Re: [Detnet] I-D Action: draft-ietf-detnet-security-05.txt
"Grossman, Ethan A." <eagros@dolby.com> Thu, 29 August 2019 22:46 UTC
Return-Path: <eagros@dolby.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EF5E120089 for <detnet@ietfa.amsl.com>; Thu, 29 Aug 2019 15:46:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dolby.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jnQI-tEjqFXz for <detnet@ietfa.amsl.com>; Thu, 29 Aug 2019 15:46:48 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-eopbgr800135.outbound.protection.outlook.com [40.107.80.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B774120059 for <detnet@ietf.org>; Thu, 29 Aug 2019 15:46:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FOYinWXoxlPPkYmdYj8cdX81tehhLDMHXbpXPfYop52eXpN0yvVk/JX2Dn8nkwhKQMI1zCjRofAZOAocXgjSopk+o6kaQPEeno9lGC/mVmkv6XWwjT3dnaywcoSopExhRwXtAShaJtWX+btsgmlzRi86B3cdkU56yBOZYvxtEA1iSnRrylag1x0tRUcWIkbN2uT4KXn2XZjlHTwDHWGdnXa880U4n/jHCFdh9Pm0e+YBqFqB7xIUJc+CyfIxVDKOsSKJQdsRAZXHTi5cQEN0b18KfknHDejWKS197f+tk+8ZC+mvd80Vluu4rxJMnkBH3IHo4Z/rdZ1JDj+fWBZGIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cqECoPLmjS93fInjAPAHXQJqpADu6+FOTDqhE32s4jg=; b=cy3kwooxxLmHIsgCcQ4GcOV8V6QRPgudJ3WmxcWkaqXhOfIRvf4ITYdFvcwLsf8SF+WIcJ0m3H5RGS/MnvEwCs/syfjgw0+pRbNrYB8i7QQU0sdfuk4RFGcvHQqEVK1h5/gPD/jo3GHnO3Uy9FyqRngIURUDrclCkY/M4pNTze8uEDZOR3z1STMVaPh63BLyOUCWHQDdEuFQPur0gMPGcSsPWKknbyw6FYaa+V79asaY0XLRzIzQsdFpe0RH5HzlpQzVQ+l6sjvVNpXWTxnGikkCeGLXwA9MP08vu5pugihnKmM7XLm8CtFXGtJjT1q9+1EUZK96mNspF8KM0AmC3w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dolby.com; dmarc=pass action=none header.from=dolby.com; dkim=pass header.d=dolby.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dolby.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cqECoPLmjS93fInjAPAHXQJqpADu6+FOTDqhE32s4jg=; b=eKUXK98DN3rcqjPrIKqNeWZ8BI8Zk4CqCdcvv0eGO7JTtjuNziEQ8/AEE0V1gebz1bTEqEX5/oP+lqV10lN131nmwt7YPDcvTbVmotePZ8BhTcGeUnNUyZJnaRFIVNXzyknxDptUqF5nZR/ntYRV7ZRPYs7XfkKeywRi6hiAn5E=
Received: from DM6PR06MB4329.namprd06.prod.outlook.com (20.176.106.155) by DM6PR06MB6393.namprd06.prod.outlook.com (20.178.28.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2199.21; Thu, 29 Aug 2019 22:46:46 +0000
Received: from DM6PR06MB4329.namprd06.prod.outlook.com ([fe80::6876:a765:82ed:b879]) by DM6PR06MB4329.namprd06.prod.outlook.com ([fe80::6876:a765:82ed:b879%6]) with mapi id 15.20.2220.013; Thu, 29 Aug 2019 22:46:46 +0000
From: "Grossman, Ethan A." <eagros@dolby.com>
To: "detnet@ietf.org" <detnet@ietf.org>
Thread-Topic: [Detnet] I-D Action: draft-ietf-detnet-security-05.txt
Thread-Index: AQHVXrrTN0tVdwVYjESZxd1EVKBwLqcSuGFw
Date: Thu, 29 Aug 2019 22:46:46 +0000
Message-ID: <DM6PR06MB43296C2EDA1576A6E0AD3171C4A20@DM6PR06MB4329.namprd06.prod.outlook.com>
References: <156711844845.12304.8981395171949558694@ietfa.amsl.com>
In-Reply-To: <156711844845.12304.8981395171949558694@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-dg-ref: PG1ldGE+PGF0IG5tPSJib2R5LnR4dCIgcD0iYzpcdXNlcnNcZWFncm9zXGFwcGRhdGFccm9hbWluZ1wwOWQ4NDliNi0zMmQzLTRhNDAtODVlZS02Yjg0YmEyOWUzNWJcbXNnc1xtc2ctZGZlZjNkYzMtY2FhZS0xMWU5LWI5MDctODRmZGQxM2NkNGNmXGFtZS10ZXN0XGRmZWYzZGM0LWNhYWUtMTFlOS1iOTA3LTg0ZmRkMTNjZDRjZmJvZHkudHh0IiBzej0iMzkwNCIgdD0iMTMyMTE1OTI0MDU0MDU2MjIzIiBoPSJ5RjNMb3pzcmFxYWgyT3ZyUkV1ZjlFdkdNcDA9IiBpZD0iIiBibD0iMCIgYm89IjEiLz48L21ldGE+
x-dg-rorf:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=eagros@dolby.com;
x-originating-ip: [8.39.141.5]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6980fc4e-d85f-46ac-df3c-08d72cd2c5c5
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM6PR06MB6393;
x-ms-traffictypediagnostic: DM6PR06MB6393:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <DM6PR06MB639340F17657A8E797191514C4A20@DM6PR06MB6393.namprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0144B30E41
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(39850400004)(346002)(396003)(366004)(376002)(199004)(189003)(13464003)(53754006)(256004)(52536014)(5660300002)(186003)(6246003)(15650500001)(7736002)(305945005)(486006)(71190400001)(25786009)(71200400001)(476003)(14454004)(966005)(33656002)(6916009)(478600001)(86362001)(2351001)(316002)(26005)(229853002)(2501003)(53546011)(5640700003)(2906002)(11346002)(64756008)(66946007)(66476007)(66556008)(99286004)(66446008)(66066001)(6306002)(55016002)(6436002)(74316002)(81156014)(1730700003)(76176011)(81166006)(7696005)(8676002)(6116002)(66574012)(3846002)(102836004)(53936002)(446003)(9686003)(6506007)(8936002)(14444005)(76116006); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR06MB6393; H:DM6PR06MB4329.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: dolby.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Qavt5JuPYfi+1gy/R3Nb/WH0s7K5YonvdG+fh5kZQ3eC1Nk2QE2qkhcO2KNMUdTUjnQgEHoEKAbgaHTOdQQJUbbGh5oIFb3CPrUMnqTFioHmuf1X5oZ2Z4WrIPzzz4GTxNgZUTw/wY+01HP1oHke5zu987ToC1yFKPvWkvNbcxsKMWDRKT879twrzN44aVo91N0clk3Ho4T6oZHXj/g1r5ehHebgmNHAzrVMT6pNTLQW0FYAAWM+Oq4fmilbP0QRKeM5xTmoLRwMGxMTmBjrTDHWzhdfPvDeeYziO8pXEZeu5bfp5bIPdArJdt2tsu0XmvGg5PDvNqOBMc7EybK2nrOqxPWwnhYsakMCR5r8GgpyjlxxnIAFq29TexlJdpohBx1n6bU2tFOIcKywXWVVydADDRZnYJTP4j791eZicmA=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: dolby.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6980fc4e-d85f-46ac-df3c-08d72cd2c5c5
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Aug 2019 22:46:46.7628 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 05408d25-cd0d-40c8-8962-5462de64a318
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 28yO0hu7xWu10RfhAMnnGigX/DCnaF/fV3duvsoRibTAR1rp87LLWk+pKNfNq7kK4NPoSbIzRneay/TUcGWrEg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR06MB6393
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/x3UspmK1GEjlCnLUBiRh4BfAN5A>
Subject: Re: [Detnet] I-D Action: draft-ietf-detnet-security-05.txt
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Aug 2019 22:46:51 -0000
Hi All, This update to the DetNet Security draft is primarily to keep the draft from expiring, but I did add a section for the technology-specific section, and put some text for the IP sub-section based on list discussion. I am still waiting for text to be contributed for the MPLS sub-section. I added a sub-section for TSN, since it is named as a sub-network technology in the Architecture draft, but as usual I'm not sure what to put there. Any input is welcome, and we can always say "there is nothing to add here" (as we did for IP) if we believe that to be the case. As always your input is solicited. Thanks, Ethan (as DetNet Security draft editor) -----Original Message----- From: detnet <detnet-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org Sent: Thursday, August 29, 2019 3:41 PM To: i-d-announce@ietf.org Cc: detnet@ietf.org Subject: [Detnet] I-D Action: draft-ietf-detnet-security-05.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Deterministic Networking WG of the IETF. Title : Deterministic Networking (DetNet) Security Considerations Authors : Tal Mizrahi Ethan Grossman Andrew J. Hacker Subir Das John Dowdell Henrik Austad Kevin Stanton Norman Finn Filename : draft-ietf-detnet-security-05.txt Pages : 44 Date : 2019-08-29 Abstract: A deterministic network is one that can carry data flows for real- time applications with extremely low data loss rates and bounded latency. Deterministic networks have been successfully deployed in real-time operational technology (OT) applications for some years (for example [ARINC664P7]). However, such networks are typically isolated from external access, and thus the security threat from external attackers is low. IETF Deterministic Networking (DetNet) specifies a set of technologies that enable creation of deterministic networks on IP-based networks of potentially wide area (on the scale of a corporate network) potentially bringing the OT network into contact with Information Technology (IT) traffic and security threats that lie outside of a tightly controlled and bounded area (such as the internals of an aircraft). These DetNet technologies have not previously been deployed together on a wide area IP-based network, and thus can present security considerations that may be new to IP- based wide area network designers. This draft, intended for use by DetNet network designers, provides insight into these security considerations. In addition, this draft collects all security- related statements from the various DetNet drafts (Architecture, Use Cases, etc) into a single location Section 8. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-detnet-security/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-detnet-security-05 https://datatracker.ietf.org/doc/html/draft-ietf-detnet-security-05 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-detnet-security-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ detnet mailing list detnet@ietf.org https://www.ietf.org/mailman/listinfo/detnet
- [Detnet] I-D Action: draft-ietf-detnet-security-0… internet-drafts
- Re: [Detnet] I-D Action: draft-ietf-detnet-securi… Grossman, Ethan A.