{"id":2333,"date":"2019-03-13T06:37:24","date_gmt":"2019-03-13T04:37:24","guid":{"rendered":"https:\/\/www.ofcourseimright.com\/?p=2333"},"modified":"2019-03-13T06:37:24","modified_gmt":"2019-03-13T04:37:24","slug":"rfc-8520-on-manufacturer-usage-descriptions-released","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=2333","title":{"rendered":"RFC 8520 on  Manufacturer Usage Descriptions Released"},"content":{"rendered":"\n<p>Today the RFC Editor released <a href=\"https:\/\/www.rfc-editor.org\/info\/rfc8519\">RFC 8519<\/a> (the ietf-acl model) and <a href=\"https:\/\/www.rfc-editor.org\/info\/rfc8520\">RFC 8520<\/a> (Manufacturer Usage Descriptions). \u00a0The ACL model provides for a programmatic YANG-based interface that is flexibly extensible. \u00a0Manufacturer Usage Descriptions (MUD) extend this model so that manufacturers are in a position to request the network\u2019s assistance.<\/p>\n\n\n\n<p>MUD&#8217;s declarative model for manufacturers to describe to customers what network resources their devices are designed to use. \u00a0No guessing games are required.  Manufacturers use simple abstractions to describe what access a device needs, such as a domain name for cloud-based service, or <strong>same-manufacturer<\/strong> or <strong>my-controller<\/strong> for local devices.<\/p>\n\n\n\n<p>Even when one doesn&#8217;t use automated tools, there is benefit to manufacturers in writing MUD files. \u00a0A study by the University of New South Wales found that IoT devices often conflict with enterprise network policies, and that this goes largely unnoticed by administrators who don\u2019t understand the needs of those devices. \u00a0What we can say is that if manufacturers do a little bit of work, they and our customers can both derive a whole lot of value from the network.<\/p>\n\n\n\n<p>A fair amount of software already exists for MUD, including  the <a href=\"https:\/\/github.com\/usnistgov\/nist-mud\">NIST MUD Manager<\/a>, and the tools built by CIRA, not to mention <a href=\"https:\/\/github.com\/CiscoDevNet\/MUD-Manager\">Cisco&#8217;s open source version<\/a>, and <a href=\"https:\/\/osmud.org\">osMUD.org,<\/a> and commercial versions built by Yikes! and Cisco.  Google has implemented a MUD manager as for build management.  And of course you can build your own MUD file for your device by going to <a href=\"https:\/\/www.mudmaker.org\">https:\/\/www.mudmaker.org<\/a>.<\/p>\n\n\n\n<p>MUD is part of a nutritious meal, but it is not the whole meal.  Manufacturers should always use best coding practices, and update firmware and software promptly when they learn of vulnerabilities and exploits<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Next Steps<br><\/h3>\n\n\n\n<p>It&#8217;s time for manufacturers to implement!  Protect your devices with MUD!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today the RFC Editor released RFC 8519 (the ietf-acl model) and RFC 8520 (Manufacturer Usage Descriptions). \u00a0The ACL model provides for a programmatic YANG-based interface that is flexibly extensible. \u00a0Manufacturer Usage Descriptions (MUD) extend this model so that manufacturers are in a position to request the network\u2019s assistance. MUD&#8217;s declarative model for manufacturers to describe &hellip; <a href=\"https:\/\/ofcourseimright.com\/?p=2333\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;RFC 8520 on  Manufacturer Usage Descriptions Released&#8221;<\/span><\/a><\/p>\n","protected":false},"author":172,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[545,536],"tags":[],"class_list":["post-2333","post","type-post","status-publish","format-standard","hentry","category-iot","category-mud"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2333","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/172"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2333"}],"version-history":[{"count":1,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2333\/revisions"}],"predecessor-version":[{"id":2334,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2333\/revisions\/2334"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2333"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2333"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2333"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}