IETF Logo Mail Archive

Re: [Detnet] WG adoption poll draft-sdt-detnet-security-01

"Maik Seewald (maseewal)" <maseewal@cisco.com> Wed, 13 September 2017 14:59 UTC

Return-Path: <maseewal@cisco.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E7FB1321C7 for <detnet@ietfa.amsl.com>; Wed, 13 Sep 2017 07:59:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.52
X-Spam-Level:
X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M7zB4Wm4GbpT for <detnet@ietfa.amsl.com>; Wed, 13 Sep 2017 07:59:07 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D04E13208E for <detnet@ietf.org>; Wed, 13 Sep 2017 07:59:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4671; q=dns/txt; s=iport; t=1505314746; x=1506524346; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=6ZvIWR4qCyqkBd9rO+/aNym+nuepmBCFDbO7oeyDF84=; b=jO7GkanmbGed5gtVNNIDaqxITHC570Dd+PZS4fPvThe2YOI3zHUn1X61 Ju7wUOMUObr2b3jjFdCTXjka4ItsTf7lh8ypiy0hL+BG4onrABbq9ELba ffiBGchMbLrhVNEoS+DK2bCEH8tMo0DkXHeOTD/EWUBFl4P0qHqNy4WE4 M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CkAQDrRrlZ/4sNJK1XBhkBAQEBAQEBAQEBAQcBAQEBAYNaZG4nB44RkCSBdJYmDoIEChgLhExPAoRVPxgBAgEBAQEBAQFrKIUYAQEBBAEBODQXBAIBCBEBAwEBAR4JBycLFAMGCAIEARIUih0Qr06LNQEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgycEggKBUIFiAYIbgQ2EOwkBEQIBAg40hU4FoHgClFCCE4VoinmVAgIRGQGBOAEfOIECC3cVSocbAXaHK4EPAQEB
X-IronPort-AV: E=Sophos;i="5.42,388,1500940800"; d="scan'208";a="292721437"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 13 Sep 2017 14:59:05 +0000
Received: from XCH-RTP-002.cisco.com (xch-rtp-002.cisco.com [64.101.220.142]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id v8DEx54Z029239 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 13 Sep 2017 14:59:06 GMT
Received: from xch-rtp-002.cisco.com (64.101.220.142) by XCH-RTP-002.cisco.com (64.101.220.142) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 13 Sep 2017 10:59:04 -0400
Received: from xch-rtp-002.cisco.com ([64.101.220.142]) by XCH-RTP-002.cisco.com ([64.101.220.142]) with mapi id 15.00.1263.000; Wed, 13 Sep 2017 10:59:04 -0400
From: "Maik Seewald (maseewal)" <maseewal@cisco.com>
To: "Grossman, Ethan A." <eagros@dolby.com>, Lou Berger <lberger@labn.net>, DetNet WG <detnet@ietf.org>
Thread-Topic: [Detnet] WG adoption poll draft-sdt-detnet-security-01
Thread-Index: AQHTK8CjeV1h4twrRUG+P7OfYx7As6KxwtAAgAGB3YCAAAokgA==
Date: Wed, 13 Sep 2017 14:59:04 +0000
Message-ID: <D5DF142A.64905%maseewal@cisco.com>
References: <006d7304-7d90-5b73-bcf2-61282bf2ac18@labn.net> <70b759f6aac2491a8daa6fa3fb6a4be6@DLB-XCHPW03.dolby.net> <D5DF0551.648BB%maseewal@cisco.com>
In-Reply-To: <D5DF0551.648BB%maseewal@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.6.150930
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.60.162.68]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <8DF9654C0F9F604894357F55A2B1FF30@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/TWI_Tq3qN1logVlj3cat_Zv1yJw>
Subject: Re: [Detnet] WG adoption poll draft-sdt-detnet-security-01
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2017 14:59:09 -0000

Yes/Support.

I missed this in my previous mail.

Cheers, Maik

On 13.09.17, 16:22, "Maik Seewald (maseewal)" <maseewal@cisco.com> wrote:

>Hello Ethan,
>
>Only a few comments on the use cases for the industries, especially in the
>utility environment:
>
>- Especially in power automation, there is more and more regulation
>including standards (e.g.: NERC CIP in North America)
>- Availability and integrity are the most important security objectives
>(and requirements), confidentiality and privacy are relevant if customer
>or market data is involved
>- Along these lines, there is a requirement for end-to-end security which
>is already standardised (and implemented) for many automation and control
>protocols (protecting the app layer and/or transport[typically using TLS])
>- Another security control which is also standardised and implemented is
>segmentation (zones and conduits including access control)
>- These are two trends any communication architecture need to deal with
>- The requirements in industrial automation are quite similar, especially
>in new scenarios such as Industry 4.0/Digital Factory where workflows and
>protocols cross zones, segments, and entities
>- IEC 62443 (ISA99) defines security for Industrial Automation and Control
>Systems (IACS), typically for installations in the critical infrastructure
>- It comprises domains such as industrial automation, oil&gas, and
>electricity transmission and distribution; the foundational requirements
>are a great source for industrial security
>
>Regarding the Detnet specifics, IMHO, it is imperative to protect the
>network controller (wherever a controller is used) using strong security
>controls and mitigation technologies.
>A hacked/compromised controller would allow any disastrous (attack)
>scenario.
>
>Cheers,
>Maik 
> 
>
>
>
>On 12.09.17, 19:21, "detnet on behalf of Grossman, Ethan A."
><detnet-bounces@ietf.org on behalf of eagros@dolby.com> wrote:
>
>>Thanks Lou, 
>>Yes/support. 
>>
>>On behalf of the DetNet Security Design Team, we are pleased and excited
>>about achieving workgroup adoption, and we look forward to input from the
>>broader DetNet community. Below is our current list of items which we
>>would like to address next in the draft - if anyone has additional
>>suggestions or would like to help with the next release of the draft,
>>which we are planning for IETF 100, please reply.
>>
>>1) We need to make another pass through every section to clean up loose
>>ends, unify the writing style and flesh out some of the statements.
>>2) Given that the Data Plane has been basically established, we need to
>>extend the draft to address these specifics (e.g. implied by use of IPv6
>>and/or MPLS-PW).
>>3) We believe it would be helpful to establish solid requirements before
>>we can expect external reviewers to review this draft, so our intent is
>>to take the various use case statements in the appendix and turn them
>>into more formal statement of requirements that a reviewer could measure
>>our draft against.
>>4) We need to review and improve our threat model to reduce our chances
>>of being blind-sided by threats we haven't addressed.
>>5) The current structure of the document has some "unusual" things about
>>it, for example the section about use cases in which there are statements
>>that are phrased as questions (like "does the threat attack the timely
>>arrival of packets?") - we need to come up with a better way to phrase
>>this information.
>>
>>Best,
>>Ethan Grossman
>>DetNet Security Draft editor
>>
>>-----Original Message-----
>>From: detnet [mailto:detnet-bounces@ietf.org] On Behalf Of Lou Berger
>>Sent: Tuesday, September 12, 2017 5:14 AM
>>To: DetNet WG <detnet@ietf.org>
>>Cc: DetNet Chairs <detnet-chairs@ietf.org>
>>Subject: [Detnet] WG adoption poll draft-sdt-detnet-security-01
>>
>>All,
>>
>>This is start of a two week poll on making draft-sdt-detnet-security-01 a
>>working group document. Please send email to the list indicating
>>"yes/support" or "no/do not support".  If indicating no, please state
>>your reservations with the document.  If yes, please also feel free to
>>provide comments you'd like to see addressed once the document is a WG
>>document.
>>
>>The poll ends Sep 26.
>>
>>Thanks,
>>
>>Lou (and Pat)
>>
>>_______________________________________________
>>detnet mailing list
>>detnet@ietf.org
>>https://www.ietf.org/mailman/listinfo/detnet
>>
>>_______________________________________________
>>detnet mailing list
>>detnet@ietf.org
>>https://www.ietf.org/mailman/listinfo/detnet
>

v2.23.0 | Report a Bug | By Email