Re: [Detnet] WG Last Call: draft-ietf-detnet-security-09
Lou Berger <lberger@labn.net> Fri, 15 May 2020 19:47 UTC
Return-Path: <lberger@labn.net>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 081633A08C4 for <detnet@ietfa.amsl.com>; Fri, 15 May 2020 12:47:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=labn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZxDjOCMUP7m for <detnet@ietfa.amsl.com>; Fri, 15 May 2020 12:47:44 -0700 (PDT)
Received: from gproxy3-pub.mail.unifiedlayer.com (gproxy3-pub.mail.unifiedlayer.com [69.89.30.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 630063A08B3 for <detnet@ietf.org>; Fri, 15 May 2020 12:47:44 -0700 (PDT)
Received: from CMGW (unknown [10.9.0.13]) by gproxy3.mail.unifiedlayer.com (Postfix) with ESMTP id 8648C40352 for <detnet@ietf.org>; Fri, 15 May 2020 13:47:40 -0600 (MDT)
Received: from box313.bluehost.com ([69.89.31.113]) by cmsmtp with ESMTP id ZgJ2jObDFtoKZZgJ2j24BF; Fri, 15 May 2020 13:47:40 -0600
X-Authority-Reason: nr=8
X-Authority-Analysis: v=2.2 cv=e492ceh/ c=1 sm=1 tr=0 a=h1BC+oY+fLhyFmnTBx92Jg==:117 a=h1BC+oY+fLhyFmnTBx92Jg==:17 a=dLZJa+xiwSxG16/P+YVxDGlgEgI=:19 a=xqWC_Br6kY4A:10 a=IkcTkHD0fZMA:10 a=sTwFKg_x9MkA:10 a=Vy_oeq2dmq0A:10 a=wU2YTnxGAAAA:8 a=48vgC7mUAAAA:8 a=nE3LGTKQukP0Qyo_LtsA:9 a=sGtvJFfliTLcO6n4:21 a=20b6O59YjnTmI5Aw:21 a=QEXdDO2ut3YA:10 a=Yz9wTY_ffGCQnEDHKrcv:22 a=w1C3t2QeGrPiZgrLijVG:22
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version :Date:Message-ID:From:References:Cc:To:Subject:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=fGjRghQ4zotJRxGxUj+YQBLYG48xKTXkP+nrjpjfIqc=; b=kLSlaiKHas2QLy/AVhGEgDV/o/ BcIn1asCr3DUt6VGD3mvTDIDjYwqrSU1USe6bZZtUMEPdKhyKOsnna8N3FQ1N5V4H8EZqdWOGJghd 4gaufNOLL+JgK77KaHDUuFtYQ;
Received: from [127.0.0.1] (port=22757 helo=[IPv6:::1]) by box313.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from <lberger@labn.net>) id 1jZgJ2-001yCI-7W; Fri, 15 May 2020 13:47:40 -0600
To: "Grossman, Ethan A." <eagros@dolby.com>, DetNet WG <detnet@ietf.org>
Cc: "draft-ietf-detnet-security@ietf.org" <draft-ietf-detnet-security@ietf.org>, "Black, David" <David.Black@dell.com>
References: <e90b23d3-0a76-0d4f-71f9-da45492d9394@labn.net> <812e41d0-9c8a-e1fe-8181-9bc4b488cf31@labn.net> <BY5PR06MB6611D7C8B827D5437C8367A5C4BD0@BY5PR06MB6611.namprd06.prod.outlook.com>
From: Lou Berger <lberger@labn.net>
Message-ID: <26488001-598a-8960-6a59-44e591a02fdb@labn.net>
Date: Fri, 15 May 2020 15:47:24 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
MIME-Version: 1.0
In-Reply-To: <BY5PR06MB6611D7C8B827D5437C8367A5C4BD0@BY5PR06MB6611.namprd06.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box313.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - labn.net
X-BWhitelist: no
X-Source-IP: 127.0.0.1
X-Source-L: Yes
X-Exim-ID: 1jZgJ2-001yCI-7W
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: ([IPv6:::1]) [127.0.0.1]:22757
X-Source-Auth: lberger@labn.net
X-Email-Count: 2
X-Source-Cap: bGFibm1vYmk7bGFibm1vYmk7Ym94MzEzLmJsdWVob3N0LmNvbQ==
X-Org: HG=bhcustomer;ORG=bluehost;
X-Local-Domain: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/9YXiM03jmS6BKhf4SvUsJzJGWfo>
Subject: Re: [Detnet] WG Last Call: draft-ietf-detnet-security-09
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2020 19:47:56 -0000
Hi Ethan, On 5/15/2020 1:09 PM, Grossman, Ethan A. wrote: > Hi Lou, > As I understand it, there are two unresolved issues from David Black's last email. These are: > >> [5-Major] Section 5.8 seems incomplete. It contains a sizeable summary table >> of attacks, impacts and mitigations, but doesn't provide >> recommendations on what to do. Scanning the mitigations column, a >> good start would be to characterize control message protection and >> performance analytics as [MUST implement, SHOULD use] and the combination of DetNet authentication and >> integrity protection as [MUST implement, MAY use]. Both "MUST" >> requirements are my initial take that I'd be happy to discuss further. There were two points on this, in david's response. 1) there was agreement that conformance language was *not* needed, but that 2) the draft should "provide concise recommendations to implementers on what to do." I took this as an editorial comment that the authors would address. Do you think otherwise? >> [6-Major] Section 7.1 on the IP data plane seems rather weak - I'm not >> sure whether it says anything that's seriously useful. Section 7.2 on >> the MPLS data plane is much better in directing the reader to relevant >> security considerations in other documents. > In short, yes, I still need input on these; I can't resolve them myself. Skimming this section the biggest omissions are security considerations in prior work. I think it worth while to review the security considerations in [RFC2474] and [RFC2475] and see if content is missing from this document (probably in section 3) or if a simple reference should be added. Once this is done, I can also note in the Shepherd/PROTO write-up that this document has already been informally reviewed by the security directorate and that this section has been identified as needing specific review (in the context of the rest of the document). So I think the action is back on you/the authors to look at the security considerations in [RFC2474] and [RFC2475], update this draft accordingly, and then report back to the WG. Of course if someone else wishes they can propose a specific update to the WG document on the list, and this would be most welcome. Does this work for you and the other authors? Thanks, Lou > Ethan (as DetNet Security draft editor). > > > -----Original Message----- > From: Lou Berger <lberger@labn.net> > Sent: Friday, May 15, 2020 7:43 AM > To: DetNet WG <detnet@ietf.org> > Cc: draft-ietf-detnet-security@ietf.org > Subject: Re: [Detnet] WG Last Call: draft-ietf-detnet-security-09 > > To follow up on this LC -- the LC is closed, but (as I understand it) there is one unresolved issue. > > Authors, > > do you have a plan to address the open issue, or do you still need some additional input? > > Lou > > On 4/20/2020 11:00 AM, Lou Berger wrote: >> All, >> >> This starts a two-week working group last call for >> draft-ietf-detnet-security-09 >> >> The working group last call ends on April 4. >> Please send your comments to the working group mailing list. >> >> Positive comments, e.g., "I've reviewed this document and believe it >> is ready for publication", are welcome! >> This is useful and important, even from authors. >> >> Thank you, >> Lou (DetNet Co-Chair & doc Shepherd) >> >> _______________________________________________ >> detnet mailing list >> detnet@ietf.org >> https://www.ietf.org/mailman/listinfo/detnet >> > _______________________________________________ > detnet mailing list > detnet@ietf.org > https://www.ietf.org/mailman/listinfo/detnet
- [Detnet] WG Last Call: draft-ietf-detnet-security… Lou Berger
- Re: [Detnet] WG Last Call: draft-ietf-detnet-secu… Lou Berger
- Re: [Detnet] WG Last Call: draft-ietf-detnet-secu… Grossman, Ethan A.
- Re: [Detnet] WG Last Call: draft-ietf-detnet-secu… Lou Berger
- Re: [Detnet] WG Last Call: draft-ietf-detnet-secu… Grossman, Ethan A.