IETF Logo Mail Archive

Re: [Detnet] Roman Danyliw's No Objection on draft-ietf-detnet-oam-framework-10: (with COMMENT)

Greg Mirsky <gregimirsky@gmail.com> Wed, 03 January 2024 23:40 UTC

Return-Path: <gregimirsky@gmail.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CC32C14F6B5; Wed, 3 Jan 2024 15:40:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CaW1zKheOwjb; Wed, 3 Jan 2024 15:40:06 -0800 (PST)
Received: from mail-yb1-xb2a.google.com (mail-yb1-xb2a.google.com [IPv6:2607:f8b0:4864:20::b2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE205C14F6A0; Wed, 3 Jan 2024 15:40:00 -0800 (PST)
Received: by mail-yb1-xb2a.google.com with SMTP id 3f1490d57ef6-dbe87cbc052so1841466276.2; Wed, 03 Jan 2024 15:40:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1704325200; x=1704930000; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=y7Pg3SDJo7CJEu7Jl/h8CuPwX0slYsta4gygSL2Hcoc=; b=QmAa3TYC+1AE9v6cb+4iNQ7X/ZrsTCduQRl9fObjwuQyIpN8TFECp30TharDiUyNkP yaP9mPoWF2IrW228so4GrVSGJyQ4qib0Z0fJleenpEDs5dj6HmG1V5kJdt7tJcyxc2Qn wYy9QtesHpB5xRvKWyqJhuUMQxaAWM3MAOL3BP9pg4gR6kucWLIkSPpcsjWGu9LyUrtM /+8897bcT86cl+EIJ8SvlLWnT/kmhjQC+i19WTaaEWRwFrFrShgRCpsaS2ccp6DpQaaD a3fgGxBGduDpnQ+LyCKWoi6L93rvJ8IqwbuWAiixTYCLJRjbzDh53+B7VCyvqelBjAdR CKmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704325200; x=1704930000; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=y7Pg3SDJo7CJEu7Jl/h8CuPwX0slYsta4gygSL2Hcoc=; b=JuKDTPcGVNOZO2N+xblFOJPPwsRuCyhkBgTpwXoUJI+3R4A9JMjs30PaDcbD9dR0So DGWolXOnhKOu/+Pu1UiJUcRR28nLpWq9th1tjE8sjvPQKssdCQ2i0NB9PAkQu1NoL1gX 9qe2AQHvAkmOFGA6iqqiNNQmr/n+0VO8pk28/WiyWmYSRi5d3aRhcaVsfGEnVMCQIJbz ltoyBRoLZE37wapUOjJOt4asLYmSHiGBL2MAM3IU90TlNJk87AOYjq6kt6GJereLFG15 0waQ/RZZqmDfq74/phMbsSr5ylXWHo7GdH7OtAjFQWqhYbCBJMLHQEDJpM2te7tSRdlk pGrg==
X-Gm-Message-State: AOJu0YymQdOIlptVyc5ojzs3TWhfT5fBHyaDb675G/TohkUQdNAZb162 j0zoPMBhwm1YumKtyGZMA3hcqKKj8ac6DYkcm80726YntAc=
X-Google-Smtp-Source: AGHT+IGv2XU3RxicTp1fv11B2H16zcFTgCxWHN8AxI23HGkx7QmaqEXx0JoOkiBIvnUrzlQ5R0sfoLT5tChWPCWRTuA=
X-Received: by 2002:a05:6902:1106:b0:dbd:c2da:f51d with SMTP id o6-20020a056902110600b00dbdc2daf51dmr11243805ybu.35.1704325199595; Wed, 03 Jan 2024 15:39:59 -0800 (PST)
MIME-Version: 1.0
References: <170431586860.37095.4851856862316260464@ietfa.amsl.com>
In-Reply-To: <170431586860.37095.4851856862316260464@ietfa.amsl.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Wed, 03 Jan 2024 15:39:48 -0800
Message-ID: <CA+RyBmXpiZ_3k10TJHq-KJaqLziUfrcUvGhk3k0-nV9LaVVT8g@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-detnet-oam-framework@ietf.org, detnet-chairs@ietf.org, detnet@ietf.org, lberger@labn.net
Content-Type: multipart/alternative; boundary="0000000000001a8b2f060e132286"
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/_j57AMaviPPoHeNJ5tBpokMeGiQ>
Subject: Re: [Detnet] Roman Danyliw's No Objection on draft-ietf-detnet-oam-framework-10: (with COMMENT)
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jan 2024 23:40:10 -0000

Hi Roman,
thank you for your comments helping to improve the document. Please find my
notes below tagged by GIM>>.

Regards,
Greg

On Wed, Jan 3, 2024 at 1:04 PM Roman Danyliw via Datatracker <
noreply@ietf.org> wrote:

> Roman Danyliw has entered the following ballot position for
> draft-ietf-detnet-oam-framework-10: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-detnet-oam-framework/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> ** Section 2.
>    Many legacy OAM tools can be used in DetNet networks, but they are
>    not able to cover all the aspects of deterministic networking.
>
> What is a legacy tool?
>
GIM>> Yes, it is awkward. I propose the following re-wording of the
paragraph:
OLD TEXT:
   Many legacy OAM tools can be used in DetNet networks, but they are
   not able to cover all the aspects of deterministic networking.
   Fulfilling strict guarantees is essential for DetNet flows, resulting
   in new DetNet-specific functionalities that must be covered with OAM.
   Filling these gaps is inevitable and needs accurate consideration of
   DetNet specifics.  Similar to DetNet flows themselves, their OAM
   needs careful end-to-end engineering as well.
NEW TEXT:
   Most of the existing OAM tools can be used in DetNet networks, but
   they can only cover some aspects of deterministic networking.
   Fulfilling strict guarantees is essential for DetNet flows, resulting
   in new DetNet-specific functionalities that must be covered with OAM.
   Filling these gaps is inevitable and needs accurate consideration of
   DetNet specifics.  Similar to DetNet flows, their OAM also needs
   careful end-to-end engineering.

>
> ** Section 2.
>
>    For example, appropriate placing of MEPs along the path of a DetNet
>    flow is not always a trivial task and may require proper design,
>    together with the design of the service component of a given DetNet
>    flow.
>
> Agreed.  However, it seems me to that there is a missing sentence
> explicitly
> linking OAM to placing these MEPs.
>
GIM>> I see the process of placing MEPs, i.e., configuring MEPs on a
particular interfaces of a DetNet node, being a part of the overall process
of OAM configuration that includes the configuration of OAM protocols. Is
that the linking that you suggest to clarify in the text?

>
> ** Section 8.  This section seems to be missing mentioned that OAM
> mechanism
> could be tampered with depending on their construction and that some OAM
> tools
> are dual-use potentially enabling reconnaissance by an attacker.  These and
> other topics are covered in the Security Considerations of RFC7276.
>
GIM>> Thank you the reference, added the following sentence:
NEW TEXT:
   Furthermore, the analysis of OAM security concerns in
   Section 6 of [RFC7276] also applies to DetNet OAM, including the use
   of OAM for network reconnaissance.

>
> ** Section 9.  The GENART reviewer (Mallory Knodel) also notes that OAM
> mechanism can be used as the further basis of reconnaissance by
> fingerprinting
> their features.
>
GIM>> Would the new sentence in Section 8 be sufficient to cover that
concern?

v2.23.0 | Report a Bug | By Email