IETF Logo Mail Archive

Re: [Detnet] Benjamin Kaduk's Discuss on draft-ietf-detnet-architecture-11: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Wed, 20 February 2019 16:07 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7407128B01; Wed, 20 Feb 2019 08:07:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.701
X-Spam-Level:
X-Spam-Status: No, score=-1.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ipf4MiYjDxxC; Wed, 20 Feb 2019 08:07:52 -0800 (PST)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-eopbgr750093.outbound.protection.outlook.com [40.107.75.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 104B112870E; Wed, 20 Feb 2019 08:07:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c4Ajd5vIhFctsbHgO/106260PsEiuBU21dUwHnFn6uw=; b=r8tLx9LuqVdm5l55WP1k2gGl3xa57DlylHLS8dGqpcDVnU/9goJ1mGZGgM8XfqpM9EPro6oR4sO19V3ZXplSKzLy4btOhX3irtK1MDZUil+wTvZ1fjpdK6XW3GadzdQK2vEJuLKK33eabYRW3NFukaRo3PbpDzr5nF9m2Gx7Id4=
Received: from CY4PR0101CA0021.prod.exchangelabs.com (2603:10b6:910:3c::34) by BL0PR01MB4851.prod.exchangelabs.com (2603:10b6:208:7e::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.14; Wed, 20 Feb 2019 16:07:49 +0000
Received: from CO1NAM03FT026.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::204) by CY4PR0101CA0021.outlook.office365.com (2603:10b6:910:3c::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1643.14 via Frontend Transport; Wed, 20 Feb 2019 16:07:48 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by CO1NAM03FT026.mail.protection.outlook.com (10.152.80.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1643.13 via Frontend Transport; Wed, 20 Feb 2019 16:07:48 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x1KG7iAG028767 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 Feb 2019 11:07:46 -0500
Date: Wed, 20 Feb 2019 10:07:44 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Lou Berger <lberger@labn.net>
CC: The IESG <iesg@ietf.org>, draft-ietf-detnet-architecture@ietf.org, detnet@ietf.org, detnet-chairs@ietf.org
Message-ID: <20190220160743.GD69562@kduck.mit.edu>
References: <155063426136.20704.6779201119170972943.idtracker@ietfa.amsl.com> <cb52062a-b4fb-b51a-2dc3-ca7f161c8f89@labn.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <cb52062a-b4fb-b51a-2dc3-ca7f161c8f89@labn.net>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(396003)(136003)(39860400002)(346002)(376002)(2980300002)(189003)(199004)(2870700001)(88552002)(6916009)(786003)(2906002)(26005)(476003)(6306002)(478600001)(126002)(486006)(75432002)(106002)(956004)(966005)(14444005)(26826003)(446003)(4326008)(55016002)(1076003)(11346002)(8676002)(58126008)(106466001)(54906003)(53416004)(246002)(53546011)(8936002)(316002)(356004)(336012)(86362001)(76176011)(7696005)(305945005)(186003)(229853002)(50466002)(5660300002)(33656002)(36906005)(47776003)(104016004)(6246003)(23756003)(426003)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR01MB4851; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 508f787c-01f0-46e9-79f7-08d6974d8eea
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605104)(4608103)(4709054)(2017052603328)(7153060); SRVR:BL0PR01MB4851;
X-MS-TrafficTypeDiagnostic: BL0PR01MB4851:
X-MS-Exchange-PUrlCount: 2
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4851; 20:GpYNOvUKb71hKnUZ1hkAJ3UbbsdYHAyrW8GmuSe4btzJoJNr0b904BYLB8c6J8+xzqTDjFWJoYRRsxoLMhxvw1fls/+vZlrIkHK9LcoS4NYV+sAZXJ4Cf3Ugr0GyT2InGnVqXX8CPKLzFp3G3hlxO2kADXqwrP65PQ2L1a0qgJ2loARIetKEeVeWob4lw5ig3+2drkMC6E/kQ2hMH++pPYll71EzBv9jHlHwRWA1Z4Frxh+jhIn9MChLBwLLQkY+Jz9pbUdxaQMd5LrlVB6mecrs73Q8Mcdv5XZeARB/7SFFj99vqVOiMO3UjhqyMliKAClwUqJnXhDRrUp0aTtJVGW3xg/JxFoRAncYbFuZDc7HIR6TFdgkTUIq4t/uAEmD0lyhlnkh+FxpkV3GTMg19hA4QENMWQid2sDvJvlEOYkf93+uSQY7H0l9+OMUiFb3lOWY4s/9Ou+gGHHV7BqryQ9a3YTa/HyadN/aNPnL4of1szNWoXbkn4jnbuOCdqAZqtZfeLYu07VdfSa9dwE/KjFA8Hgtr9SI7GK1vHK8ht6QDaG45opOFbEj+FW4NuJiyVDJBk5ruMbDqzRTjn1In3JAB2Ap1BGkH4SQky5TvP8=
X-Microsoft-Antispam-PRVS: <BL0PR01MB4851D5A4A0B8FEEEDF3CCEA1A07D0@BL0PR01MB4851.prod.exchangelabs.com>
X-Forefront-PRVS: 0954EE4910
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4851; 23:V4s+Q368blq3+mt7BOMbiyYsAZivVzEGxFGB+XbVnqhbWM5mKL6GVU59s7VMCUARz+F4Iu3I+oZf+DmQDArgfasZdcvGnd7YReG7Hf6idPeojPgYquhQIbwvCgQ7DtitcSGoVvcwrZGRrqUE5i5q6YdfV3wUHvYtFhrha4nltG4XLLl6rxN02zW4RnJGM5x2azAfjBsMlKjlb4bpP5y87rKJZKquS8Xi4dmhXro7Abu8NKgrTWzeEKfOMKMIQfPHW/QgEEeSSqJ+xfx5h+kToN9EsrAotZLS2/fluUmf+8qLjAaoSJIjYR5/2+N3eI1apN/W6QtvityYOk1fEJnoMClleeJmgoIkS2aQU5ifQKoz996ioWDxaSqkJLfOro5QVIL4fFex/B6xSltTG9Fq/qfMyjyRxR0By+ti8Xcr/4j/1K3W9J+JF7mGi5FcHfBEsBeeVAob6OWhK/pMiemTB/rg6PRceNxf4wOofhZ/IfEJ4oLhoNFb3QGCYDzhEPOyJR2SYr3ATv6ezRm47UD0iq/zDBN64aHq4jvm2YShntwqagmjRmoxK8ZUO/8q9DebbOM+e+ljvl8VRRU11kv7LS2ldlDScmbBIl48krJwcESgcTA0EO7kAFF+sSbDpAwzPkAGlIDBcRGuSD51u5n4IQda966bnbpIRvE8h+1sejwRWMcT45NGIOIXkkdarjmifdtTPR9kcVVP56+sNyx7qOUL6L6ZzF/TPYGQDlKEq9Agd4E6j6qjp/YZQrwWVu6yaYm/p3lub5eJLAVbw3OWagXeyDSIqI81taa/90KW2AFiiu/WTSs6BRamkTgM0PHDStZc8egGPlZNYPH91j+emre6Zb9IyCpOqiYfyR09qoeDLf7qzTzOsm6LRtw61eqbxYpT1HpgUr7ePvRaQokaGHwIbi9OH+JDm2E6UwGIKmeNuUzqju8zWVGzzAqTYl3V91dCu9W80g0Qg5DE9+pOMXkFsU0G0eNIBgqMBMtfDMnJRHiYvrf2Y/qJtkE51QKtYZ/4UHDe59nKLwumjmDTKFY+nSv/xLzRTnfDYBthHbp1PSN6exE7uxpwNf2pU7W/yszOl6pOCZntQF/qkFnJ6BG64nPh855SYmUWE9PCLYhhjkpDu8Js+dEIPh2rQZRfEKEmrokqeB+SaM0VRDBT//zJrOfUbxmJE8CBSHxY2tP5JhYvMtgEIB/D+aUlsvACgz1cQRYLk46TNCkg5jdf8AX9LFuDfWil9aZZ11nHj6I=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: wLUv0pHjPU/IOObCBZ/ho1DNggf647BghIn2QnI040Wjxgf4nw0FTiEPZFZLLXCumDgLR75lsuddiHjasNIEOf4r4BPWIXRFjO99eTg3LKAU7sKZ3ZO/YXCV0YUp9w8ufPuI9HJlqVfAll8G2ttvMqOfa4Kx/lw6mKBErZ95f9JaNSj0nzePv96PZGk0F9AZ+3sMZjHrCl598IFr//eku/LQCVoEmpKgPGtuM51Dq3nkgHpVkSmni51+dva7Q1Hw+fRAQNOiZGtcgeDMlja24ZDDC4t+fZjXy4OcJWw8Zfo2ERq8om1McZkJKt65JVf1msmxu+0Eyf/VO00OddXAKset9e1qM1lFafQUDalXAEjr7hQ7DOy6qdIe/MW02G69p74uAw7rNf33ow45rs8FJKZaqT7nrR/UK7vUbix5Hks=
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Feb 2019 16:07:48.1407 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 508f787c-01f0-46e9-79f7-08d6974d8eea
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR01MB4851
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/1TlWWEadxGb-_OUTy7DE-usVK74>
Subject: Re: [Detnet] Benjamin Kaduk's Discuss on draft-ietf-detnet-architecture-11: (with DISCUSS and COMMENT)
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2019 16:07:55 -0000

Hi Lou,

On Wed, Feb 20, 2019 at 09:33:34AM -0500, Lou Berger wrote:
> Hi Benjamin,
> 
> I'm responding as doc shepherd (and chair). Thank you for your 
> comments.  Please see below for specific responses.
> 
> On 2/19/2019 10:44 PM, Benjamin Kaduk wrote:
> > Benjamin Kaduk has entered the following ballot position for
> > draft-ietf-detnet-architecture-11: Discuss
> >
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut this
> > introductory paragraph, however.)
> >
> >
> > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > https://datatracker.ietf.org/doc/draft-ietf-detnet-architecture/
> >
> >
> >
> > ----------------------------------------------------------------------
> > DISCUSS:
> > ----------------------------------------------------------------------
> >
> > I note that the DETNET WG is explicitly chartered with a work item for the
> > "overall architecture: This work encompasses ... and security aspects".
> > It seems incomplete to specify an architecture for a topic such as
> > deterministic networking without specifically considering what threats are
> > and are not in scope to be protected against.
> 
> The working group certainly recognizes that security is an important 
> topic and necessary part of the work. The WG's  approach to ensure that 
> this significant topic is sufficiently covered is to have a  document 
> dedicated to the topic.  As you note below this work,  
> draft-ietf-detnet-security, is not at the same level maturity - so 
> please stay tuned.  Of course, the WG would welcome any input on this 
> security draft now or even a full early-review or security area advisor. 

I do appreciate that the WG has taken the time to work on a dedicated
security document, that goes through the (tedious!) effort to tabulate the
various known attacker capabilities, threats, and their interactions.

What I think is missing from the high-level architecture document is a
sense for what security goals the architecture intends to achieve.  It's
fine to have this be separate from the nitty-gritty stuff in the separate
document, but these high-level questions can have an impact on the
high-level design of the protocol ecosystem as a whole.  We have mounds of
examples of "come up with a design; bolt security on as an afterthought"
working poorly or being nigh-impossible, and I haven't seen any attempt at
justification for why doing so here is likely to be any different.
Including the security concepts from the start and wholly integrating them
into the system tends to produce a much more elegant design and smoother
outcomes all around.

> (We have one from the transport area.)
> 
> > Some easy questions should
> > be whether the system is expected to be robust in the face of an attacker
> > that generates non-DetNet traffic?  Or an attacker that generates DetNet
> > traffic in excess of reservations?  It can even be a fine engineering goal
> > to produce a solution that only protects against media corruption and
> > hardware crashes and leaves active attacks out of scope, but the actual
> > intended scope of the work needs to be clear.  At the other end of the
> > spectrum, protecting against as potent an attacker as a malicious traffic
> > policer is probably a lost cause, especially if the policer is authorized
> > to direct remote nodes to take action to terminate "misbehaving" flows.
> > The referenced draft-ietf-detnet-security is not at a comparable maturity
> > level to this document and also fails to present a clear threat model for
> > the DetNet architecture.  (The section entitled "Threat Model" reads as
> > more of a taxonomy of threats than a model for what threats are and are not
> > to be addressed.)  It also presents the usage of cryptographic mechanisms
> > as mitigation techniques without provisioning for the prerequisties of such
> > mechanisms (e.g., using HMAC for message integrity protection without
> > mention of infrastructure for distributing the keys for keying the HMAC).
> >
> These are all great input for draft-ietf-detnet-security - I'll touch 
> with authors to ensure that they are aware of your comments.

I noticed a few other things of note while skimming; I'll try to send those
over as well.

> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> > I agree with Alexey that Informational would (also) be a fine status in
> > which to publish this document.
> 
> I defer to the IESG and our AD.
> 
> I think the authors can address/respond to the remaining comments.

Sounds good.

-Benjamin

v2.23.0 | Report a Bug | By Email