Michael, It is normal that you missed the comment about a more generic use of this draft as I said it during the telechat ;-)
Obviously, a non-blocking comment, i.e., feel free to ignore especially now that it is really too late IMHO. The comment is indeed about using DNS names in layer-3 ACL of firewalls, which is common (at least for one firewall that I know), it makes life easier for security people to write ACL (notably when handing IPv6-only or dual-stack nodes). -éric On 30/08/2024, 00:27, "Michael Richardson" <mcr+i...@sandelman.ca> wrote: Eric Vyncke \(evyncke\) <evyncke=40cisco....@dmarc.ietf.org<mailto:40cisco....@dmarc.ietf.org>> wrote: > As already written, I still regret that this document restricts itself > to MUD while it could be used for any layer-3 ACL (e.g., plain > firewalls) and many shipping products are doing so for many years. I guess I missed that comment. I'm not sure I understand how plain firewalls would use DNS in ACLs. Can you say more? Obviously, they can accept names and do DNS lookups to get the IP addresses, but this isn't tied directly to any activity that some "client" (node/host) is doing. -- Michael Richardson <mcr+i...@sandelman.ca<mailto:mcr+i...@sandelman.ca>> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
_______________________________________________ OPSAWG mailing list -- opsawg@ietf.org To unsubscribe send an email to opsawg-le...@ietf.org
