Re: [Detnet] Secdir last call review of draft-ietf-detnet-ip-over-mpls-07

Balázs Varga A <balazs.a.varga@ericsson.com> Tue, 08 September 2020 07:30 UTC

Return-Path: <balazs.a.varga@ericsson.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 189FB3A0E2A; Tue, 8 Sep 2020 00:30:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rnkzzF3RILds; Tue, 8 Sep 2020 00:30:47 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20058.outbound.protection.outlook.com [40.107.2.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D6C33A0DF7; Tue, 8 Sep 2020 00:30:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l+TGO4cj4Wkl6c6OFk+A+zzHMP5tDbKtFAihA7PYkBvx+2/yqUto3B4HtG9o1u/OFFZBqL+uX3iKiX3OZbo9pLAmMndLHGO54rnRh1RhG12O30ol1jNyRElfBpvlbuHzBvoKEFD0I++PzSiny4q+9FskFMa/LZlQaV8IUU6jct0X+O5F+noVA+rFiAu2aVgJhJQMQ1Frl8rqBotIXDrVXPZlu5+hk8K6wdWfbcflClxXX0xghZP08Bh5vmbef69vkmOGc+NRHD2yb+u5a8LcS9RlD8HikK/h2l1hU3NsUcS2bo+mtwdZ4jxXpwVPOG28bxgmCBgy/2uKTDym15pUXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=raKs0K0tn1Jj1cvCntmfWxZlPXPEofWpgb3cmmvZcJc=; b=UV5pEnV1y+6AnHd1uWPNd0lUk3BMKUZBDAERGF2E+0bBFdRDsbpwstXFb806zk3neW1tKQqPw0CYgwU8zimkrPxbBfTRGQgHBPjfy+L89/3aMMXfI97714U7hkFtg+i29v67dwwIMXIn5Z+7moLfHGYCS5dAs4XhWUYM/seCs0StYvr/0g5GAHRs1iVkuqsC2o8XE/YNZ72/BZOB8LrQT1FCJfcrnp9buwz1G3bYSEt96GBVqZ8gXnMwSdDmqKTiUDv52kQh5fWq8ngT3N/d6H3AgjEau6UTmPK9sHhr2zSfvksKSZXXHDfkdUhME/BWTMyJ4rKnojVOm3jvh7bfDw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=raKs0K0tn1Jj1cvCntmfWxZlPXPEofWpgb3cmmvZcJc=; b=dYSHXc+x9MtZicDrTKrBxgZlQX3/olI3EkKPKD5FqN+yjfGdDhw8VEdQrKXsSgE2E6y21YJ3nsrUgxacN3uyOE8hmh3+KJ+i4WVrUF198oAplkDyOdSKZuofaxEGdhH6sdY+o4MGhwetX1eMsKiuRRg9iiv4j790yCZ11RojidI=
Received: from AM0PR0702MB3603.eurprd07.prod.outlook.com (2603:10a6:208:22::25) by AM0PR0702MB3602.eurprd07.prod.outlook.com (2603:10a6:208:18::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.9; Tue, 8 Sep 2020 07:30:34 +0000
Received: from AM0PR0702MB3603.eurprd07.prod.outlook.com ([fe80::59ca:540d:b7f3:58b9]) by AM0PR0702MB3603.eurprd07.prod.outlook.com ([fe80::59ca:540d:b7f3:58b9%6]) with mapi id 15.20.3370.016; Tue, 8 Sep 2020 07:30:34 +0000
From: Balázs Varga A <balazs.a.varga@ericsson.com>
To: Vincent Roca <vincent.roca@inria.fr>, "secdir@ietf.org" <secdir@ietf.org>
CC: "last-call@ietf.org" <last-call@ietf.org>, "detnet@ietf.org" <detnet@ietf.org>, "draft-ietf-detnet-ip-over-mpls.all@ietf.org" <draft-ietf-detnet-ip-over-mpls.all@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-detnet-ip-over-mpls-07
Thread-Index: AQHWhQvEpaQcAJaMg0OYoTWKmQ4VEqleWRdA
Date: Tue, 08 Sep 2020 07:30:34 +0000
Message-ID: <AM0PR0702MB36037A7F71A23FBE8E388AA8AC290@AM0PR0702MB3603.eurprd07.prod.outlook.com>
References: <159947869329.11456.14733447920077619501@ietfa.amsl.com>
In-Reply-To: <159947869329.11456.14733447920077619501@ietfa.amsl.com>
Accept-Language: hu-HU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: inria.fr; dkim=none (message not signed) header.d=none;inria.fr; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [185.29.82.162]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c1ac9333-ad6e-47fe-5ced-08d853c912fb
x-ms-traffictypediagnostic: AM0PR0702MB3602:
x-microsoft-antispam-prvs: <AM0PR0702MB3602FDD7EB117896C4F10527AC290@AM0PR0702MB3602.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: qTL4bP4xhMwAsVEoUUJAwcGQtsfBmNlJkeGFcGtn9T5i79lel8gM5fpieNT/Gp8YKPtvZ0x2geYrQSewVxfIq8jEBcEW8I/ty0EX71PtkpVlD281RRDJAAMHCXe8aQxTa+A9v9ADCiUfzwN49uq0mWw0u7aDPBsyLtYr4lGIbu+7Ol4+AXBizbhrjed2rOdkYyo3trWvgNRS4aqhAMzzjig7MEcAxAYI8mohx3pb2WEzGNpgC2Qu1Agk4RVMmgAoIsEa5n4zyMKQ9NNQ6dG3r+1fHPKRdVXsKmmfwa5GRwfntX6BJ5TysKLuJs3Q5pVx
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR0702MB3603.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(366004)(136003)(376002)(39860400002)(396003)(55016002)(66446008)(66556008)(66476007)(64756008)(66946007)(316002)(8676002)(4326008)(26005)(8936002)(86362001)(186003)(71200400001)(33656002)(52536014)(7696005)(76116006)(5660300002)(478600001)(85202003)(54906003)(110136005)(9686003)(85182001)(53546011)(2906002)(6506007)(83380400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: dYvmuKBDR7IkKtN2wEt7UoCifqYs9EXB18ARbx4ohUdh82YfXxv49rcyQRw4LLTbZE39cqQxI0wsbQQ3JmJd6h2kh+oJuqB6lHLI40+BmMGvWP62TrvFykWAvfR5w+sXJQMz7Qmv/VNMTQp/OSrKhXV5mXd1mpougJ45AkiYQ/mef23yAhN7uDZoiKIkQudIBTcf4tA2PXQH14HxshNiXSPej4uOuzPogFOeW1COoGSoW5/yX5N+OcelKNBAfldvNSybwxBJa3ZteWI1jUVL0FdFyNUsYMyuNbqEvc8gFjU7Tp0olnAHyNFus6iDgUZLp6JJjwVpe57jFzKIAwGhOiuqB5urqFtTeX+ZOLx91kHPdFcGlsaKGotcnCtOLvRLGl2tl+jfupKszViYlXhsj6N6OeE6TzQhbnnl/uDpmIa9LlQHQTXIVaWdmKT/cPqFVl05lliE6xVC9iKMOCTqA5umdGUotg+voqdWrEPpbZEnRAnuJbwFl5cHpwjOjoqlAMEVE27XNHSe2/uX2rdejwNcHUjNN7QW+9K86DUceTZQctwXgSQau7dSeGATaiDgl4rBv6Jd+O3obmygcEt+nrGg0iNE4sGFWEmeycGed8nHQYPgV4GDmcx0UlcS2c6uEzcQPsbvVJ6qYSyJ5NU4QA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR0702MB3603.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c1ac9333-ad6e-47fe-5ced-08d853c912fb
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Sep 2020 07:30:34.3940 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: GlbkSAWgXTiy7nH/6nnYUpjCl/ICRgQQ6tzQEJ0Lhiqo+O1Vu7jEFz3CiyKYMjAhpANimhyUAKBS4EfKhoxmwZVE5dSVYF22CVmgFjZ9ibg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR0702MB3602
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/WiVFikvcxaPo6HuUrMLbTJc43r8>
Subject: Re: [Detnet] Secdir last call review of draft-ietf-detnet-ip-over-mpls-07
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2020 07:30:48 -0000

Hi Vincent,

Many thanks for your review.
I have updated the document based on your comments 
(i.e., changing to normative reference, fixing abbreviations.)

Thanks & Cheers
Bala'zs


-----Original Message-----
From: Vincent Roca via Datatracker <noreply@ietf.org> 
Sent: Monday, September 7, 2020 1:38 PM
To: secdir@ietf.org
Cc: last-call@ietf.org; detnet@ietf.org; draft-ietf-detnet-ip-over-mpls.all@ietf.org
Subject: Secdir last call review of draft-ietf-detnet-ip-over-mpls-07

Reviewer: Vincent Roca
Review result: Has Nits

Hello,

I have reviewed this document as part of the security directorate’s ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

Summary: Has Nits

I have no major concern. However I think that the Security considerations section could and should better leverage on [I-D.ietf-detnet-security] (currently it is mainly cited but that's all). Indeed, the [I-D.ietf-detnet-security] document is all about DetNet security, it introduces the problem in a clear manner, then it discusses with much detail both security risks and mitigation technics, providing high level synthesis tables, and sections 9.1 and 9.2 are even dedicated to IP and MPLS DetNet security. 
This is a MUST read document that provides valuable discussion (perhaps more than in the present document, sorry).

I also think the  [I-D.ietf-detnet-security] reference (""Deterministic Networking (DetNet) Security Considerations") should be a Normative Reference (it's currently in the Informative Reference list).


Minor comments:

- Section 4.1 uses the S-PE acronym when refering to the Relay Node, whereas S-PE is not expended in the Abbreviations list of section 2.2.


Regards,    Vincent