Project Goals

The web site malaga.sandelman.ca was started in January 2026.

The Malaga project aims to turn proof-of-concept https://www.rfc-editor.org/info/rfc8520 MUD Controllers into an upstream, enabled and installed by default OpenWRT package.

The Manufacturer Usage Description, or MUD, was standardized in 2019. It is a JSON format file, described by a YANG data model, which describes a set of Access Control Lists (“ACLs”, pronounced, officially as [ak-uh l], according to RFC8519), that indicate what are expected network behaviours for a specified purpose device, such as an IoT device.

Since 2019 there has been a lot of excitement around this, but there has not been very much actual deployment. There has been smoke, but there isn’t has been fire. The goal of this project is to create fire.

Like many useful network protocols there is often not a clear path to the so-called “fax effect”, whereby each new owner of a fax machine increases the overall value of the fax system. Even the fax machine had to wait for at least two fax machines to exist: a single machine has little utility.

In the MUD ecosystem, one needs two things:

• a MUD controller: the device that enforces the ACLs
• a MUD device: the device which is being described

These two devices usually come from diverse manufacturers who do not coordinate, and therefore can not absorb the external costs of implementing MUD, while getting no immediate benefit.

This project aims to clear this “log jam” by creating a production ready MUD controller that can be included in the OpenWRT home router ecosystem.

To adequately test this, an IoT device with appropriate MUD mechanisms is needed. Beyond the value in teting, having such a reference design, and getting it upstreamed into commonly available IoT platforms will improve the situation for all participants in the IoT ecosystem.