rfc9238v2.txt   rfc9238.txt 
skipping to change at line 123 skipping to change at line 123
the mechanisms from [RFC8520] are not available to use on the device the mechanisms from [RFC8520] are not available to use on the device
or the gateway. or the gateway.
Affixing a sticker can be done by: Affixing a sticker can be done by:
* the marketing department of the manufacturer, * the marketing department of the manufacturer,
* an outsourced assembler plant, * an outsourced assembler plant,
* value-added resellers (perhaps in response to a local request for * value-added resellers (perhaps in response to a local request for
proposal(RFP)), proposal (RFP)),
* a company importing the product (possibly to comply with a local * a company importing the product (possibly to comply with a local
regulation), regulation),
* a network administrator (perhaps before sending devices home with * a network administrator (perhaps before sending devices home with
employees or to remote sites), and employees or to remote sites), and
* a retailer as a value-added service. * a retailer as a value-added service.
QR codes are informally described in [qrcode] and formally defined in QR codes are informally described in [qrcode] and formally defined in
skipping to change at line 299 skipping to change at line 299
Section 9.10 of [SQRL] defines the Data Record "M06C" as the MAC Section 9.10 of [SQRL] defines the Data Record "M06C" as the MAC
address. No format for the MAC address is provided in that document. address. No format for the MAC address is provided in that document.
In this document, it is RECOMMENDED that 12 (or 16) hex octets are In this document, it is RECOMMENDED that 12 (or 16) hex octets are
used with no spaces or punctuation. (16 octets are used in the IEEE used with no spaces or punctuation. (16 octets are used in the IEEE
64-bit Extended Unique Identifier (EUI-64) format used in 64-bit Extended Unique Identifier (EUI-64) format used in
[IEEE.802.15.4] and some next generation Ethernet proposals). In [IEEE.802.15.4] and some next generation Ethernet proposals). In
this document, it is RECOMMENDED that uppercase hexadecimal letters this document, it is RECOMMENDED that uppercase hexadecimal letters
be used. be used.
Parsers that find punctuation (such as colons (":"), dashes ("-"), or Parsers that find punctuation (such as colons (":"), dashes ("-"),
white space) MUST skip over it. Parsers MUST tolerate hexadecimal in US-ASCII Space (32), US-ASCII TAB (0), US-ASCII linefeed (10), or US-
uppercase, lowercase, and even mixed case. Systems SHOULD ASCII carriage return (13)) MUST skip over the punctuation. Parsers
canonicalize it to uppercase. MUST tolerate hexadecimal in uppercase, lowercase, and even mixed
case. Systems SHOULD canonicalize it to uppercase.
4. Applicability 4. Applicability
The use of stickers to convey MUD URLs would appear to have little The use of stickers to convey MUD URLs would appear to have little
value when the stickers are applied by the end-user organization and value when the stickers are applied by the end-user organization and
consumed by the same. This is particularly the case when the QR code consumed by the same. This is particularly the case when the QR code
does not include the device MAC address. In such a situation, the does not include the device MAC address. In such a situation, the
installer handling the device would scan the QR code to get the installer handling the device would scan the QR code to get the
appropriate MUD file reference and have to input the associated MAC appropriate MUD file reference and have to input the associated MAC
address as well. address as well.
skipping to change at line 465 skipping to change at line 466
needs to be careful that they are validating the signature on the MUD needs to be careful that they are validating the signature on the MUD
file. The network operator needs to verify that the file is intact file. The network operator needs to verify that the file is intact
and that the signer of the file is authorized to sign MUD files for and that the signer of the file is authorized to sign MUD files for
that vendor, or if a MUD file is a crowd-sourced definition, they that vendor, or if a MUD file is a crowd-sourced definition, they
need to establish if it can be trusted. [RFC8520] does not define need to establish if it can be trusted. [RFC8520] does not define
any infrastructure to authenticate or authorize MUD file signers. any infrastructure to authenticate or authorize MUD file signers.
8.3. URL Shortening Services Can Change Content 8.3. URL Shortening Services Can Change Content
If a URL shortening service is used, it is possible that the MUD If a URL shortening service is used, it is possible that the MUD
Controller will be redirected to another MUD file with different controller will be redirected to another MUD file with different
content. The use of MUD signatures can detect attacks on the content. The use of MUD signatures can detect attacks on the
integrity of the file. To do this, the MUD controller needs to be integrity of the file. To do this, the MUD controller needs to be
able to verify the signature on the file. able to verify the signature on the file.
If a Trust-On-First-Use (TOFU) policy is used for signature trust If a Trust-On-First-Use (TOFU) policy is used for signature trust
anchors, then the URL shortening service can still attack if it anchors, then the URL shortening service can still attack if it
substitutes content and signature on the first use. MUD controllers substitutes content and signature on the first use. MUD controllers
and the people operating them need to be cautious when using TOFU. and the people operating them need to be cautious when using TOFU.
8.4. MUD QR Code Stickers Could Be Confused 8.4. MUD QR Code Stickers Could Be Confused
 End of changes. 3 change blocks. 
6 lines changed or deleted 7 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/