Re: [Detnet] I-D Action: draft-ietf-detnet-security-13.txt
Ethan Grossman <ethan@ieee.org> Sat, 12 December 2020 00:00 UTC
Return-Path: <ethan@ieee.org>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87E313A1058 for <detnet@ietfa.amsl.com>; Fri, 11 Dec 2020 16:00:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ieee.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EmdXV2vzXniZ for <detnet@ietfa.amsl.com>; Fri, 11 Dec 2020 16:00:30 -0800 (PST)
Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A1F03A0FED for <detnet@ietf.org>; Fri, 11 Dec 2020 16:00:30 -0800 (PST)
Received: by mail-pj1-x1034.google.com with SMTP id j13so3195219pjz.3 for <detnet@ietf.org>; Fri, 11 Dec 2020 16:00:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=reply-to:from:to:cc:references:in-reply-to:subject:date :organization:message-id:mime-version:content-transfer-encoding :thread-index:content-language; bh=JVFdAK6axIcix5zEE++nIlVDUcgG2Ru1NoC0QsS+T0c=; b=cMlCLBUaFR1D4MnpqQnfbeCO10305L5pyvzcfwI4HMSujiAQzl5RbRbM0buvypeqVo RAVRNTJB5qFEO8tq7URtEdMU7R+7SvQHm4y6FOcgMPWs4hOdM2T4r02e7/PtatIP/xdz KrE5aVVtcQE6A2pHq+qvK8uf5ZUfo3DwWKHO8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:from:to:cc:references:in-reply-to :subject:date:organization:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=JVFdAK6axIcix5zEE++nIlVDUcgG2Ru1NoC0QsS+T0c=; b=G+4uB8biqhc1yC9dvfO/bWJX0aF7qQtshslu4GUosLYauak2KZkCk15dNWCKkP9m3V VGQVFC79sh68mpYhhRL/J0Qoix4tfs15NsG0LyvCZdTfTaDuzTcwP97fnJ0U6/0c2RXR iEuYIF2a23OFdpZcVU8opqXun0BjAz1jFErcwweR73TLgHP9RHBzanHY/Svp9zbSoVqd sX4kCBIgfYmYmBchqLu7BY9miXGzrvCCQevp02a7STT1MSswEcMY9o6f+5f39xd1pCBq X3UnzF3FoDOe4CQckyQHhqBsYuani4KSzmcju9gEceEmp/BJd3i9en6K+5jCTecFYyFw PxLQ==
X-Gm-Message-State: AOAM533hvFZCBXtEqJRwOO3sQq+cY4MUI4oAkZ5ExSKazshBf35o8ia6 1g3o+ZxvDm/B9OH192/pv+Z29w==
X-Google-Smtp-Source: ABdhPJxaGJc16Q1muzCB6l5HolV9sW96+Q6R2XnAvMTravhCwvAnC/PvY8K0YzdcfL5be0V7mFH+CA==
X-Received: by 2002:a17:90a:e2ce:: with SMTP id fr14mr15768493pjb.89.1607731229901; Fri, 11 Dec 2020 16:00:29 -0800 (PST)
Received: from DESKTOPC435DDQ (99-46-181-151.lightspeed.sntcca.sbcglobal.net. [99.46.181.151]) by smtp.gmail.com with ESMTPSA id x1sm12080931pfj.95.2020.12.11.16.00.28 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 11 Dec 2020 16:00:29 -0800 (PST)
Reply-To: ethan@ieee.org
From: Ethan Grossman <ethan@ieee.org>
To: detnet@ietf.org
Cc: tal.mizrahi.phd@gmail.com, henrik@austad.us, housley@vigilsec.com, 'Yaron Sheffer' <yaronf.ietf@gmail.com>, detnet-chairs@ietf.org, db3546@att.com
References: <160773019855.16280.13676173127624172336@ietfa.amsl.com>
In-Reply-To: <160773019855.16280.13676173127624172336@ietfa.amsl.com>
Date: Fri, 11 Dec 2020 16:00:26 -0800
Organization: Coast Computer Design
Message-ID: <013301d6d019$ccc65c80$66531580$@ieee.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHXernySjoVhFQvQisaBz9aJUnW8KnxOkhg
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/cmK3SYWGwZxV1n_TeJCkBYoXdpo>
Subject: Re: [Detnet] I-D Action: draft-ietf-detnet-security-13.txt
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Dec 2020 00:00:33 -0000
Hi All, This v13 incorporates all of the review comments from Russ Housley (genart) and almost all of the comments from Yaron Sheffer (secdir). The one remaining comment from Yaron ("please provide additional specifics on the mitigations presented") is partly addressed in v13 but additional work is planned for v14. As far as I know, there are no other open comments - if anyone knows of anything I missed, please let me know. As always, any additional comments or suggestions are welcome. Best, Ethan (as DetNet Security draft editor and co-author) -----Original Message----- From: detnet <detnet-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org Sent: Friday, December 11, 2020 3:43 PM To: i-d-announce@ietf.org Cc: detnet@ietf.org Subject: [Detnet] I-D Action: draft-ietf-detnet-security-13.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Deterministic Networking WG of the IETF. Title : Deterministic Networking (DetNet) Security Considerations Authors : Ethan Grossman Tal Mizrahi Andrew J. Hacker Filename : draft-ietf-detnet-security-13.txt Pages : 52 Date : 2020-12-11 Abstract: A DetNet (deterministic network) provides specific performance guarantees to its data flows, such as extremely low data loss rates and bounded latency (including bounded latency variation, i.e. "jitter"). As a result, securing a DetNet requires that in addition to the best practice security measures taken for any mission-critical network, additional security measures may be needed to secure the intended operation of these novel service properties. This document addresses DetNet-specific security considerations from the perspectives of both the DetNet system-level designer and component designer. System considerations include a threat model, taxonomy of relevant attacks, and associations of threats versus use cases and service properties. Component-level considerations include ingress filtering and packet arrival time violation detection. This document also addresses security considerations specific to the IP and MPLS data plane technologies, thereby complementing the Security Considerations sections of those documents. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-detnet-security/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-detnet-security-13 https://datatracker.ietf.org/doc/html/draft-ietf-detnet-security-13 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-detnet-security-13 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ detnet mailing list detnet@ietf.org https://www.ietf.org/mailman/listinfo/detnet
- [Detnet] I-D Action: draft-ietf-detnet-security-1… internet-drafts
- Re: [Detnet] I-D Action: draft-ietf-detnet-securi… Ethan Grossman