[Detnet] Roman Danyliw's Discuss on draft-ietf-detnet-mpls-11: (with DISCUSS and COMMENT)

Roman Danyliw via Datatracker <noreply@ietf.org> Tue, 08 September 2020 18:10 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-detnet-mpls@ietf.org, detnet-chairs@ietf.org, detnet@ietf.org, Ethan Grossman <eagros@dolby.com>, eagros@dolby.com
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <159958865571.6798.11039232880316596486@ietfa.amsl.com>
Date: Tue, 08 Sep 2020 11:10:55 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/SJWIkEU14c8B0D5KDdNRrNgjtak>
Subject: [Detnet] Roman Danyliw's Discuss on draft-ietf-detnet-mpls-11: (with DISCUSS and COMMENT)

Roman Danyliw has entered the following ballot position for
draft-ietf-detnet-mpls-11: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-detnet-mpls/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

** (Discuss-discuss) Section 6.  Per “To prevent DetNet packets from being
delayed by an entity external to a DetNet domain, DetNet technology definition
can allow for the mitigation of MiTM attacks, for example through the use of
authentication and authorization of devices within the DetNet domain”, can this
attack scenario or the appropriate mitigation be clarified.  If packets are
coming from or going across the DetNet boundary how can any assurances be made?
 What is architecture element is the “MiTM” (relay? transit? per Figure 2)?


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

** Section 4.2.2.  To confirm, if ACH and GAL are used instead of d-CW, then
only 16-bit sequence numbers are supported?

** Section 6.  Per “Achieving such loss rates and bounded latency may not be
possible in the face of a … Internet Thread Model BCP72”, I concur with this
analysis.  However, as the applicability statement of DetNet is not the
internet, but (I thought) enterprise IT and OT networks, it might worth
reiterating this reduced scope and framing this text around the attacker
capabilities.

** Section 6.  Per the reduced scope attacker being capable of “control[ing] a
network node within the boundary of the DetNet domain”, are these nodes in
question limited to end systems, or would they also include relay/transit nodes
(per Figure 2)?  If it is the latter, then these seem like they would have the
ability to arbitrarily drop or delay packets cross their paths just like a
BCP72 attacker, so why make the distinction?  If it is the former, then the
paragraph after this one suggesting IPSec and MacSec doesn’t seem to be
mitigating a threat posed by a compromised end system.

** Section 6.  Per “The primary consideration for DetNet data plane is to
maintain integrity … and delivery …”, this framing suggests that integrity and
availability are the key concerns.  However, the paragraph prior, seemed to
frame that only availability with the key issue.

** Section 6.  Per “Application flows can be protected through whatever means
are provided by the underlying technology”, what is the scope of “underlying
technology”, is that an application concern?  Or a DetNet data or control plan
concern?  The text isn’t clear on who’s responsibility it is to provide these
services (IPSec or MacSec), or what assumptions the application can make?  IMO,
the clearer statement to make is that MPLS doesn’t provide any native security
services to account for confidentiality and integrity.

** Section 6.  Per “From a data plane perspective this document does not add or
modify any header information.”, to be clear, does this text mean
“_application_ header information”?  I’d recommend being clear.

** Section 6. Please s/for the mitigation of Man-In-The-Middle attackers/for
the mitigation of on-path attackers/

** Editorial Nits:

Section 1.  Editorial.  s/different network technologies is/different network
technologies are/

Section 2.1.  Editorial.  S-Label definition.  Doesn’t “… that implement also
the DetNet service sub-layer functions” say the same things as “An S-Label is
also used to identify a DetNet flow at DetNet service sub-layer …”?  I’m not
sure you need the “… that implement [sic] also the DetNet …” phrase at the end
of the first sentence.

Section 4.1.  Editorial.  This section opens with a list of 6 requirements. 
The paragraphs below this list begin explaining how these requirements are met.
 It was helpful that the text explicitly called out how “(1) and (2) in the
list above” were satisfied.  This convention was not followed for items 3 – 6.

Section 4.2.1.  Editorial.  Explain “S/N” (Sequence Number) on first use.

Section 4.3.  Editorial.  s/0X1/0x1/

Section 4.4.  s/this documents/this document/

Section 5.2.  Typo.  s/paramters/parameters/

Section 6.  Typo. s/the the/the/

[Detnet] Roman Danyliw's Discuss on draft-ietf-de… Roman Danyliw via Datatracker
Re: [Detnet] Roman Danyliw's Discuss on draft-iet… Stewart Bryant
Re: [Detnet] Roman Danyliw's Discuss on draft-iet… Roman Danyliw
Re: [Detnet] Roman Danyliw's Discuss on draft-iet… Balázs Varga A