Re: [Detnet] WG adoption poll draft-sdt-detnet-security-01
"Maik Seewald (maseewal)" <maseewal@cisco.com> Wed, 13 September 2017 14:59 UTC
Return-Path: <maseewal@cisco.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E7FB1321C7 for <detnet@ietfa.amsl.com>; Wed, 13 Sep 2017 07:59:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.52
X-Spam-Level:
X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M7zB4Wm4GbpT for <detnet@ietfa.amsl.com>; Wed, 13 Sep 2017 07:59:07 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D04E13208E for <detnet@ietf.org>; Wed, 13 Sep 2017 07:59:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4671; q=dns/txt; s=iport; t=1505314746; x=1506524346; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=6ZvIWR4qCyqkBd9rO+/aNym+nuepmBCFDbO7oeyDF84=; b=jO7GkanmbGed5gtVNNIDaqxITHC570Dd+PZS4fPvThe2YOI3zHUn1X61 Ju7wUOMUObr2b3jjFdCTXjka4ItsTf7lh8ypiy0hL+BG4onrABbq9ELba ffiBGchMbLrhVNEoS+DK2bCEH8tMo0DkXHeOTD/EWUBFl4P0qHqNy4WE4 M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CkAQDrRrlZ/4sNJK1XBhkBAQEBAQEBAQEBAQcBAQEBAYNaZG4nB44RkCSBdJYmDoIEChgLhExPAoRVPxgBAgEBAQEBAQFrKIUYAQEBBAEBODQXBAIBCBEBAwEBAR4JBycLFAMGCAIEARIUih0Qr06LNQEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgycEggKBUIFiAYIbgQ2EOwkBEQIBAg40hU4FoHgClFCCE4VoinmVAgIRGQGBOAEfOIECC3cVSocbAXaHK4EPAQEB
X-IronPort-AV: E=Sophos;i="5.42,388,1500940800"; d="scan'208";a="292721437"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 13 Sep 2017 14:59:05 +0000
Received: from XCH-RTP-002.cisco.com (xch-rtp-002.cisco.com [64.101.220.142]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id v8DEx54Z029239 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 13 Sep 2017 14:59:06 GMT
Received: from xch-rtp-002.cisco.com (64.101.220.142) by XCH-RTP-002.cisco.com (64.101.220.142) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 13 Sep 2017 10:59:04 -0400
Received: from xch-rtp-002.cisco.com ([64.101.220.142]) by XCH-RTP-002.cisco.com ([64.101.220.142]) with mapi id 15.00.1263.000; Wed, 13 Sep 2017 10:59:04 -0400
From: "Maik Seewald (maseewal)" <maseewal@cisco.com>
To: "Grossman, Ethan A." <eagros@dolby.com>, Lou Berger <lberger@labn.net>, DetNet WG <detnet@ietf.org>
Thread-Topic: [Detnet] WG adoption poll draft-sdt-detnet-security-01
Thread-Index: AQHTK8CjeV1h4twrRUG+P7OfYx7As6KxwtAAgAGB3YCAAAokgA==
Date: Wed, 13 Sep 2017 14:59:04 +0000
Message-ID: <D5DF142A.64905%maseewal@cisco.com>
References: <006d7304-7d90-5b73-bcf2-61282bf2ac18@labn.net> <70b759f6aac2491a8daa6fa3fb6a4be6@DLB-XCHPW03.dolby.net> <D5DF0551.648BB%maseewal@cisco.com>
In-Reply-To: <D5DF0551.648BB%maseewal@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.6.150930
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.60.162.68]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <8DF9654C0F9F604894357F55A2B1FF30@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/TWI_Tq3qN1logVlj3cat_Zv1yJw>
Subject: Re: [Detnet] WG adoption poll draft-sdt-detnet-security-01
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 14:59:09 -0000
Yes/Support. I missed this in my previous mail. Cheers, Maik On 13.09.17, 16:22, "Maik Seewald (maseewal)" <maseewal@cisco.com> wrote: >Hello Ethan, > >Only a few comments on the use cases for the industries, especially in the >utility environment: > >- Especially in power automation, there is more and more regulation >including standards (e.g.: NERC CIP in North America) >- Availability and integrity are the most important security objectives >(and requirements), confidentiality and privacy are relevant if customer >or market data is involved >- Along these lines, there is a requirement for end-to-end security which >is already standardised (and implemented) for many automation and control >protocols (protecting the app layer and/or transport[typically using TLS]) >- Another security control which is also standardised and implemented is >segmentation (zones and conduits including access control) >- These are two trends any communication architecture need to deal with >- The requirements in industrial automation are quite similar, especially >in new scenarios such as Industry 4.0/Digital Factory where workflows and >protocols cross zones, segments, and entities >- IEC 62443 (ISA99) defines security for Industrial Automation and Control >Systems (IACS), typically for installations in the critical infrastructure >- It comprises domains such as industrial automation, oil&gas, and >electricity transmission and distribution; the foundational requirements >are a great source for industrial security > >Regarding the Detnet specifics, IMHO, it is imperative to protect the >network controller (wherever a controller is used) using strong security >controls and mitigation technologies. >A hacked/compromised controller would allow any disastrous (attack) >scenario. > >Cheers, >Maik > > > > >On 12.09.17, 19:21, "detnet on behalf of Grossman, Ethan A." ><detnet-bounces@ietf.org on behalf of eagros@dolby.com> wrote: > >>Thanks Lou, >>Yes/support. >> >>On behalf of the DetNet Security Design Team, we are pleased and excited >>about achieving workgroup adoption, and we look forward to input from the >>broader DetNet community. Below is our current list of items which we >>would like to address next in the draft - if anyone has additional >>suggestions or would like to help with the next release of the draft, >>which we are planning for IETF 100, please reply. >> >>1) We need to make another pass through every section to clean up loose >>ends, unify the writing style and flesh out some of the statements. >>2) Given that the Data Plane has been basically established, we need to >>extend the draft to address these specifics (e.g. implied by use of IPv6 >>and/or MPLS-PW). >>3) We believe it would be helpful to establish solid requirements before >>we can expect external reviewers to review this draft, so our intent is >>to take the various use case statements in the appendix and turn them >>into more formal statement of requirements that a reviewer could measure >>our draft against. >>4) We need to review and improve our threat model to reduce our chances >>of being blind-sided by threats we haven't addressed. >>5) The current structure of the document has some "unusual" things about >>it, for example the section about use cases in which there are statements >>that are phrased as questions (like "does the threat attack the timely >>arrival of packets?") - we need to come up with a better way to phrase >>this information. >> >>Best, >>Ethan Grossman >>DetNet Security Draft editor >> >>-----Original Message----- >>From: detnet [mailto:detnet-bounces@ietf.org] On Behalf Of Lou Berger >>Sent: Tuesday, September 12, 2017 5:14 AM >>To: DetNet WG <detnet@ietf.org> >>Cc: DetNet Chairs <detnet-chairs@ietf.org> >>Subject: [Detnet] WG adoption poll draft-sdt-detnet-security-01 >> >>All, >> >>This is start of a two week poll on making draft-sdt-detnet-security-01 a >>working group document. Please send email to the list indicating >>"yes/support" or "no/do not support". If indicating no, please state >>your reservations with the document. If yes, please also feel free to >>provide comments you'd like to see addressed once the document is a WG >>document. >> >>The poll ends Sep 26. >> >>Thanks, >> >>Lou (and Pat) >> >>_______________________________________________ >>detnet mailing list >>detnet@ietf.org >>https://www.ietf.org/mailman/listinfo/detnet >> >>_______________________________________________ >>detnet mailing list >>detnet@ietf.org >>https://www.ietf.org/mailman/listinfo/detnet >
- [Detnet] WG adoption poll draft-sdt-detnet-securi… Lou Berger
- Re: [Detnet] WG adoption poll draft-sdt-detnet-se… Grossman, Ethan A.
- Re: [Detnet] WG adoption poll draft-sdt-detnet-se… Pascal Thubert (pthubert)
- Re: [Detnet] WG adoption poll draft-sdt-detnet-se… Mach Chen
- Re: [Detnet] WG adoption poll draft-sdt-detnet-se… Maik Seewald (maseewal)
- Re: [Detnet] WG adoption poll draft-sdt-detnet-se… Patrick Wetterwald (pwetterw)
- Re: [Detnet] WG adoption poll draft-sdt-detnet-se… Maik Seewald (maseewal)
- Re: [Detnet] WG adoption poll draft-sdt-detnet-se… Andrew G. Malis
- Re: [Detnet] WG adoption poll draft-sdt-detnet-se… Loa Andersson
- Re: [Detnet] WG adoption poll draft-sdt-detnet-se… Rodney Cummings
- Re: [Detnet] WG adoption poll draft-sdt-detnet-se… Henrik Austad
- Re: [Detnet] WG adoption poll draft-sdt-detnet-se… Tal Mizrahi
- Re: [Detnet] WG adoption poll draft-sdt-detnet-se… János Farkas
- Re: [Detnet] WG adoption poll draft-sdt-detnet-se… Balázs Varga A
- Re: [Detnet] WG adoption poll draft-sdt-detnet-se… Jiangyuanlong
- Re: [Detnet] WG adoption poll draft-sdt-detnet-se… Lou Berger