Re: [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 and AD comments
"Grossman, Ethan A." <eagros@dolby.com> Fri, 14 August 2020 21:55 UTC
Return-Path: <eagros@dolby.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B4F23A0B63; Fri, 14 Aug 2020 14:55:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dolby.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8WGtOtL_Zan5; Fri, 14 Aug 2020 14:55:30 -0700 (PDT)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2099.outbound.protection.outlook.com [40.107.94.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E78E03A0B5E; Fri, 14 Aug 2020 14:55:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nCpzJ3UX4IyEzrC9E45arHCng9VoXs4P7gn5xeU8qexB+0H1KzGvF6YEBKg+J4VAWR6yCoQWun+zRrcOYnbKEcbTN9Bcn53cMEb6BRyhYsP5+j5AlDR/lqWH6ykXgnbLAkTLQH4p2ZxwBYm5isi90la1/Yfd/8UIlTXjHQzrPXFahQPJ5FAP0gQlHEoSRoPiQJIgkG+PQ4zO5/3T9Qa4ehcRdf8MMB0sIdxsSzj1izHu1OkPDcI6HiSlhcGab2z5zNlub3njTYYuijNm7DQyEJpnNXIN1Kim50vDuIwx6Cmw/3uHkKNEzNyvwT1KH4hEtan7/yPnBAUyyt32keRgCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XOiscHzSaoNuapKsDPk1PzRi3fxZEBCs3LFPfRZNq/o=; b=Ejv/9W95m5K5xIwwi+m+6D2GEWwVrJsfqVdx8DbTNZ+ngQOUaAnE8rfgWf0Mn4NnwY6/ePlBDV52VoWyPYQ0MDbk/bXgRX5k/IsXIc6VIpoybYk+4grxVgHe+KosCTdQRE0Mx1tmF4/P+N95qhJZ865EoCS+689Swj5VWe8ZWUnpojcu8KOzyk30MD81OkscYum1sXfDslBMHjZxyVDzZYuNe/WJgYt5G9aaObWswrI6ltJ1Kc/j7CVi1i8vOBR3ncAE/D1BcueVBjTieYGi/n2moXes5VAZNOQZxoY/ZFYvTeAqhY18BMZuaQr8FlzEkX0lqCbfpG6ZimVffd0wEA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dolby.com; dmarc=pass action=none header.from=dolby.com; dkim=pass header.d=dolby.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dolby.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XOiscHzSaoNuapKsDPk1PzRi3fxZEBCs3LFPfRZNq/o=; b=M4EmiMagTIKzLoNaC5Ho/9xAAKa4ofkZAAueIf1LfJ1fafH1FuUZ1EBm+MvEDTc3HU7sPIqbqYztjZU6yu21JDw5WtqUZk4al2NmvD5PTxFRtZlZ1oSBG8JFcJORT086YF4N3DYtP6+f4X3RRJYGczKEF5sR/s4FUzv+CH7TE/A=
Received: from BY5PR06MB6611.namprd06.prod.outlook.com (2603:10b6:a03:23d::20) by BYAPR06MB5559.namprd06.prod.outlook.com (2603:10b6:a03:dd::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.16; Fri, 14 Aug 2020 21:55:28 +0000
Received: from BY5PR06MB6611.namprd06.prod.outlook.com ([fe80::59d0:9610:aeb8:ca84]) by BY5PR06MB6611.namprd06.prod.outlook.com ([fe80::59d0:9610:aeb8:ca84%4]) with mapi id 15.20.3283.018; Fri, 14 Aug 2020 21:55:28 +0000
From: "Grossman, Ethan A." <eagros@dolby.com>
To: "BRUNGARD, DEBORAH A" <db3546@att.com>, Stewart Bryant <stewart.bryant@gmail.com>
CC: "draft-ietf-detnet-security@ietf.org" <draft-ietf-detnet-security@ietf.org>, DetNet Chairs <detnet-chairs@ietf.org>, "detnet@ietf.org" <detnet@ietf.org>
Thread-Topic: [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 and AD comments
Thread-Index: AdZxxNsDm7IRxEpwSOWs8NSmXXLbSgAkisIAAAH5/wAAAPOQUAAHvLyAAAAIASAAAOOVAAAADg6A
Date: Fri, 14 Aug 2020 21:55:27 +0000
Message-ID: <BY5PR06MB66115D7CE1E8069CC5D658DEC4400@BY5PR06MB6611.namprd06.prod.outlook.com>
References: <aa5807fe6bba486f92f6afbcd3efb2d2@att.com> <BY5PR06MB661158C6BFF774D5F92738AEC4400@BY5PR06MB6611.namprd06.prod.outlook.com> <400B2F4D-8021-4CE6-9764-EECEC49DD5B8@gmail.com> <BY5PR06MB66114F99C4CCC588D5D3529DC4400@BY5PR06MB6611.namprd06.prod.outlook.com> <2e84157800404843b2d96bc017461e05@att.com> <BY5PR06MB661151C2DFC33538F7CB016DC4400@BY5PR06MB6611.namprd06.prod.outlook.com> <105935d723834e52a9b6c7d22fdd6093@att.com>
In-Reply-To: <105935d723834e52a9b6c7d22fdd6093@att.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: att.com; dkim=none (message not signed) header.d=none;att.com; dmarc=none action=none header.from=dolby.com;
x-originating-ip: [104.129.202.56]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a2949fb3-e183-4435-7ddd-08d8409cc1a6
x-ms-traffictypediagnostic: BYAPR06MB5559:
x-microsoft-antispam-prvs: <BYAPR06MB55596A6D86B6387ADF0CD5A0C4400@BYAPR06MB5559.namprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2089;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: B3zl7h5u8tIbPBU0ax/27USgw5aYuMxmrbW5i5ENkD+awNyMhaXzjFb921SpodeKoOcSQ6RImCS9O/R4UGXlwIGfj4EqLac26EM0WFep6hKZLKhO7I4QUHVUm3pN2TilrUyZ1PMQoaUsPJwvWUONZ1Ioi8cPjzoIMLBCr192PesT+OW1/Pa2Zq5gpHKHYEEsGPw7Uh2viq9lgbLXysHjfUax+I+EQVDRN2Nn1S/SENvy1YsJzQqaq0+/jmptSC8mcY+A5RNVduCfdjI2Zi1QxCQ9BgE7i8tZxUasGTnos3fBc/21Hn7URva86/SkIXwzxvvFhWQbanKut7MCw3KHBg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR06MB6611.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(396003)(39850400004)(366004)(346002)(136003)(15650500001)(7696005)(478600001)(71200400001)(52536014)(76116006)(66476007)(83380400001)(53546011)(5660300002)(316002)(66556008)(8676002)(8936002)(33656002)(66946007)(55016002)(66446008)(110136005)(4326008)(54906003)(2906002)(64756008)(86362001)(9686003)(6506007)(55236004)(186003)(26005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: /QsC0crx57ulOkpYvJdiT1bO7zHBecutVn8HYlDpEWaKHbr/qfGmk5QFUQKApaRVHJq1QhefhqyPsoOrmPZ669aixLH1GitHFZQki+tb9UjtREApbDbiBm4QBeg3z8k362Cau564E8b/Uwhs/SDoP1YCqxoLKtUcNt/+92CzgOdoU/7FVaHqy9/du5lI7BgA7RyDuK+vkonthoiJZnx1Wd+Oi7qXWnnL+TsdrPWan8MFMidBsRMoAwSVTOL0zgUqgks1cLtuvZsYSE4uzCU/9QbMwkGgNk/KTwZQz2OdMMsRDAmgFUuel9y2OLKNuF9fRMKPkv5blFU60ujQmIyUXFpBJ55EUGw8alDHJ6i6sPBgSvOOE5jHe15NSxUeSQNQ5NBpOTSB+suiBa3DQZR9gaCa2CBZojQYQ95O0egzWs6CG4xTLN6lWCZIm80AMx7Y/veLP2DTsNCsG7NJhoDu2RjlbF35aARrTtLrvkuALrU+voy60onEjMadB6Jxdx4pO2SR2lFQorbLzsvo1UVkJg1VWhXgafQ5UHZ7n5mMJqe+sIfWg43Aca1slyLfDFdPZQWoPF1AcW67TEjUM6VwU3JTLIVOze4e5i+/2Rd0+8R1C8QdUF7+oJWSxWdwaDNVCMo+1IEhaL5Ywn0gYiFjtg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: dolby.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR06MB6611.namprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a2949fb3-e183-4435-7ddd-08d8409cc1a6
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Aug 2020 21:55:27.9959 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 05408d25-cd0d-40c8-8962-5462de64a318
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 28M4Q0chGzXUd+H7IxAZb6P9vuyouo0zdwEBuGz8RJoLpNUR6zIfoNdjmv3yxLWiBSJbdBMF0K0Sdl7KWbnf8Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR06MB5559
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/5eSJMUYnai1GlWJNKqSrMy3-d_Y>
Subject: Re: [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 and AD comments
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2020 21:55:32 -0000
You got it, thank you! Ethan. -----Original Message----- From: BRUNGARD, DEBORAH A <db3546@att.com> Sent: Friday, August 14, 2020 2:54 PM To: Grossman, Ethan A. <eagros@dolby.com>; Stewart Bryant <stewart.bryant@gmail.com> Cc: draft-ietf-detnet-security@ietf.org; DetNet Chairs <detnet-chairs@ietf.org>; detnet@ietf.org Subject: RE: [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 and AD comments Hi Ethan, Suggest breaking it into two paragraphs and I prefer the original introduction sentence and a swap of implies/s/requires as "implies" is a bit weak. Suggested a few other tweaks. A DetNet (deterministic network) provides specific performance guarantees to its data flows, such as extremely low data loss rates and bounded latency. As a result, securing a DetNet requires that in addition to the best practice security measures taken for any mission-critical network, additional security measures may be needed to secure the intended operation of these novel service properties. This document addresses DetNet-specific security considerations from the perspectives of both the DetNet system-level designer and component designer. System considerations include a threat model, taxonomy of relevant attacks, and associations of threats versus use cases and service properties. Component-level considerations include ingress filtering and packet arrival time violation detection. This document also addresses DetNet security considerations specific to the IP and MPLS data plane technologies thereby complementing the Security Considerations sections of the various DetNet Data Plane (and other) DetNet documents. Thanks! Deborah -----Original Message----- From: Grossman, Ethan A. <eagros@dolby.com> Sent: Friday, August 14, 2020 5:30 PM To: BRUNGARD, DEBORAH A <db3546@att.com>; Stewart Bryant <stewart.bryant@gmail.com> Cc: draft-ietf-detnet-security@ietf.org; DetNet Chairs <detnet-chairs@ietf.org>; detnet@ietf.org Subject: RE: [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 and AD comments Hi Deborah, Funny you should say that (as Adrian also said). I just rewrote it like this: A DetNet (as described in RFC8557, Deterministic Networking Problem Statement) provides specific performance guarantees to its data flows, such as extremely low data loss rates and bounded latency. As a result, securing a DetNet implies that in addition to the best practice security measures taken for any mission-critical network, additional security measures may be needed to secure the intended operation of these novel service properties. This document addresses DetNet-specific security considerations from the perspectives of both the DetNet system-level designer and component designer. System considerations include a threat model, taxonomy of relevant attacks, and associations of threats versus use cases and service properties. Component-level include topics such as ingress filtering and packet arrival time violation detection. This document also addresses DetNet security considerations specific to the IP and MPLS data plane technologies thereby complementing the Security Considerations sections of the various DetNet Data Plane (and other) DetNet documents. OK? Ethan. -----Original Message----- From: BRUNGARD, DEBORAH A <db3546@att.com> Sent: Friday, August 14, 2020 2:27 PM To: Grossman, Ethan A. <eagros@dolby.com>; Stewart Bryant <stewart.bryant@gmail.com> Cc: draft-ietf-detnet-security@ietf.org; DetNet Chairs <detnet-chairs@ietf.org> Subject: RE: [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 and AD comments Hi, I forgot to add one more comment - you need to shorten the abstract - it needs to be an abstract😊 Good weekends! Deborah -----Original Message----- From: Grossman, Ethan A. <eagros@dolby.com> Sent: Friday, August 14, 2020 1:52 PM To: Stewart Bryant <stewart.bryant@gmail.com> Cc: BRUNGARD, DEBORAH A <db3546@att.com>; adrian@olddog.co.uk; rtg-dir@ietf.org; draft-ietf-detnet-security.all@ietf.org; detnet@ietf.org Subject: RE: [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 and AD comments Thanks for the offer Stewart, yes, let's do that. I suppose I can make a pass through them all today, then enumerate the open ones, then we can divvy them out in a concise way. Ethan. -----Original Message----- From: Stewart Bryant <stewart.bryant@gmail.com> Sent: Friday, August 14, 2020 10:19 AM To: Grossman, Ethan A. <eagros@dolby.com> Cc: Stewart Bryant <stewart.bryant@gmail.com>; BRUNGARD, DEBORAH A <db3546@att.com>; adrian@olddog.co.uk; rtg-dir@ietf.org; draft-ietf-detnet-security.all@ietf.org; detnet@ietf.org Subject: Re: [Detnet] Rtgdir last call review of draft-ietf-detnet-security-10 and AD comments Ethan Why not ask the “usual suspects" to a call and we will go though the issues one by one and parcel out text assignments? Stewart > On 14 Aug 2020, at 17:36, Grossman, Ethan A. <eagros@dolby.com> wrote: > > Hi Adrian, Deborah, WG, > Today (as editor of the Security draft) I am attempting to address Adrian's review comments. Reading through them, several of them are basically out of my depth, and I'm not sure how I would fill in the requested details, for example questions along the line of "you can't just say "the appropriate [measures]" you have to tell them what to do". > > Is there any chance anyone on this thread who has more domain knowledge than I do could spend a little time with me to give me some concrete clues as to what could be said to address some of these items? I can do the wordsmithing, and even some background reading, but it would be extremely helpful to get a well-informed shove in the right direction. > > My strategy today is to first address the nits and other straightforward items, and then as I attempt the others I will send out emails to the WG proposing as much text as I can conjure up, and it would be great if I got any responses. But if anyone has time for an impromptu webconf session to review the items en masse that would be appreciated; I can set that up on the spot. > > Thanks, > Your faithful servant, > Ethan. > > -----Original Message----- > From: BRUNGARD, DEBORAH A <db3546@att.com> > Sent: Thursday, August 13, 2020 4:21 PM > To: adrian@olddog.co.uk; 'Stewart Bryant' <stewart.bryant@gmail.com> > Cc: rtg-dir@ietf.org; draft-ietf-detnet-security.all@ietf.org; > detnet@ietf.org > Subject: RE: [Detnet] Rtgdir last call review of > draft-ietf-detnet-security-10 and AD comments > > Hi, > > Much thanks Adrian for your review! > > Without getting into the debate on the term itself, I don't think MITM is concise enough. In RFC3552, MITM is just one of multiple active attack possibilities. Same for Injector, it also is an active attack. It's not simply MITM vs. injector. Stewart is correct - on-path can be an observer (passive). I think we need to define per RFC3552, not the Network Time Protocol threat model. It would be better to align with the security terms and use on-path /off-path vs. internal/external. I think this is part of the confusion as the definition of internal in the document is mixing with the definition of MITM in RFC3552. > > The checked items in Figure 1 are not MITM (they could be done by a MITM), they are basically message modification (RFC3552). So I'm actually not sure the value of this breakdown of MITM vs. Injector? These terms are only used in 5.1 and Figure 1, they are not used in the rest of the document. Suggest it would be more accurate to simply say "active" (document already has the term in 5.1) and remove these terms/breakdown in Figure 1. Same for internal/external, they are not used in the rest of the document. > > Section 5.1 has the terms "active" and "passive" but doesn't define them. Need to define. > > The document is very comprehensive - congrats to the authors and the > working group! With the couple of fixes to sort out the definitions in > Section 5, it will be ready for the super scrutiny during Last > Call/Sec ADs😊 > > Thanks, > Deborah > (recovering after a week without power) > > -----Original Message----- > From: Adrian Farrel <adrian@olddog.co.uk> > Sent: Friday, August 7, 2020 1:10 PM > To: 'Stewart Bryant' <stewart.bryant@gmail.com> > Cc: rtg-dir@ietf.org; draft-ietf-detnet-security.all@ietf.org; > detnet@ietf.org > Subject: RE: [Detnet] Rtgdir last call review of > draft-ietf-detnet-security-10 > > I can't decide whether to get into this or not 😊 > > My review said, "It would be nice to avoid," not, "You must avoid." > The review is principally for the AD, and they will tell you whether you need to action this. > I made a constructive suggestion of an alternative phrase, but you are allowed to choose others. > > The thing about the term "man-in-the-middle" is not that it is directly making a specific man appear evil, it is that it associates the word "man" with the concept "evil" and therefore subtly changes the long-term perception of "man". There is, in fact, nothing about this type of attack that is specific to a man, and not all attackers are men, nor are all men attackers. > > This is a minor issue for me, and (to some extent) I wanted to experiment with draft-knodel-terminology to see what reaction it would get if the changes it suggests were made as a request rather than as an order. > > Cheers, > Adrian > > -----Original Message----- > From: Stewart Bryant <stewart.bryant@gmail.com> > Sent: 06 August 2020 13:52 > To: Adrian Farrel <adrian@olddog.co.uk> > Cc: rtg-dir@ietf.org; draft-ietf-detnet-security.all@ietf.org; > detnet@ietf.org > Subject: Re: [Detnet] Rtgdir last call review of > draft-ietf-detnet-security-10 > > >> --- >> >> It would be nice to avoid the term "man-in-the-middle" (and >> coresponding >> "MITM") in favour of the term "on-path attacker". It is less >> problematic as a term, and no less accurate. >> >> Although "man-in-the-middle" is well established, I think you could >> easily avoid it and if you feel necessary you could use "An on-path >> attacker (formerly known as a man-in-the-middle) ..." > > I sort of understand why you want to change MITM, although given that the man you have in mind is evil I am not sure whether it is that objectionable in this context. However I am not sure on-path is the right term. MITM normally implies an entity that can modify traffic in flight, whereas an on path attacker may simply be an observer. > > Maybe AITM (attacker ....) would be a better gender neutral term. > > Stewart > >
- Re: [Detnet] Rtgdir last call review of draft-iet… BRUNGARD, DEBORAH A
- Re: [Detnet] Rtgdir last call review of draft-iet… Grossman, Ethan A.
- Re: [Detnet] Rtgdir last call review of draft-iet… Stewart Bryant
- Re: [Detnet] Rtgdir last call review of draft-iet… Grossman, Ethan A.
- Re: [Detnet] Rtgdir last call review of draft-iet… Grossman, Ethan A.
- Re: [Detnet] Rtgdir last call review of draft-iet… BRUNGARD, DEBORAH A
- Re: [Detnet] Rtgdir last call review of draft-iet… Grossman, Ethan A.