Orie Steele has entered the following ballot position for draft-ietf-opsawg-mud-tls-15: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-opsawg-mud-tls/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # Orie Steele, ART AD, comments for draft-ietf-opsawg-mud-tls-15 CC @OR13 https://author-tools.ietf.org/api/idnits?url=https://www.ietf.org/archive/id/draft-ietf-opsawg-mud-tls-15.txt&submitcheck=True ## Comments ### normative should? ``` 972 * If the MUD (D)TLS profile includes any parameters that are 973 susceptible to attacks (e.g., weaker cryptographic parameters), an 974 alert should be triggered to the firewall vendor and the IoT 975 device owner or administrator. ``` ### normative MUST? ``` 1070 consideration. The middlebox must adhere to the invariants discussed 1071 in Section 9.3 of [RFC8446] to act as a compliant proxy. ``` ## Nits ### Strongly NOT RECOMMENDED? ``` 1216 It is strongly RECOMMENDED to avoid a (D)TLS proxy whenever possible. ``` Might be better phrased as "The use of (D)TLS proxies is NOT RECOMMENDED." _______________________________________________ OPSAWG mailing list -- opsawg@ietf.org To unsubscribe send an email to opsawg-le...@ietf.org
