Re: [Detnet] Benjamin Kaduk's Discuss on draft-ietf-detnet-security-13: (with DISCUSS and COMMENT)

Ethan Grossman <> Thu, 28 January 2021 23:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B25B83A0CB1 for <>; Thu, 28 Jan 2021 15:08:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.349
X-Spam-Status: No, score=-2.349 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id J2J_IJ2KaWBW for <>; Thu, 28 Jan 2021 15:08:04 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 66B0C3A0CC1 for <>; Thu, 28 Jan 2021 15:08:04 -0800 (PST)
Received: by with SMTP id o16so5330442pgg.5 for <>; Thu, 28 Jan 2021 15:08:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=reply-to:from:to:cc:references:in-reply-to:subject:date :organization:message-id:mime-version:content-transfer-encoding :thread-index:content-language; bh=KS/vJ7UaUvxFisx1iZlMWP8JsrXVIAuJTAqmpUdBvXQ=; b=BvLzGzML3OJ0Kf4Rwk94j2cRYwiIvdble4f+0Y83NIgDgE8YHsfMvMWQKxD/We/IfJ wU7qIOFSApVCSseAWQt2+dxWWxSWzzerl43rc5lPM/rYthGpywta/f+J9ICt1Lunw5WN irGIDlGRofeoe78fH8cr8Lr/SOtawOH2LM3t8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:reply-to:from:to:cc:references:in-reply-to :subject:date:organization:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=KS/vJ7UaUvxFisx1iZlMWP8JsrXVIAuJTAqmpUdBvXQ=; b=ewloWGzFUsYFZM6+Xt2roq8DMoTO74SVg8dT6EPn66yXIPD3dUPNNwXmnE0q6yNWBU AgF4WbDnOgxF44yJZ5m8cDOtSm+hWVMA6IvA6KF17ezK2jiW4JrGc9jRI95Sujcrh64m Xjh4kFLui5c/bnIPya1JUkEmwfbtbwUuQjv3N69Eh4HG7R2GHErBe7oUcNVlFJ8CAXdm 2N8bBf5M9Tx6mKBWCflOKqQYTY8vhUTqe14yJtpkHaGdPuSpnZU9XnsqB5MPBfewu+05 K395UVdOxUkKlKaxF6l/dSuXPOSh1/ThuH7yP5YFS6O2tSzMqub3zKbt091/o5PSV83x OfKQ==
X-Gm-Message-State: AOAM5308b+StXBDJpFyy3PQCkxIdybXEj99qZ6m9qTi65Bnp1VMk813I wAPsqVZ/ypt69CHD1BFD1nTLnQVr9zSSWg==
X-Google-Smtp-Source: ABdhPJySrCEufLWj9ULKXBvLJn3sWjGPMc4e/hkKQFiBZgbtg6T4HVp9Cd484I0qgKeaXrKVMKGRbw==
X-Received: by 2002:a63:ca45:: with SMTP id o5mr1673266pgi.48.1611875283073; Thu, 28 Jan 2021 15:08:03 -0800 (PST)
Received: from DESKTOPC435DDQ ( []) by with ESMTPSA id 68sm6374711pfe.33.2021. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 28 Jan 2021 15:08:02 -0800 (PST)
Reply-To: <>
From: "Ethan Grossman" <>
To: "'Benjamin Kaduk'" <>, "'The IESG'" <>
Cc: <>, <>, <>, "'Lou Berger'" <>
References: <>
In-Reply-To: <>
Date: Thu, 28 Jan 2021 15:07:59 -0800
Organization: Coast Computer Design
Message-ID: <017301d6f5ca$6c9b14f0$45d13ed0$>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQLstPJB0Gg+GEkCWHtcf6fNy+sp9qgSI0Nw
Content-Language: en-us
Archived-At: <>
Subject: Re: [Detnet] Benjamin Kaduk's Discuss on draft-ietf-detnet-security-13: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 28 Jan 2021 23:08:08 -0000

Hello Benjamin, 
Thank you for your considered review comments. Our dispositions of them are below, inline, prefixed with the individual author's name who addressed them (EAG (me), Tal, or Henrik). If you have any further thoughts on our dispositions or the draft in general, please don't hesitate to let us know. 
Ethan (as Editor, DetNet Security Considerations draft)

-----Original Message-----
From: Benjamin Kaduk via Datatracker <> 
Sent: Thursday, January 7, 2021 7:03 AM
To: The IESG <>
Cc:;;; Lou Berger <>et>;
Subject: Benjamin Kaduk's Discuss on draft-ietf-detnet-security-13: (with DISCUSS and COMMENT)

We say that we adhere to the guidelines of RFC 3552, yet we do not mention that it may be impossible to achieve our goals "in the face of a highly capable adversary, such as the one envisioned by the Internet Threat Model of BCP 72 [RFC3552] that can arbitrarily drop or delay any or all traffic" (to quote from a recent DetNet RFC that does cover this topic, RFC 8939).  I think that in order to fully adhere to RFC 3552, we need to be more explicit about how we have to assume a reduced attacker capability set in order to make any progress at all.  A good place for this discussion would be near where we state that security a DetNet starts with a scrupulously well-designed and well-managed engineered network in Section 1 -- the goal of having the well-managed network is to exclude some of the more powerful adversary capabilities from the Internet Threat Model.

--> EAG added text: 
"Starting with a "well-managed network" as noted above enables us to exclude some of the
 more powerful adversary capabilities from the Internet Threat Model of BCP 72 (<xref
 target="RFC3552"/>), such as the ability to arbitrarily drop or delay any or all traffic.
 Given this reduced attacker capability, we can present security considerations based on
 attacker capabilities that are more directly relevant to a DetNet."
I agree with the secdir reviewer that additional linkage between threats that the potential mitigations for them would be useful, albeit somewhat time-consuming to add.

EAG: We did spend some time on those sections as a result of Yaron's comments; these will be incorporated into the next draft version (14). 

This is much-improved from the last time I looked at it; thank you for continuing to make improvements!  I do still have a sizeable number of comments, though; hopefully they will help to make further improvements.

EAG: Thank you for this contribution, much appreciated. 

I suspect that we would do well to reiterate the theme that has appeared in the security considerations of the several most recent detnet RFCs, along the lines of "achieving the goals of detnet may not be possible in the face of a highly capable adversary, such as the one envisioned by the Internet Threat Model of BCP 72 [RFC3552] that can arbitrarily drop or delay any or all traffic", especially since we say that we otherwise adhere to RFC 3552's guidelines.  A good place for this discussion would be near where we state that security a DetNet starts with a scrupulously well-designed and well-managed engineered network in Section 1 -- the goal of having the well-managed network is to exclude some of the more powerful adversary capabilities from the Internet Threat Model.  We should say that explicitly.

--> EAG (added text as noted above). 

Section 2
   Resource Segmentation Used as a more general form for Network
nit: missing colon

--> EAG OK done. 

Section 3.3
   be protected by using MACsec [IEEE802.1AE-2018].  Similary, from the
   sequence number injection perspective, it is no different from any
   other protocols that use sequence numbers.
Many other protocols that use sequence numbers are in practice vulnerable to sequence number injection.  Having specific references to other protocols that are protected against such injection seems like it would be useful.

--> Henrik: Added reference to RFC4302, IPSec, Authentication Header, Section 3. 

Section 4
  However DetNet
   also introduces timing and other considerations which are not present
   in DiffServ, so the DiffServ security considerations are necessary
   but not sufficient for DetNet.

In my experience, security considerations are typically statements of fact about the properties of a protocol/system, as opposed to requirements for secure operation; in that context it is better to say that the diffserv security considerations are a subset of the detnet security considerations, as opposed to the current "necessary but not sufficient" phrasing.

--> EAG refactored text: 
However, DetNet also introduces timing and other considerations which are not present in DiffServ, so
 the DiffServ security considerations are a subset of the DetNet security considerations.
In DetNet, there are similar consequences to DiffServ for lack of detection of, or incorrect
   handling of, packets with mismarked DSCP values, and many of the
If I understand correctly, the detection/handling in question here is specifically at ingress to the domain?

EAG: Yes, added clarifying text: 
"In this discussion, interpretation (and any possible intentional re-marking)of the DSCP
values of packets destined for DetNet OT flows is expected to occur at the ingress to the
DetNet domain; once inside the domain, maintaining the integrity of the DSCP values is
subject to the same handling considerations as any other field in the packet."
Section 5.1
[I'll note for completeness that I still would prefer this to be called a taxonomy of threats rather than a threat model, but we've had the conversation about how this formulation is analogous to that of RFC 7384 and there's nothing left to say.  No response needed; I'm just recording that we agreed to disagree.]

EAG: We decided to agree with you – I changed it to “taxonomy of threats”. 

   o  Internal vs. external: internal attackers either have access to a
      trusted segment of the network or possess the encryption or
      authentication keys.  External attackers, on the other hand, do
      not have the keys and have access only to the encrypted or
      authenticated traffic.

I think it is common to use "external" to refer to attackers that are entirely outside of a domain and are limited to attmping to send packets into the domain, with no visibility into legitimate traffic inside the domain.  The description here suggests that the boundary between "internal" and 'external" is more of a logical one, perhaps relating to access to physical packets (in encrypted form) vs unprotected packts (as available to internal systems), but perhaps there is intended to also be a "secure network" where the physical packets contain the logical data but are physically inaccessible to the attacker.  Section 5.3 alludes to the existence of some "security mechanism" that provides the boundary between external and internal attackers, but leaves the actual nature of the boundary unclear, for me.
[This looks like it's basically the same as Roman's first discuss point, which I support.]

EAG: – Agree – I already dealt with in Roman's comments. 
   o  On-path vs. off-path: on-path attackers are located in a position
      that allows interception and modification of in-flight protocol
      packets, whereas off-path attackers can only attack by generating
      protocol packets.

We sometimes differentiate between (e.g.) "active" or "passive" on-path attackers, where interception/viewing is done in either form but modification only done in the "active" form.

--> EAG - we don't use the term "passive" so I claim there is no need to include this distinction. 
Section 5.2.3
I don't understand why the section title includes "Resource Segmentation"; the scenario being described seems to discuss risks that are present when resources are *not* properly segmented.  Resource Segmentation by itself should not be a threat in this regard.

Tal: Updated section title and explained that it is a vulnerability that can exploit poor resource segmentation:
   "An attacker can inject traffic that will consume network resources
   such that it affects DetNet flows.  This can be performed using non-
   DetNet traffic that indirectly affects DetNet traffic (hardware
   resource exhaustion), or by using DetNet traffic from one DetNet flow
   that directly affects traffic from different DetNet flows."

I don't understand what is meant by "detnet traffic from one flow that directly affects traffic from different detnet flows".  How might this happen?

Tal: Added text to explain: Might happen due to resources that are partially shared between multiple DetNet flows, which may allow the attacker to exploit that resource by using traffic belonging to the one flow to try to affect the other flow. 

      bridge, the flow is hijacked by the attacker.  It is now posible
      to either replace en route packets with malicious packets, or
      simply injecting errors, causing the packets to be dropped at
      their destination.
nit: s/injecting/inject/

EAG: OK, also edited text: 
Once the flow from the compromised path is favored by the eliminating bridge, the flow has effectively been hijacked by
the attacker. It is now possible for the attacker to either replace en route packets with malicious packets, or to simply inject errors into the packets, causing the packets to be dropped at their destination.
   An attacker can subvert a controller, or enable a compromised
   controller to falsely represent itself as a controller so that the
   network nodes believe it to be authorized to instruct them.

I can't tell if "compromised controller" was a typo that was supposed to refer to some non-controller class of entity, so that the false representation as a controller is a significant change in node capability.

EAG: Adapted text to explain there that we mean either case: 
"An attacker can subvert a legitimate controller (or subvert another component such
that it represents itself as a legitimate controller) with the result that the network
nodes incorrectly believe it is authorized to instruct them."
Section 5.2.6
   A passive eavesdropper can identify DetNet flows and then gather
   information about en route DetNet flows, e.g., the number of DetNet
   flows, their bandwidths, their schedules, or other temporal
   properties.  [...]

I suggest "other temporal or statistical properties" to encompass things like latency and jitter, which are only in some limited sense temporal properties.

EAG: OK, I added that. 

   DetNet flows are typically uniquely identified by their 6-tuple, i.e.
   fields within the IP header, however in some implementations the flow
   ID may also be augmented by additional per-flow attributes known to
   the system, e.g. above the IP-layer.  [...]

pedantically, the ports in the 6-tuple are also above the IP layer.

EAG: Yes, corrected. 

For the purpose of this  document we assume any such additional fields used for flow ID are
   encrypted and/or integrity-protected from external attackers.

I suggest adding a note that existing OT protocols designed for use on dedicated secure networks may not intrinsically provide such protection, in which case IPsec or transport layer security mechanisms may be needed.  (I do see a note on a similar or more generic topic already in §6, but don't think there is harm in having another one.)

--> EAG Added that note.

Section 5.3
How can an off-path attacker perform a delay attack?

Tal: Removed "plus sign" from table for that. 

Section 6
What is the distinction between "Health and Safety" and "People Well Being"?

EAG agree, removed "People Well Being". 

   Safety, People well being (People WB), Affect on a single
   organization, and affect on multiple organizations.  Recovery

nit: s/Affect/Effect/ in both lower and upper case forms (the table, fortunately, is already correct)
EAG: Agree, fixed. 

Why is M2M control listed as only having low impact from data integrity?
I would have thought that integrity of the control plane information would be pretty important.

EAG: Agree, changed to Hi. 

Section 6.1.1
   For a single path scenario, disruption is a real possibility, whereas
   in a multipath scenario, large delays or instabilities in one DetNet
   flow can lead to increased buffer and processor resources at the
   eliminating router.
nit: I think s/resources/resource consumption/

EAG: OK fixed. 

Section 6.2.1
I think it might be more interesting to mention the scope of potential harm when the corrupted or modified payloads are interpreted, rather than just saying that they could be modified.

Tal: Added text to clarify potential impact of this attack. 

Section 6.3.2
I think the primary concern here is that there will be skew between the "reality" in the individual nodes and the expected state known to the controller, such that when the controller attempts to make changes in the future the actual actions will differ.  The specifics of how the initial skew occurs is less interesting, and essentially equivalent to the spoofing case.

Henrik: Added explanation: 
"If an attacker can inject control messages without the central controller knowing, then one or more components in the network may get into a state that is not expected by the controller, and at that point if the controller initiates a command, the effect of that command may not be as expected, since the target of the command may have started from a different initial state."
EAG: Also added new bullet: Can force component into failure state if told to do conflicting actions. 

Section 6.4.x
I think the referenced coverage is perhaps too brief to be useful.

Tal: Added additional details. 

Section 6.8
In the context of this section, we should be talking about the discussion or description of the impact of attacks; how attacks are "addressed" would be analogous to the mitigations that we cover in §7.

Tal: Rephrased, added text with more detailed description. 

Section 7.2
      An integrity protection mechanism is designed to counteract header
      modification attacks where a Message Authentication Code (MAC) is
      the most common.  [...]

nit: the "a MAC is most common" seems to bind to "header modification attacks", not "integrity protection mechanism; I suggest
      An integrity protection mechanism is designed to counteract header
      modification attacks.  A Message Authentication Code (MAC) is
      the most common such mechanism.

EAG and Henrik: Updated 7.2 to address all of these comments.

                        The MAC can be distributed either in-line
      (included in the same packet) or via a side channel.  Due to the
      nature of DetNet traffic.  [...]

nit: incomplete sentence?

EAG and Henrik: Updated 7.2 to address all of these comments.

      replication attacks (see Section 5.2.2 and Section 5.2.4).  This
      MAC usage needs to be part of a security association that is
      established and managed by a security association protocol (such
      as IKEv2 for IPsec security associations).  Integrity protection

BCP 107 might be a good reference here.

EAG and Henrik: Updated 7.2 to address all of these comments.

      sequence numbers are not modifiable.  Thus, sequence numbers can
      be protected by using encryption, or by a MAC without using

I suggest s/encryption/authenticated encryption/; an unqualified "encryption" is easy to interpret as something like a stream or block cipher mode without integrity protection, which is malleable without detection.
      encryption.  Between the adder and remover there may or may not be
      replication and elimination functions.  The elimination functions
      must be able to see the sequence numbers.  Therefore, if
      encryption is done between adders and removers it must not obscure
      the sequence number.  If the sequence removers and the eliminators
      are in the same physical component, it may be possible to obscure
      the sequence number, however that is a layer violation, and is not
      recommended practice.  [...]

EAG and Henrik: Updated 7.2 to address all of these comments.

It would also be technically feasible (but very ill-advised) to share the encryption key with the elimination function and continue to use encrypted sequence numbers.  This is ill-advised because two-party security with a shared symmetric secret provides much stronger peer authentication than group seciryt with a shared symmetric secret.

EAG and Henrik: Updated 7.2 to address all of these comments. 

Section 7.4
I suggest reiterating that it is expected that cryptographic confidentiality protection is applied to traffic; dummy traffic is generally ineffectual when the plaintext is visible to the attacker.

Henrik: Added text to include this. 

Section 7.5
      Note that reconnaissance is a threat that is not specific to
      DetNet flows, and therefore reconnaissance mitigation will
      typically be analyzed and addressed by a network operator
      regardless of whether DetNet flows are deployed.  [...]
nit: I suggest s/addressed/provided/ since "addressed" usually implies that the thing in question is a problem that needs to be mitigated, but we are describing the mitigation itself.

--> EAG agree, fixed. 

Section 7.5.1
   Any compute time which is required for encryption and decryption
   processing ('crypto') must be included in the flow latency
   calculations.  Thus, crypto algorithms used in a DetNet must have
   bounded worst-case execution times, and these values must be used in
   the latency calculations.
(In general, crypto operations should have constant execution times, to avoid side channel leakage.)

EAG: Nice addition, added that info. 

   If crypto keys are to be regenerated over the duration of the flow
   then the time required to accomplish this must be accounted for in
   the latency calculations.
[In contrast to my previous comment, key generation is a cryptographic operation that is frequently not possible to implement in constant time, most notably thoguh not exclusively for RSA key pairs.]

EAG: Very useful info, incorporated it. 

Section 7.7
      Making DPA measurement results available at the right place(s) and
      time(s) to effect timely response can be challenging.  Two
      notification mechanisms that are in general use are Netconf/YANG
      Notifications (e.g.  [RFC5880]) and the proprietary local
      telemetry interfaces provided with components from some vendors.
I think that CoAP Observe (RFC 7641) could also apply to such scenarios, but I don't have enough information to be able to say whether it is "in general use" for this purpose.

EAG: OK, added that reference. 

      Performance analytics can be used to mitigate various attacks,
      including the ones described in Section 5.2.1 (Delay Attack),
      Section 5.2.3 (Resource Segmentation Attack), and Section 5.2.7
      (Time Synchronization Attack).
Mitigate, or just detect?  (May also affect Figure 3.)

EAG: Already fixed as part of Roman review. Leave Fig 3 since definition of “mitigation” does not imply a complete fix for the attack. 

Section 7.8
In my mind the "Replication: increased attack surface" attack included the potential for the replicated data stream to be available (and thus subject to reconnaissance) in more places, in addition to there being more devices relevant to a given flow and susceptible to attack.  In that case, encryption would also be a relevant mitigation, but it is not currently listed as one.

Tal: Added encryption as potential mitigation in the table. 

We list "control message protection" as a potential mitigation for several rows in the table, but I do not see where there is prose discussing what that mitigation entails.

Tal: updated table entry text to be same as body text: "Control and Signaling Message Protection". 

Section 8.1.1
Some subnetwork layers other than ethernet might have additional attacks and impacts that are not relevant to ethernet.  A prominent example would be radio technologies, where the broadcast domain is "anyone with an antenna", though this is probably not the only example of affected subnetwork technology or additional attack/impact.

EAG: At time of writing, we defer deterministic wireless to the Reliable and Available Wireless (RAW) IETF Working Group, so we don’t address such things here. We already make the statement in our text about "for other mediums, other mitigations would have to be implemented to provide analogous protection" - we feel this is sufficient. 

Section 8.1.3
   To mitigate this situation, deployments should provide a method for
   dynamic and secure registration of new components, and (possibly
   manual) deregistration of retired components.  This would avoid the
   situation in which the network must accommodate potentially insecure
   packet flows from unknown components.
[The IETF has specified a number of enrolment and bootstrapping protocols (EST, BRSKI, SZTP, CMC, CMP, etc.), though it's not clear that it's helpful to informatively reference any particular ones, here.]

EAG: Such specific protocols are not unique to DetNet and thus we don't delve further into this topic here (such as providing such references). 

Section 8.1.5
   Please note that although there are no entries in the L2 and L3
   Integration line of the Mapping Between Themes and Attacks table
   Figure 4, this does not imply that there could be no relevant attacks
   related to L2-L3 integration.
Very true -- thank you!

EAG:    ;- ) 

Section 8.1.6
   It may be that such attacks are limited to Internal on-path
   attackers, but other possibilities should be considered.
Why is this listed as "may be"?  What factors influence whether it can or cannot be the case?

EAG: OK, eliminated that sentence. 

Section 8.1.8
   However the handling of IT traffic by the DetNet may not (by design)
   be as resilient to DOS attack, and thus designers must be otherwise
   prepared to mitigate DOS attacks on IT traffic in a DetNet.
I don't think I understand what this is trying to say.  Both for what behavior is "by design" and what designers are expected to do.

EAG: Refactored text: 
"The handling of IT traffic (i.e. traffic which by definition is not guaranteed any
given deterministic service properties) by the DetNet will by definition not be given
the DetNet-specific protections provided to DetNet (resource-reserved) flows. The
implication is that the IT traffic on the DetNet network will necessarily have its own
specific set of product (component or system) requirements for protection against
attacks such as DOS; presumably they will be less stringent than those for OT flows, but
nonetheless component and system designers must employ whatever mitigations will meet
the specified security requirements for IT traffic for the given component or DetNet."
Section 8.1.10
   is made available on the network for best-effort traffic.  However,
   note that security considerations for best-effort traffic on a DetNet
   network is out of scope of the present document, provided that such
   an attack does not affect performance for DetNet OT traffic.
nit: there's no antecedent for "such an attack" that I can see.

EAG looks OK to me, but I refactored as: 
"However, note that security considerations for best-effort traffic
on a DetNet network is out of scope of the present document, provided that any such
attacks on best-effort traffic do not affect performance for DetNet OT traffic."
Section 8.1.13
The usage of 'secure" and "security layer" in this section are pretty vague as to what properties are implied.  Can we be more precise?

EAG refactored as: 
"Deployment of such a component on a DetNet
network that is intended to be highly secure may present an attack surface; thus the
DetNet network operator may need to take specific actions to protect such components,
for example by implementing a secure interface (such as a firewall) to isolate the component
from the threats that may be present in the greater network."
Section 8.1.15
   An attack that takes advantage of flaws (or even normal operation) in
   the device drivers for the various links (through internal knowledge
   of how the individual driver or firmware operates) could take
   proportionately greater advantage of this topology.
I don't really understand what is meant by "proportionately greater advantage of this topology"?  What is being compared to?

EAG: clarified: 
"It is also possible that a large scale DetNet topology containing various kinds of
 links may not be in as common use as other more homogeneous topologies. This situation
 may present more opportunity for attackers to exploit software and/or protocol flaws in
 or between these components, because these components or configurations may not have
 been sufficiently tested for interoperability (in the way they would be as a result of
 broad usage). This may be of particular concern to early adopters of new DetNet
 components or technologies."
Section 8.2
In the table Fig 5: 
Is a delay attack relevant for deterministic flows?
How is a reconnissance attack relevant for low latency?

Tal: Fixed these table entries. 
Section 9.2
   The operation of DetNet over an MPLS network is modeled on the
   operation of multi-segment pseudowires (MS-PW).  Thus for guidance on
   securing the DetNet elements of DetNet over MPLS the reader is
   referred to the MS-PW security mechanisms as defined in [RFC8077],
   [RFC3931], [RFC3985], [RFC6073], and [RFC6478].
I'm not sure I saw which security mechanisms are supposed to be provided by RFC 3985 and/or RFC 6478 (though I only very quickly skimmed through them).

Tal: Reviewed the RFCs and rephrased the text to refer the reader to the Security Considerations sections of these RFCs. 

   Further consideration of protection against dynamic attacks is work
   in progress.  New work on MPLS security may also be applicable, for
   example [I-D.ietf-mpls-opportunistic-encrypt].
I got excited by the draft-ietf-mpls-opportunistic-encrypt reference, but following the link suggests that the draft has been expired for three years.  Is it still appropriate to refer to it as "new work" or "work in progress"?

EAG: Rephrased: 
"Some investigations into protection of MPLS systems against dynamic attacks exist, such
as <xref target="I-D.ietf-mpls-opportunistic-encrypt"/>; perhaps deployment of DetNets
will encourage additional such investigations."
Section 12
Traffic analysis and similar side channels can still cause there to be privacy considerations even when traffic is encrypted.

EAG: added: 
However, note that reconnaissance threats such as traffic analysis and monitoring of
electrical side channels can still cause there to be privacy considerations even when
traffic is encrypted.
=================== END=========================