IETF Logo Mail Archive

Re: [Detnet] Roman Danyliw's No Objection on draft-ietf-detnet-oam-framework-10: (with COMMENT)

Roman Danyliw <rdd@cert.org> Mon, 08 January 2024 19:54 UTC

Return-Path: <rdd@cert.org>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F0BDC151989; Mon, 8 Jan 2024 11:54:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LU1YeynqVcO3; Mon, 8 Jan 2024 11:54:40 -0800 (PST)
Received: from USG02-CY1-obe.outbound.protection.office365.us (mail-cy1usg02on0095.outbound.protection.office365.us [23.103.209.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27F9FC151542; Mon, 8 Jan 2024 11:54:36 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=coB1jEwgE6MbW3r2bFGt9iNopvDH2fuVCT9xffv0MyuRuBRjF9ThBXrBhOlDoGQI6nEbJIUMXV8r/TPbXJkvCFB1IVP2+p7mMYBwL4QqDUZpptI8e5VDdr0DpLy5rn3VYmsnwfibDCTSox6ixcuTu85juEHU0/Uqbi/LQawz0smPjp0j9EpWkrOlruvFMxvZPUmY7A8t2aGtmynXjq0wL6z5i8PgWdhk4hR4osxFfQPoYfDDcI5A+it+wtnSNx6ZEUi6TN5Jr2lnyXAQgpe8J1wHQxRlEy01HW7GsZ0j9C+TtOEXVqas7QqCWIKnd6ujjNkVp7y1/fIvQgY0YzgU3g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=D/an5skf72BBfgWqHZbKDQxDQs8uFQdDG5+4luZKkGY=; b=NMiu8iPVgGqWXCirZezc0LoPMazJ5HHL8SC4Alb1Uk+wvb+myV3pY5b6q+KmS5CbW0Kh3ueELjj01X/BpAFuud1p1468/i4ldVStM7uezWd+CVBe4TphvVdywJMDWRZOiBlGY2/LNLSFxGaknisLLRY+NoQZtzWv2d0EWPSaRO7fBoNXe+ceORt9/mK0yT4OYTQkPhiDMEokIEg/lnWAC3v13JzZMVfbge+LNxC4A9BDUrxJudgB56SjDYt7wMDE6iB3wKB/M26nvUJX3Zv25MCWdMJBQIFAWR75e4djnw2uJpJOuoWvDpsLzlfckzqFegyFZ5nkfrM8qL53e2wmug==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D/an5skf72BBfgWqHZbKDQxDQs8uFQdDG5+4luZKkGY=; b=RgX2eS3nglS4xXqqSv3eYl1BjgJD81BG1EbT9pMLtE9EOVktyzHatFkoQGlFV7L9sliq/kJ8qzlSCDfn0iuXHiFhNIuQ90hPhNtxNqpwPPRvzhV6FDqZdAtQhmWHmM+v3pqBQvU87HPIBjLGVmQYDtMgrgsNWUvl3kJ9atuq9Mk=
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::11) by BN2P110MB1414.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:17f::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.21; Mon, 8 Jan 2024 19:54:32 +0000
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::364:96fe:e2d6:b29f]) by BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::364:96fe:e2d6:b29f%4]) with mapi id 15.20.7159.020; Mon, 8 Jan 2024 19:54:32 +0000
From: Roman Danyliw <rdd@cert.org>
To: Greg Mirsky <gregimirsky@gmail.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-detnet-oam-framework@ietf.org" <draft-ietf-detnet-oam-framework@ietf.org>, "detnet-chairs@ietf.org" <detnet-chairs@ietf.org>, "detnet@ietf.org" <detnet@ietf.org>, "lberger@labn.net" <lberger@labn.net>
Thread-Topic: Roman Danyliw's No Objection on draft-ietf-detnet-oam-framework-10: (with COMMENT)
Thread-Index: AQHaPoiRhrBijPSWkU2L8n8SWh5mx7DIvzUAgAeckNA=
Date: Mon, 08 Jan 2024 19:54:32 +0000
Message-ID: <BN2P110MB1107480A57047C3D69E30BE2DC6BA@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
References: <170431586860.37095.4851856862316260464@ietfa.amsl.com> <CA+RyBmXpiZ_3k10TJHq-KJaqLziUfrcUvGhk3k0-nV9LaVVT8g@mail.gmail.com>
In-Reply-To: <CA+RyBmXpiZ_3k10TJHq-KJaqLziUfrcUvGhk3k0-nV9LaVVT8g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN2P110MB1107:EE_|BN2P110MB1414:EE_
x-ms-office365-filtering-correlation-id: c5cdf3ad-3bfc-4553-b5e8-08dc1083a227
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: rtAk8rZwqETLz2LDQtjFO2tFJhewBV6cUB5AyrRf+Lf/JDfq9YX0J+jZSIeI8ZoHzynfMV9kqncgrlLbaiu05sFNFTUHvbDLEx1b3He/gvG53wcqBAz7OqhtEWbFZ4dpdJ8ib+G8+dkZiNkOo73Hryk+snNg6jbejHT8jeGyU2XrB+EoH9HOM6jHFqgm+M8D5tq90p970S9112sTbaDN12bSe2KMSJvUnPXm9LI6iaU7KDedJp9LJQJ1/59+2GCalHnOBEpcMTQAC8pdttZAL0UqVY1t7R2tkyFG+kFGWRT0VglIxJwN7pfqnhWNeOmUVdrIVC8pgPe9c8jVzBSam/qe42JxzhSUcZOl25lwQ0Kdat3FJQtqwcKvfTDqySCi8ajLEKifdwhKBPthqfs2uNRrIXk+rkv+m11wV8r14pqRgcO4OhUfb9OameECvUkSA9xZ/P7nMsfMyhbKknOy3WRLENMOIky+yOY5Fn228QgpYWjv52hS4YRM6TnrtWpYEIkAJVIaHfSqYZ22RxxmJLUSf5zCMyDrxJ0bVLMeQb0yNY8LCllIHqp6ktEBSWM/rLoc2akuuhPYHr/dwM1nRmJ69uhmW6dM6DaClkObTHRC2E4/Bh5iLSTf1LicLVcPEeHjg7RQHERuf2Kx5C30Nw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(396003)(39830400003)(366004)(136003)(230922051799003)(230173577357003)(230273577357003)(1800799012)(451199024)(186009)(64100799003)(6916009)(26005)(38100700002)(83380400001)(122000001)(166002)(82960400001)(54906003)(52536014)(41300700001)(8676002)(8936002)(71200400001)(5660300002)(2906002)(66476007)(4326008)(966005)(64756008)(7696005)(66446008)(9686003)(53546011)(66556008)(66946007)(76116006)(38070700009)(86362001)(6506007)(33656002)(508600001)(41320700001)(55016003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 3rLQdDvv+Ne48b7xK03rTTeHv4w24WZDQbjBVu1paAnogiqLY5hADDp1mOuhUq6+WQoxW+EhAXSngkVHvyC045QAi4xQmkEf2bPFMkWPa7kSZYHnF9P8aR8vj9qDOyOqIefKkJzoafEOKLb3HNCM/X5/eq1iE3M+Q4z70i/mDKA6Wzd5yiGUmsDbn6G2mLlDc63D0yZO6t6mCifoHIcGzgm5HjGLMHi0JkxSER4bcqFozcK83JgQ02sIN1BmIDXXaa0ZqUhdXwol8YPKqbNYiq/CqSX3s7KDdVM9P5rHnIbAiP0Q45C037WIB5IiwhPA/1H6pzDnPFbczmZhOAh2+jCl29xJtzvp2uC43WiV2xgTDNe2/9TKjI1IWWFnn8pkKLfH96hP0THlbUC98Z5fYXI6rD9ssMvmMhRfB0TuLGLGWlKvqShnPY34Bv36qg0lNAid9MBYu4XBzXg0svNdkbOgsIi1qH4kdrdrvzDYO5xveYz9qQn9YLpNjs4qgc/ohgCPljpdIwHeOiZtP8hYKQjdkP9Cz2YCsVNYtOnTlj81HINYuknR7KwpVJsgbSIfP0E51ob/1QICSc7NaqNejHJJFxK8A9SalGPdKeUoYFX+z25pX09B5Eq/L84TBePYapxzRWljbOpKqLZfYnuXa2Sh34niRy+PQEP9DvPy7XqohMSvWDR9OdSGH0nCNLXiy/xwOoafL26vAiuoKU1fOze+YyMSFT28v6mM7bOa4RMlnXlnVtlfxJLh1UBiowUar4EybwdG9LJpmAkyixbatsx02ywWhXzsqps8UlcsdUpAsUfl8OGWrDE442vvvHZnbDDktEV96gwf9gP/MqwqbQbSSweEU9a4IqzM++wIFeyawlWtuMPncXzCnGW+5LUyvbHyhHjwrHN3yIhRg08BaK6qAvZPq1749TQdWdjowEmNPCQeYQ7wq2y+/LXYHJK98ga9UL+8UGueunKkOzCtMLB2MievbGcuZDV2jKb3YhXz0h0FA0WasYtr8qwp4bSm9UU4g8zinyNUiYeSWNb1gGn/J82wIvB2q+khr+cRCqC9qw36Ur74D5NsSG9MhPcjUDpsMdgi+pOIHslFYWrIQX00ATCOETi2zyWKDcKc/RuVFcNlFPcCpfwoEFhOEozBEapia2j5e07jNkgWN9wIcodWi3RAPWF1sh7vu71be0X2WDM9TJXvF84VTBAIrfyjkou9ZZb5wCSpVU1+bOaOP5i38kMzsc+hkWnBpR7WAr4ZR+5MnoND8qsTc7huOLIG+MKV3pc7GZpkUQ0Ym34IQ/HbC7HX7NrWGLwsQ/c1lLMZKOpGTQbqA2ZwNFh0K6THneQvDSyiMUjXy3rS7HOdL2XjFCaTzFxJUncL3tDtC/snDrfVIxfTuDCr19GfoYFgzKNxkVCXb+vPb644g2oxbasMg2v2bTOZx7hAO0yos+Qee4HdJgfhbjNdLSzE3EfD7eVl92Ab403HQaNZBxajNO0UF7UCdmFjoazPaWmtWbw=
Content-Type: multipart/alternative; boundary="_000_BN2P110MB1107480A57047C3D69E30BE2DC6BABN2P110MB1107NAMP_"
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: c5cdf3ad-3bfc-4553-b5e8-08dc1083a227
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Jan 2024 19:54:32.6922 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB1414
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/D0Wk_4hMG28SHaNTX8yvx7WBrAU>
Subject: Re: [Detnet] Roman Danyliw's No Objection on draft-ietf-detnet-oam-framework-10: (with COMMENT)
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jan 2024 19:54:44 -0000

Hi Greg!

Thanks for the quick follow-up.  This new text looks good to me.

Roman

From: Greg Mirsky <gregimirsky@gmail.com>
Sent: Wednesday, January 3, 2024 6:40 PM
To: Roman Danyliw <rdd@cert.org>
Cc: The IESG <iesg@ietf.org>; draft-ietf-detnet-oam-framework@ietf.org; detnet-chairs@ietf.org; detnet@ietf.org; lberger@labn.net
Subject: Re: Roman Danyliw's No Objection on draft-ietf-detnet-oam-framework-10: (with COMMENT)

Warning: External Sender - do not click links or open attachments unless you recognize the sender and know the content is safe.

Hi Roman,
thank you for your comments helping to improve the document. Please find my notes below tagged by GIM>>.

Regards,
Greg

On Wed, Jan 3, 2024 at 1:04 PM Roman Danyliw via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote:
Roman Danyliw has entered the following ballot position for
draft-ietf-detnet-oam-framework-10: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-detnet-oam-framework/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

** Section 2.
   Many legacy OAM tools can be used in DetNet networks, but they are
   not able to cover all the aspects of deterministic networking.

What is a legacy tool?
GIM>> Yes, it is awkward. I propose the following re-wording of the paragraph:
OLD TEXT:
   Many legacy OAM tools can be used in DetNet networks, but they are
   not able to cover all the aspects of deterministic networking.
   Fulfilling strict guarantees is essential for DetNet flows, resulting
   in new DetNet-specific functionalities that must be covered with OAM.
   Filling these gaps is inevitable and needs accurate consideration of
   DetNet specifics.  Similar to DetNet flows themselves, their OAM
   needs careful end-to-end engineering as well.
NEW TEXT:
   Most of the existing OAM tools can be used in DetNet networks, but
   they can only cover some aspects of deterministic networking.
   Fulfilling strict guarantees is essential for DetNet flows, resulting
   in new DetNet-specific functionalities that must be covered with OAM.
   Filling these gaps is inevitable and needs accurate consideration of
   DetNet specifics.  Similar to DetNet flows, their OAM also needs
   careful end-to-end engineering.

** Section 2.

   For example, appropriate placing of MEPs along the path of a DetNet
   flow is not always a trivial task and may require proper design,
   together with the design of the service component of a given DetNet
   flow.

Agreed.  However, it seems me to that there is a missing sentence explicitly
linking OAM to placing these MEPs.
GIM>> I see the process of placing MEPs, i.e., configuring MEPs on a particular interfaces of a DetNet node, being a part of the overall process of OAM configuration that includes the configuration of OAM protocols. Is that the linking that you suggest to clarify in the text?

** Section 8.  This section seems to be missing mentioned that OAM mechanism
could be tampered with depending on their construction and that some OAM tools
are dual-use potentially enabling reconnaissance by an attacker.  These and
other topics are covered in the Security Considerations of RFC7276.
GIM>> Thank you the reference, added the following sentence:
NEW TEXT:
   Furthermore, the analysis of OAM security concerns in
   Section 6 of [RFC7276] also applies to DetNet OAM, including the use
   of OAM for network reconnaissance.

** Section 9.  The GENART reviewer (Mallory Knodel) also notes that OAM
mechanism can be used as the further basis of reconnaissance by fingerprinting
their features.
GIM>> Would the new sentence in Section 8 be sufficient to cover that concern?

v2.23.0 | Report a Bug | By Email