[Detnet] Secdir last call review of draft-ietf-detnet-mpls-over-ip-preof-08
Catherine Meadows via Datatracker <noreply@ietf.org> Tue, 19 December 2023 21:48 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: detnet@ietf.org
Delivered-To: detnet@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B4B39C14CF0C; Tue, 19 Dec 2023 13:48:57 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Catherine Meadows via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: detnet@ietf.org, draft-ietf-detnet-mpls-over-ip-preof.all@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.1.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <170302253772.55643.8417440394837503580@ietfa.amsl.com>
Reply-To: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Date: Tue, 19 Dec 2023 13:48:57 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/ajm1u7T0rlppXN4jFnZ-_cbdENA>
Subject: [Detnet] Secdir last call review of draft-ietf-detnet-mpls-over-ip-preof-08
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Dec 2023 21:48:57 -0000
Reviewer: Catherine Meadows Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other comments. This document presents BGP constructs that may be used to implement certain types of network segmentation. This document describes how sequencing information can be encoded in the IP header to be used to support the addition of Packet Replication, Elimination, and Ordering Functions (PREOF) to Deterministic Networking (DetNet )IP. The PREOF service protection method relies on copies of the same packet being sent over multiple maximally disjoint paths and uses sequencing information to elimination duplicates. PREOF has already been implemented for MPLS, and the IP solution is derived from that. This document descibes how to derive the needed sequencing information from the IP header. In particular it describes what information MUST and MAY be included in the header fields so that the sequence information may be derived. I agree with the draft’s security considerations section, which says that no new security considerations are introduced. The procedure is based on a similar solution for MPLS, and so the MPLS security considerations apply. A nit: 1. A possible implementation of POF function should be A possible implementation of the POF function
- [Detnet] Secdir last call review of draft-ietf-de… Catherine Meadows via Datatracker