Re: [Detnet] I-D Action: draft-ietf-detnet-security-11.txt
"Grossman, Ethan A." <eagros@dolby.com> Sat, 15 August 2020 03:28 UTC
Return-Path: <eagros@dolby.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 021D73A0C64 for <detnet@ietfa.amsl.com>; Fri, 14 Aug 2020 20:28:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dolby.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zMoBahRQuNUW for <detnet@ietfa.amsl.com>; Fri, 14 Aug 2020 20:28:50 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2113.outbound.protection.outlook.com [40.107.93.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 553573A0C53 for <detnet@ietf.org>; Fri, 14 Aug 2020 20:28:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K1SAOZ4T1EVKlqawJ1Alxxtt9SKu17jf7ERNmTfpzIq9DaP3UQplARdrjMflovbOsw2GDNbV4p9WoAfCrxq2Nq0WWA7e3j/5N3kbz6q3xGvp048qsE3BhgtkJfyMOSvOu9BLpZ2SlUCFTJMdQWZhw3B6ZdYjnl6PXcN4ibJapXdqNBVhsgWHO9EXAYTma+xMviS4oMXxgLxd3dJkCesySn/v2OcI65R+do3dos0sWlMJxLsBSWO9e9WByfLaC19j/mv1cL7folhvGXt9x0KqUq9OBTafusrOuJcIYlqO561DOzAc4dHJXmR1DaNJFc6iSL6p106VMg37b8QFieOwkw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=blBcQY/OQtlNm0nzsYDGxtlWvJXZijyd4hEOEiotXxI=; b=PsFR44NRMpSAaC5tsZ+3q+VDU6Ll2NpGPXeT9heWmVAwY+RLioIvUQWPRz/M/vzIjhih6xSxDD8Hc98azOVkADxfPR6e+XbYeTznTfxsiXh7bJ11TbK04uRksn9l4ZPK1VPGn9XUVGUGxMkKuuLrloStwQofPlO7Ym6Nic4lQRKgjiJoIbiM7Pih2Aau0vIU7mMgmy+0KxVT+VZ3X9XbVFYmMpWv/lXLqdPuDbydtHnR4iTN2U2CrmJg6rPSkAgg5E0e+Y3fyA8GYYCTr6SdK/MkmvlTcmIOJR1hex87SJkJPYBAYdgzcmczEg9U0aoWAVtkr2kU8WIRMhqBEN3hvg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dolby.com; dmarc=pass action=none header.from=dolby.com; dkim=pass header.d=dolby.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dolby.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=blBcQY/OQtlNm0nzsYDGxtlWvJXZijyd4hEOEiotXxI=; b=KcVlluFMVjQLiyWtRuySNvki/OXSv3SDBd+KuHvPWeCgkcYuE7FGoHPbbwqwxFCvMJ+2c7kzHT6PW3NhlX0LidRyO+OsiXi6iE7KcBDkdFgnJFWQB8P+eEfcei6Wyuyb7v2gosESKRtjsDeKWb0VkZMASPBEnn7OZqaRe8gQrfc=
Received: from BY5PR06MB6611.namprd06.prod.outlook.com (2603:10b6:a03:23d::20) by BYAPR06MB5992.namprd06.prod.outlook.com (2603:10b6:a03:15c::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.20; Sat, 15 Aug 2020 03:28:43 +0000
Received: from BY5PR06MB6611.namprd06.prod.outlook.com ([fe80::59d0:9610:aeb8:ca84]) by BY5PR06MB6611.namprd06.prod.outlook.com ([fe80::59d0:9610:aeb8:ca84%4]) with mapi id 15.20.3283.018; Sat, 15 Aug 2020 03:28:43 +0000
From: "Grossman, Ethan A." <eagros@dolby.com>
To: "detnet@ietf.org" <detnet@ietf.org>
Thread-Topic: [Detnet] I-D Action: draft-ietf-detnet-security-11.txt
Thread-Index: AQHWcrErrrNP/b8HS0GLPoxfaKilCqk4fvRg
Date: Sat, 15 Aug 2020 03:28:43 +0000
Message-ID: <BY5PR06MB6611F5D0FF62B63C19275F24C4410@BY5PR06MB6611.namprd06.prod.outlook.com>
References: <159746077906.4260.5617972590705797968@ietfa.amsl.com>
In-Reply-To: <159746077906.4260.5617972590705797968@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=dolby.com;
x-originating-ip: [104.129.202.56]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 027e20d0-8f61-49fd-d31e-08d840cb4fcd
x-ms-traffictypediagnostic: BYAPR06MB5992:
x-microsoft-antispam-prvs: <BYAPR06MB5992A77CF869D8A164002907C4410@BYAPR06MB5992.namprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6D1J2CqbaYzrmJgcv6CxyQWE4Fax88i2LwkNo7ms46t+Bc3EsxH8pB6APDdMwXPUtUT1s0FiytJJhfJNpm5GS+BzxjQF0CMgfLYmlKbHZ7kvUxoSOqQ35sOu5oX6ISWR4HmOllUjU6G0oPXGpGWIopStNJJ/Azg5q3ZwgojbeZK8peVUJbEKCn1fWzT8QmObE8CMFGKkGzADNi/LNAB0OSSSV50i45hBvZDAZ6bztiK8wckT8ROYttcaCM8/qttf/xMjK97gC8d5LR5k/JN2D61ZgZBI0Zoh47DyftbqWwI/x2m7Gn3iUhoq2yJ1uFrZvNRskdRRgAQ+Qg879Hzezp4bFdb2usvcVU6CO18DtGUUXd8Wrt2XppArVY0atfTc9kO22L4NPXPrrQByU9XsEw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR06MB6611.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(366004)(346002)(376002)(136003)(39850400004)(6506007)(8936002)(66946007)(53546011)(83380400001)(9686003)(2906002)(186003)(76116006)(26005)(55236004)(8676002)(7696005)(478600001)(15650500001)(52536014)(5660300002)(55016002)(966005)(66476007)(64756008)(66446008)(66574015)(33656002)(71200400001)(66556008)(86362001)(316002)(6916009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: EpEeExj/h0g6Lv+go3mSidZcxRbphAyCz5AL7ruxzz2V2LUwdLn0ke6MF51kIW0tHk5Kuq+IcBIwJSQDwVawe1G+dBwra9JL0nPDTevXwEhby5A58wThOSUHhOoBiXH+yPueK4qPrsdc5jdHZ1QO9bp9Ndq4MJ4b3KiyQKnVo7gzqWQtpm8dejbUTs7ZWN8BsSt9dPnvB/dLlaesj2wwGYuNcdEq5gZvO+eGLpP5Jj5sxutP7yAnjUvTWIsgNGAd9Rh7l39atIY4ch7PyaAAGwy4GPnzYDVzHgGHA301GFtXkgMJAHdDE1ZBTpj1KYNv2JIO9p5O0rgfdYnCJb4H0/1pg1OPpThg04TUdrqFkzsuNKt804byt/nsI9Yz/SWr7Gto5KfZPAJGgcunLICeRNgsIRhU1xG7hDroYCekCGOkChSJhmoIn7m54+0N6LoagdSHVfehck/HqO0N3uczeU74Mmu3M0bNaINoEgIhmHD2Qzi/iQjrwXxpFiDYyYaFz8orQnWA5ArBLg4MIYYhpVmPijYZUi2J4IRM0XisKfg1+eiF4J9oPrNabUbgOSedN5sKIRyA2hqQSjZTc12oRcz78MihqbwAoh+UY7+iKTojSGVFHfhEtHn744DaLiSEhkH7fS5QMvmA0sTrJtZNkQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: dolby.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR06MB6611.namprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 027e20d0-8f61-49fd-d31e-08d840cb4fcd
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Aug 2020 03:28:43.2939 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 05408d25-cd0d-40c8-8962-5462de64a318
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: B82IIN8GQqo7GGsk7RUSePqZjqvYg5OEuC9g3eoqVCUTCBbY81E38xpfFwGuhDJ9G0o9zWhzrrm5/Ux79FBf0A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR06MB5992
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/__f3Yme-VwKGBbhwjNU_DzF1dqQ>
Subject: Re: [Detnet] I-D Action: draft-ietf-detnet-security-11.txt
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Aug 2020 03:28:52 -0000
Hi All, I made a pass through the Security draft to address as many of Adrian's comments as I could do single-handedly (45 comments). There remain 23 comments that I deferred for the next pass, to be completed with help from "the usual suspects" as Stewart said. I think this draft 11 makes a better starting place for that work compared to going from draft 10. I will send the two lists (comments completed in draft 11 (below), and those deferred to draft 12) via separate emails. As always, any WG input on any of the comments (complete or deferred) would be appreciated. Thanks, Ethan (as Editor, DetNet Security Considerations draft) -----Original Message----- From: detnet <detnet-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org Sent: Friday, August 14, 2020 8:06 PM To: i-d-announce@ietf.org Cc: detnet@ietf.org Subject: [Detnet] I-D Action: draft-ietf-detnet-security-11.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Deterministic Networking WG of the IETF. Title : Deterministic Networking (DetNet) Security Considerations Authors : Tal Mizrahi Ethan Grossman Filename : draft-ietf-detnet-security-11.txt Pages : 46 Date : 2020-08-14 Abstract: A DetNet (deterministic network) provides specific performance guarantees to its data flows, such as extremely low data loss rates and bounded latency. As a result, securing a DetNet requires that in addition to the best practice security measures taken for any mission-critical network, additional security measures may be needed to secure the intended operation of these novel service properties. This document addresses DetNet-specific security considerations from the perspectives of both the DetNet system-level designer and component designer. System considerations include a threat model, taxonomy of relevant attacks, and associations of threats versus use cases and service properties. Component-level considerations include ingress filtering and packet arrival time violation detection. This document also addresses DetNet security considerations specific to the IP and MPLS data plane technologies thereby complementing the Security Considerations sections of the various DetNet Data Plane (and other) DetNet documents. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-detnet-security/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-detnet-security-11 https://datatracker.ietf.org/doc/html/draft-ietf-detnet-security-11 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-detnet-security-11 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ detnet mailing list detnet@ietf.org https://www.ietf.org/mailman/listinfo/detnet
- [Detnet] I-D Action: draft-ietf-detnet-security-1… internet-drafts
- Re: [Detnet] I-D Action: draft-ietf-detnet-securi… Grossman, Ethan A.
- Re: [Detnet] I-D Action: draft-ietf-detnet-securi… Grossman, Ethan A.
- Re: [Detnet] I-D Action: draft-ietf-detnet-securi… Grossman, Ethan A.