Loading MUD URLs from QR codes
Sandelman Software Works
mcr+ietf@sandelman.ca
CIRA Labs
Jacques.Latour@cira.ca
Internet
6tisch Working Group
Internet-Draft
This informational document details the mechanism used by the CIRA Secure
Home Gateway (SHG) to load MUD definitions for devices which have no
integrated MUD (RFC8520) support.
The document describes extensions to the WiFi Alliance DPP QR code to support
the use of MUD URLs.
Introduction
The Manufacturer Usage Description (MUD) defines a YANG data model to express what sort of access a device requires to operate correctly.
The document additionally defines three ways for the device to communicate the URL of the resulting JSON format file to a network enforcement point: DHCP, within an X.509 certificate extension, and via LLDP.
Each of the above mechanism conveys the MUD URL inband, and requires modifications to the device firmware.
Most small IoT devices do not have LLDP, and have very restricted DHCP clients.
Adding the LLDP or DHCP options requires at least some minimal configuration change, and possibly entire new subsystems.
The X.509 certificateion extension only makes sense to deploy as part of a larger IDevID based system such as .
In all cases these mechanisms can only be implemented by persons with access to modify and update the firmware of the device.
The MUD system was designed to be implemented by Manufacturers afterall!
In the meantime there is a chicken or egg problem (): no manufacturers include MUD URLs in their products as there are no gateways that use them. No gateways include code that processes MUD URLs as no products produce them.
The mechanism described here allows any person with physical access to the device to affix a reference to a MUD URL that can later be scanned by an end user.
This can be done by the (marketing department) of the Manufacturer, by an outsourced assembler plant, by value added resellers, by a company importing the product (possibly to comply with a local regulation), by a network administrator (perhaps before sending devices home with employees), or even by a retailer as a value added service.
The mechanism uses the QRcode, which is informally described in .
QR code generators are available as web services (), or as programs such
as . They are formally defined in .
This document details how the CIRALabs Secure Home Gateway encode MUD URLs as QR codes.
A issue addressed by this document is the question of whether and
when the MUD file should be specific to a specific version of the device
firmware.
The third issue is that an intermediary (ISP, or third-party security
service) may want to extend or amend a MUD file received from a manufacturer.
In order to maintain an audit trail of changes, a way to encode the previous
MUD URL and signature file (and status) is provided. (FOR DISCUSSION)
Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14 when, and only when, they
appear in all capitals, as shown here.
Protocol
The specification from the Wi-Fi Alliance has created a base for a QRcode based enrollment system. This specification extends it to include a MUD URL.
The QR code is as specified in section 5.2.1 of is repeated here:
This is amended as follows:
While the ABNF defined in the document assumes a specific order
(C:, M:, I:, K:), this specification relaxes this so that the tags can come
in any order.
However, in order to make interoperation with future DPP-only
clients as seamless as possible, the MUD extension suggested here are placed
after those defined in .
This document establishes an IANA registry for DPP attributes.
The syntax of the QR code definition given above does not permit a semicolon to be included.
Semicolons (";") would otherwise be permitted in MUD URLs.
This restriction on the content the URL is not considered a concern as it is uncommon to use them in a URL.
The URL provided MUST NOT have a query (?) portion present.
An IANA registry is created for the attributes below.
Privacy Considerations
TBD.
Security Considerations
The security of the Device Provisioning Protocol is enhanced when the public key for a device is not
available without physical access to the device.
Placement of a QR code for use by a MUD controller has no such dependancy, and so such QR codes may be affixed in prominant places on the outside of packaging.
This is not a recommended practice as future versions of the sticker may include full DPP information.
The QRcode described in this document is identical for all instances of the device, and the stickers may be mass produced.
The situation is not the same when a full DPP content is present: each sticker is unique.
A manufacturing plant designed to affix MUD URLs may get confused and not be ready for the full DPP.
It is recommended that the manufacturing process be designed with the full DPP process -- unique QR codes per device -- initially so that no changes are necessary when/if DPP is introduced.
IANA Considerations
IANA is requested to create a new Registry entitled: "Device Provisioning Protocol Attributes".
New items can be added to using Specification Required.
In order to conserve space, registrations are expected to be single upper-case ASCII letters, but the Expert Reviewer MAY make exceptions.
No entry may contain a colon.
All entries beginning with "X" are reserved as Private-Use values.
The following items are to be added to the initial table:
Letter |
Name |
Document |
C |
channel-list |
|
M |
MAC address |
|
I |
information |
|
K |
public key |
|
D |
MUD URL |
[This document] |
(EDITORIAL NOTE: the authors of the DPP specification have consented to seeding control to IANA)
Acknowledgements
This work was supported by the Canadian Internet Registration Authority (cira.ca).
References
Normative References
Key words for use in RFCs to Indicate Requirement Levels
In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.
Manufacturer Usage Description Specification
This memo specifies a component-based architecture for Manufacturer Usage Descriptions (MUDs). The goal of MUD is to provide a means for end devices to signal to the network what sort of access and network functionality they require to properly function. The initial focus is on access control. Later work can delve into other aspects.
This memo specifies two YANG modules, IPv4 and IPv6 DHCP options, a Link Layer Discovery Protocol (LLDP) TLV, a URL, an X.509 certificate extension, and a means to sign and verify the descriptions.
QR Code
Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words
RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.
Informative References
The JavaScript Object Notation (JSON) Data Interchange Format
JavaScript Object Notation (JSON) is a lightweight, text-based, language-independent data interchange format. It was derived from the ECMAScript Programming Language Standard. JSON defines a small set of formatting rules for the portable representation of structured data.
This document removes inconsistencies with other specifications of JSON, repairs specification errors, and offers experience-based interoperability guidance.
Bootstrapping Remote Secure Key Infrastructures (BRSKI)
This document specifies automated bootstrapping of an Autonomic Control Plane. To do this a Secure Key Infrastructure is bootstrapped. This is done using manufacturer-installed X.509 certificates, in combination with a manufacturer's authorizing service, both online and offline. We call this process the Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol. Bootstrapping a new device can occur using a routable address and a cloud service, or using only link-local connectivity, or on limited/ disconnected networks. Support for deployment models with less stringent security requirements is included. Bootstrapping is complete when the cryptographic identity of the new key infrastructure is successfully deployed to the device. The established secure connection can be used to deploy a locally issued certificate to the device as well.
IEEE 802.1AR Secure Device Identifier
Chicken or the egg
QR Code Generators
Device Provisioning Protocol Specification
QR encode
Information technology — Automatic identification and data capture techniques — QR Code bar code symbology specification (ISO/IEC 18004)