } 149 } 151 153 4. Security Considerations 155 TBD 157 5. Privacy Considerations 159 TBD 161 6. IANA Considerations 163 TBD 165 There are no IANA actions created by this document. 167 7. Acknowledgements 169 8. Normative References 171 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 172 Requirement Levels", BCP 14, RFC 2119, 173 DOI 10.17487/RFC2119, March 1997, 174 . 176 [RFC8520] Lear, E., Droms, R., and D. Romascanu, "Manufacturer Usage 177 Description Specification", RFC 8520, 178 DOI 10.17487/RFC8520, March 2019, 179 . 181 Authors' Addresses 183 Michael Richardson 184 Sandelman Software Works 186 Email: mcr+ietf@sandelman.ca 188 M. Ranganathan 189 NIST 191 Email: mranga@gmail.com