[Detnet] Roman Danyliw's No Objection on draft-ietf-detnet-bounded-latency-09: (with COMMENT)

Roman Danyliw via Datatracker <noreply@ietf.org> Wed, 06 April 2022 13:22 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-detnet-bounded-latency@ietf.org, detnet-chairs@ietf.org, detnet@ietf.org, lberger@labn.net, lberger@labn.net
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <164925136787.30316.10450416343702279248@ietfa.amsl.com>
Date: Wed, 06 Apr 2022 06:22:47 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/LcO2T6A5wlivJp3MZMDU_P0eruw>
Subject: [Detnet] Roman Danyliw's No Objection on draft-ietf-detnet-bounded-latency-09: (with COMMENT)

Roman Danyliw has entered the following ballot position for
draft-ietf-detnet-bounded-latency-09: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-detnet-bounded-latency/

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you to Watson Ladd for the SECDIR review.

** Section 8. It wasn’t clear to me that outright control of a resource (e.g.,
relay) was needed impact the latency bound calculation. Recommending a bit
more flexibility on what an attack would take:

OLD
but may have the
ability to control some resources within the boundary of the DetNet
domain.

NEW

but may have the ability to control or change the behavior of some resources
within the boundary of the DetNet domain.

** Section 8.

An example of such attacks is to make some
traffic sources under the control of the attacker send more traffic
than their assumed T-SPECs. This type of attack is typically avoided
by ingress conditioning at the edge of a DetNet domain

If a traffic source _in the DetNet_ is induced to send more than their T-SPEC,
how does ingress conditioning at the edge help with mitigation? This DetNet
node is already in the DetNet domain.

** Section 8. Figure 1 presented a taxonomy of delays (#1 – 6) for the timing
model. It would be helpful to explicitly extend this taxonomy to a threat
analysis, or to rule out that mitigating certain threats are out of scope. For
example:

-- 1: Output delay: ?
-- 2: Link delay: somewhat covered by the discussion of timing; and violating
T-SPECs. -- 3: Frame preemption delay: ? -- 4: Processing delay: ? -- 5:
Regulation delay: ? -- 6: Queuing delay: covered by “Some queuing mechanisms
require time synchronization and operate correctly only if the time
synchronization works correctly ...”

[Detnet] Roman Danyliw's No Objection on draft-ie… Roman Danyliw via Datatracker
Re: [Detnet] Roman Danyliw's No Objection on draf… Mohammadpour Ehsan