Re: [Detnet] I-D Action: draft-ietf-detnet-security-07.txt
"Grossman, Ethan A." <eagros@dolby.com> Sat, 11 January 2020 04:06 UTC
Return-Path: <eagros@dolby.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5470C1200CC for <detnet@ietfa.amsl.com>; Fri, 10 Jan 2020 20:06:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dolby.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tr7Ir7lz_K0t for <detnet@ietfa.amsl.com>; Fri, 10 Jan 2020 20:06:51 -0800 (PST)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2123.outbound.protection.outlook.com [40.107.223.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D4121200C7 for <detnet@ietf.org>; Fri, 10 Jan 2020 20:06:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C9zJS7ErKTx1ahuLGYJp8zTsJ5GwWmAFTwHt8Z4mNA1MrPpnPjsxnY5cXa0+Pqaoc+1rIUVFwBC9s+zsmK/gwlSxsaNhJ1hK+ULkTSM4zVWSXTrujvfwUXkZYbK2OAahehvwzbXD+5rJtpWGBDyEh/JUXS0LrVwFGFsBF7S317wxZBolGmySt8GEbAu55rHZ4h4Gk4X2oq4J1h9bmg6MOe6mxUI1ZVdvWvTv5WAagBp/3jM0igc7+f5W3Hl6Lp72hyBx+ZyloxdNQ0woRpYOmJcZr/CfC2ZXxHVWxs/0WQkpEZAFJkZUGZUMnv0lVtU22Z+7/3cM8Kz10ATahXmPhQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AgEPrSClrlbBFWIwX33caZlpk6LfP2nZM/aoL0Tp+R0=; b=ZHpCIt6scEK5oxvTHDmeYb5FQ7+4pmDAUYOY8Indg8QIenMAoZub+XSchw/1/UVjJgk2leTeoTnbHGMn5S3A3hvAX/sPslv2KnlDILszeoj2rbOlDgEJra4ESSwyME400NIPMPTErl/BQ+4gB4FpNCE1gFFfJEWmhGqsZxijd13Tt+8qQ6rIje8woYn5CcN1VLDfX4VoVnLdnsQgwWSq8o6XZMpXZMdEuPjnm6MTV/BrWlwDphTlfxGAfTpbQ0LEptYWsqtRvkfCkbocl/lO7BTKy5olUX43SQWkLMEfOpQZexGeJfg75gIeJe6WPzCOqRf26GT+va/FsXcab7ZmUA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dolby.com; dmarc=pass action=none header.from=dolby.com; dkim=pass header.d=dolby.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dolby.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AgEPrSClrlbBFWIwX33caZlpk6LfP2nZM/aoL0Tp+R0=; b=lwsP4m0Igr5ZcD6TfzR6EzgcPKLCC8EVtfBS4PGnl4jRyMIp1tXBcBeCeWufRGQ58OEN4eiZ0TEW0IsQHQQWL2yFXef/VphaiGUXoyk18QKy52PeRfLRNHJn40U9HYkIX5GFSjZVEs7IakF0k+mXJIabikECtoAYTnHqhkFnurY=
Received: from BYAPR06MB4325.namprd06.prod.outlook.com (52.135.240.140) by BYAPR06MB6102.namprd06.prod.outlook.com (20.178.232.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2623.13; Sat, 11 Jan 2020 04:06:48 +0000
Received: from BYAPR06MB4325.namprd06.prod.outlook.com ([fe80::d4d3:b053:f4cd:48ce]) by BYAPR06MB4325.namprd06.prod.outlook.com ([fe80::d4d3:b053:f4cd:48ce%7]) with mapi id 15.20.2602.016; Sat, 11 Jan 2020 04:06:48 +0000
From: "Grossman, Ethan A." <eagros@dolby.com>
To: "detnet@ietf.org" <detnet@ietf.org>
Thread-Topic: [Detnet] I-D Action: draft-ietf-detnet-security-07.txt
Thread-Index: AQHVyDMEEgFr0FmYIkyQXZN+2Ar1Wafk1hIQ
Date: Sat, 11 Jan 2020 04:06:48 +0000
Message-ID: <BYAPR06MB4325CD5DA856C61C80534448C43B0@BYAPR06MB4325.namprd06.prod.outlook.com>
References: <157871494429.13146.1862940968112887138@ietfa.amsl.com>
In-Reply-To: <157871494429.13146.1862940968112887138@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-dg-ref: PG1ldGE+PGF0IG5tPSJib2R5LnR4dCIgcD0iYzpcdXNlcnNcZWFncm9zXGFwcGRhdGFccm9hbWluZ1wwOWQ4NDliNi0zMmQzLTRhNDAtODVlZS02Yjg0YmEyOWUzNWJcbXNnc1xtc2ctYzgzZDc5NzYtMzQyNy0xMWVhLWI5MTMtODRmZGQxM2NkNGNmXGFtZS10ZXN0XGM4M2Q3OTc4LTM0MjctMTFlYS1iOTEzLTg0ZmRkMTNjZDRjZmJvZHkudHh0IiBzej0iNDM3OSIgdD0iMTMyMjMxODkyMDY3MDAzNTExIiBoPSJ1MHRUMVF3d3lKZ3ZSY0tVMkV3enRidG13ZVE9IiBpZD0iIiBibD0iMCIgYm89IjEiLz48L21ldGE+
x-dg-rorf:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=eagros@dolby.com;
x-originating-ip: [73.70.15.21]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b9384f48-4205-4361-edc7-08d7964bae12
x-ms-traffictypediagnostic: BYAPR06MB6102:
x-microsoft-antispam-prvs: <BYAPR06MB6102B956E80AF1738149B634C43B0@BYAPR06MB6102.namprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5516;
x-forefront-prvs: 0279B3DD0D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(136003)(396003)(376002)(39850400004)(346002)(199004)(189003)(9686003)(55016002)(53546011)(966005)(8936002)(478600001)(26005)(316002)(86362001)(6506007)(81156014)(186003)(81166006)(8676002)(71200400001)(6916009)(2906002)(52536014)(76116006)(15650500001)(66574012)(66476007)(33656002)(66446008)(66946007)(7696005)(66556008)(5660300002)(64756008); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR06MB6102; H:BYAPR06MB4325.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: dolby.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6AOiYp9BG21sL/1tgR6KuvfBYl3iIVY+zb06Qpapi3K6LRYjgH0d/PJ2zcP+8ulgEmtHwh7DooKSJ5gA1mCj4lm5GgAzpORJiuZkX8eS5VEUSDZpDCUrn4Jrrk6X5ujHf9U7LADS3gLtGALIxxPhM7/0EyZDYijBR+36Es4R/IPzIhmVhJmbcB+4Ai70XduBMZZ63oIuk2ysOvuQ8ZB1drwnVYXO78jrv0KMXusxV6Z9anoiPpkOcmVlxGWIpslI5myOaMOLEYH9rOnDEnlbGzXp0m0c6eCQ/1I+kwFxwrRsgYyFdMAs1IrveVevChI9+6T10abHiQM4P9hG1715Z41VMDqLtn0IwajQ6R9EdcUxyrZ7B2I8seqgI5kgrxJHdINlF0xJ7g6RC9nHan9uXLgoj9K4XgeRe/8LJlj9i197f1tlBKRCw6F2Ij7mZJO88g54xiQYeyTt0IBJB9SLrySZU834Ds9Y7ulMBQsuNo70XS+KMrS/mAST4ZOLGYP4zP5umPiAkSNmAYWIzWaqPg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: dolby.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b9384f48-4205-4361-edc7-08d7964bae12
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jan 2020 04:06:48.1905 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 05408d25-cd0d-40c8-8962-5462de64a318
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: O7qf/QDhuqJFPYrc11VncpOL575GK0Xe2nB0dl1TNlqNFxq/hYe3xGf3VKUm1BcmaAPyAUI1oROHGstVPL/Ejg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR06MB6102
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/D6BIVOeUqPA11Ghgrq_1lzW7BO8>
Subject: Re: [Detnet] I-D Action: draft-ietf-detnet-security-07.txt
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jan 2020 04:06:54 -0000
Hi All, I made a pass through the draft, changelist is below. The changes were made in the github repository, so that history is there also. I have deferred the proposed potentially sweeping changes to the draft organization until we get the SecDir early review input. I hope that the current changes are not controversial but I will wait a few days before taking any next steps, e.g. starting WG LC or SecDir review, to see if I get any input from the WG on this version. Lacking any such input I will just plow ahead. Ethan (as Editor and Co-Author, DetNet Security Draft). ------- Changelist---------------- v07 2020-01-10 EAG Cut "security statements from drafts" (Appendix A). Add "Reader is assumed to be familiar with the other drafts". Limit scope to IP and MPLS. (i.e. cut TSN and references to future data planes) Incorporate comment from IETF 106 that flow ID and OAM are the relevant differentiators between MPLS and IP data planes. Note that MPLS is inherently more secure than IP since it is internal to routers. Add assumption of a "very well managed network (both data plane and control plane)" as a starting place for this draft. Incorporate some items from Stewart's review of 12/17/2019 and Henrik's comments 10Jan20. Replace "draft" with "document" where appropriate. Put in trivial text for "todo" sections. -------------------------------------- -----Original Message----- From: detnet <detnet-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org Sent: Friday, January 10, 2020 7:56 PM To: i-d-announce@ietf.org Cc: detnet@ietf.org Subject: [Detnet] I-D Action: draft-ietf-detnet-security-07.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Deterministic Networking WG of the IETF. Title : Deterministic Networking (DetNet) Security Considerations Authors : Tal Mizrahi Ethan Grossman Andrew J. Hacker Subir Das John Dowdell Henrik Austad Norman Finn Filename : draft-ietf-detnet-security-07.txt Pages : 40 Date : 2020-01-10 Abstract: A deterministic network is one that can carry data flows for real- time applications with extremely low data loss rates and bounded latency. Deterministic networks have been successfully deployed in real-time operational technology (OT) applications for some years. However, such networks are typically isolated from external access, and thus the security threat from external attackers is low. IETF Deterministic Networking (DetNet) specifies a set of technologies that enable creation of deterministic networks on IP-based networks of potentially wide area (on the scale of a corporate network) potentially bringing the OT network into contact with Information Technology (IT) traffic and security threats that lie outside of a tightly controlled and bounded area (such as the internals of an aircraft). These DetNet technologies have not previously been deployed together on a wide area IP-based network, and thus can present security considerations that may be new to IP-based wide area network designers. This document, intended for use by DetNet network designers, provides insight into these security considerations. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-detnet-security/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-detnet-security-07 https://datatracker.ietf.org/doc/html/draft-ietf-detnet-security-07 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-detnet-security-07 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ detnet mailing list detnet@ietf.org https://www.ietf.org/mailman/listinfo/detnet
- [Detnet] I-D Action: draft-ietf-detnet-security-0… internet-drafts
- Re: [Detnet] I-D Action: draft-ietf-detnet-securi… Grossman, Ethan A.