IETF Logo Mail Archive

Re: [Detnet] DetNet Security Draft - IP Data Plane Specific section

"Maik Seewald (maseewal)" <maseewal@cisco.com> Tue, 02 July 2019 08:18 UTC

Return-Path: <maseewal@cisco.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6083B120224 for <detnet@ietfa.amsl.com>; Tue, 2 Jul 2019 01:18:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=UKFDptHx; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=KXJtrsLE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SfZXbSfDgjAD for <detnet@ietfa.amsl.com>; Tue, 2 Jul 2019 01:18:53 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 709661200B3 for <detnet@ietf.org>; Tue, 2 Jul 2019 01:18:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6965; q=dns/txt; s=iport; t=1562055530; x=1563265130; h=from:to:subject:date:message-id:mime-version; bh=caKWs5R/uh+SoGE03sHUdafFidPUl+YRF0mdYZhOYBI=; b=UKFDptHxPI+kXk/pCE4dEn/Hd+XqwcdrWh9Yzl+MXjydX9kR6BCMGTbf 1n4qZ91iQ55VxfEvCnrCgdNs8xWR7/qHulzg2FQxrEg/ARpTbKe1mre83 7/+uFLFqo+n4vM1AK9h8fDSkbj+NFkKiftSeGRrasnZarWmbwe5WAFiZg A=;
IronPort-PHdr: 9a23:8UqGCxeyYpzI8+2wL7eW9HaRlGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwGQD57D5adCjOzb++D7VGoM7IzJkUhKcYcEFnpnwd4TgxRmBceEDUPhK/u/aiUhEcldXVtN9HCgOk8TE8H7NBXf
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C6AADiEhtd/5tdJa1lHAEBAQQBAQcEAQGBUwcBAQsBgRQvUANqVSAECygKhHSCZQOEUooNTIIPknCEVIEugSQDVAkBAQEMAQEtAgEBhECDDCM0CQ4BAwEBBAEBAgEFbYo3DIVKAQMDEhsTAQE4EQEIEQMBAig5FAkKBAESIoMBgR1NAx0BAgGaNwKBOIhggiOCeQEBBYJHgkkYghIJgTQBhHGGbReBQD+BEYJkLj6EZIVCk2KIWo19CQKCFpN9G5dshBGJH5crAgQCBAUCDgEBBYFQOIFYcBWDJ4JBDBeDTopTcoEpjC0BgSABAQ
X-IronPort-AV: E=Sophos;i="5.63,442,1557187200"; d="scan'208,217";a="584809786"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 02 Jul 2019 08:18:48 +0000
Received: from XCH-ALN-012.cisco.com (xch-aln-012.cisco.com [173.36.7.22]) by rcdn-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id x628ImMN013519 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 2 Jul 2019 08:18:49 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-ALN-012.cisco.com (173.36.7.22) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 2 Jul 2019 03:18:48 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 2 Jul 2019 03:18:48 -0500
Received: from NAM05-DM3-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 2 Jul 2019 04:18:47 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SkDpvXpJ4UY/rkD79rc2eViaBOcPeoVgSoUhHc6bKik=; b=KXJtrsLET193T9N+ozvvr2i+NSnWLUKp28R+tln55DBWFSQhWN6eCpE6ncxavWSShII1doZxPI6VpFr3c0gMXJrkqbsZrXketHysGAJ0v9Lcr9HSC0jmOs0MwqEwOtgNXtfjx+RvwtraFWTxjutSeZFbx9WImcnevJk7vHPuGTg=
Received: from MN2PR11MB3790.namprd11.prod.outlook.com (20.178.253.154) by MN2PR11MB4206.namprd11.prod.outlook.com (52.135.36.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2032.18; Tue, 2 Jul 2019 08:18:46 +0000
Received: from MN2PR11MB3790.namprd11.prod.outlook.com ([fe80::15cb:db3:10f3:c14f]) by MN2PR11MB3790.namprd11.prod.outlook.com ([fe80::15cb:db3:10f3:c14f%3]) with mapi id 15.20.2032.019; Tue, 2 Jul 2019 08:18:46 +0000
From: "Maik Seewald (maseewal)" <maseewal@cisco.com>
To: "Grossman, Ethan A." <eagros@dolby.com>, detnet WG <detnet@ietf.org>
Thread-Topic: [Detnet] DetNet Security Draft - IP Data Plane Specific section
Thread-Index: AQHVMK7FvffNHnuwNUCqwubtbqXVUQ==
Date: Tue, 02 Jul 2019 08:18:46 +0000
Message-ID: <D940DDF4.7F9A2%maseewal@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.6.150930
authentication-results: spf=none (sender IP is ) smtp.mailfrom=maseewal@cisco.com;
x-originating-ip: [87.148.36.202]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6164fc4c-8d86-4cc7-1301-08d6fec5e7c4
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB4206;
x-ms-traffictypediagnostic: MN2PR11MB4206:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MN2PR11MB4206D983D21CEF72C99116E1C5F80@MN2PR11MB4206.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 008663486A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(346002)(136003)(396003)(39860400002)(366004)(199004)(189003)(53754006)(186003)(2906002)(6306002)(54896002)(2420400007)(8936002)(478600001)(68736007)(7110500001)(64756008)(6246003)(15650500001)(8676002)(6486002)(86362001)(81166006)(25786009)(5660300002)(790700001)(3846002)(6436002)(6116002)(102836004)(53546011)(91956017)(256004)(316002)(71190400001)(81156014)(14444005)(71200400001)(6506007)(66946007)(236005)(2616005)(73956011)(229853002)(476003)(76116006)(66066001)(53936002)(99286004)(486006)(66476007)(110136005)(26005)(66446008)(14454004)(7736002)(66556008)(6512007)(36756003)(58126008); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4206; H:MN2PR11MB3790.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: leXdwuHdZ6Ed4kY3EZKsQyp4m/gNGngRGDUpncc0dFqMb+h0wYHKBAuPce7ZEOsilfzvxHzCYXRLXBdi+sZt/dnMt2OD3cdFuqwCSty/kWeaRw1py52x7KslQROXYBz0a1ZiBhVUrLrNSWk6OShIfnddtT2evTXxl75NrEnr7yy7TFhFPyGOYuUBIP8LlqU490696ih+axbUNkRHNXxkRHkc/v3uAp6YAR6FErTB83H6utQTyF6pdlC/SeAJtUYBzl7H4Tz1cfeOs/gpHU2bIzTW0G5qI22tWTprpi827fvd8fqt79zDH00CppAMMHll8s+BTMitC+Lx1KtS0/xJBH3oxxQdpVZmQbK63wo78MMRBHXyxSufBpXkRlXEgnbXZa0SyRxFBnwGWaRv4I753dXVGQEqvgR6KQ6yGKEaXRs=
Content-Type: multipart/alternative; boundary="_000_D940DDF47F9A2maseewalciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6164fc4c-8d86-4cc7-1301-08d6fec5e7c4
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jul 2019 08:18:46.9213 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: maseewal@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4206
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.22, xch-aln-012.cisco.com
X-Outbound-Node: rcdn-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/2VuflLEE2y7enKCGIDqDWCbtGe4>
Subject: Re: [Detnet] DetNet Security Draft - IP Data Plane Specific section
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2019 08:18:57 -0000

Hello Ethan,

IMHO, it does make sense. I would just propose to replace mitigations with architectural protection mechanisms.
Something like this.

Mitigations leaves (somehow) a bad taste.

Cheers,
Maik

From: detnet <detnet-bounces@ietf.org<mailto:detnet-bounces@ietf.org>> on behalf of "Grossman, Ethan A." <eagros@dolby.com<mailto:eagros@dolby.com>>
Date: Tuesday, 2. July 2019 at 08:02
To: detnet WG <detnet@ietf.org<mailto:detnet@ietf.org>>
Subject: [Detnet] DetNet Security Draft - IP Data Plane Specific section

Hi All,
I am having difficulty getting a contribution for our proposed “last remaining” section of the DetNet Security draft, which is the “IP Data Plane Specific” section.  Could it be that there is nothing to say? What if I said the following – who would we need to have review this statement to poke some holes in it? I mean, that is essentially the text I’m looking for, should it actually exist.

Proposed text for “IP Data Plane Considerations for DetNet” section:

“The IP protocol has a long history of security considerations and mitigations, and its use as a DetNet Data Plane introduces no new security issues that were not there before (apart from those already described in the data-plane-independent section of this document).

Thus the security considerations for a DetNet based on an IP data plane are purely inherited from the rich IP Security literature and code/application base, and the data-plane-independent section of this document”.

Is that good? Should we ask for a review from the SECDIR for this statement?

Ethan (as Editor, DetNet Security draft).

v2.23.0 | Report a Bug | By Email