Re: [Detnet] I-D Action: draft-ietf-detnet-security-13.txt

Ethan Grossman <ethan@ieee.org> Sat, 12 December 2020 00:00 UTC

Return-Path: <ethan@ieee.org>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87E313A1058 for <detnet@ietfa.amsl.com>; Fri, 11 Dec 2020 16:00:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ieee.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EmdXV2vzXniZ for <detnet@ietfa.amsl.com>; Fri, 11 Dec 2020 16:00:30 -0800 (PST)
Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A1F03A0FED for <detnet@ietf.org>; Fri, 11 Dec 2020 16:00:30 -0800 (PST)
Received: by mail-pj1-x1034.google.com with SMTP id j13so3195219pjz.3 for <detnet@ietf.org>; Fri, 11 Dec 2020 16:00:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=reply-to:from:to:cc:references:in-reply-to:subject:date :organization:message-id:mime-version:content-transfer-encoding :thread-index:content-language; bh=JVFdAK6axIcix5zEE++nIlVDUcgG2Ru1NoC0QsS+T0c=; b=cMlCLBUaFR1D4MnpqQnfbeCO10305L5pyvzcfwI4HMSujiAQzl5RbRbM0buvypeqVo RAVRNTJB5qFEO8tq7URtEdMU7R+7SvQHm4y6FOcgMPWs4hOdM2T4r02e7/PtatIP/xdz KrE5aVVtcQE6A2pHq+qvK8uf5ZUfo3DwWKHO8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:from:to:cc:references:in-reply-to :subject:date:organization:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=JVFdAK6axIcix5zEE++nIlVDUcgG2Ru1NoC0QsS+T0c=; b=G+4uB8biqhc1yC9dvfO/bWJX0aF7qQtshslu4GUosLYauak2KZkCk15dNWCKkP9m3V VGQVFC79sh68mpYhhRL/J0Qoix4tfs15NsG0LyvCZdTfTaDuzTcwP97fnJ0U6/0c2RXR iEuYIF2a23OFdpZcVU8opqXun0BjAz1jFErcwweR73TLgHP9RHBzanHY/Svp9zbSoVqd sX4kCBIgfYmYmBchqLu7BY9miXGzrvCCQevp02a7STT1MSswEcMY9o6f+5f39xd1pCBq X3UnzF3FoDOe4CQckyQHhqBsYuani4KSzmcju9gEceEmp/BJd3i9en6K+5jCTecFYyFw PxLQ==
X-Gm-Message-State: AOAM533hvFZCBXtEqJRwOO3sQq+cY4MUI4oAkZ5ExSKazshBf35o8ia6 1g3o+ZxvDm/B9OH192/pv+Z29w==
X-Google-Smtp-Source: ABdhPJxaGJc16Q1muzCB6l5HolV9sW96+Q6R2XnAvMTravhCwvAnC/PvY8K0YzdcfL5be0V7mFH+CA==
X-Received: by 2002:a17:90a:e2ce:: with SMTP id fr14mr15768493pjb.89.1607731229901; Fri, 11 Dec 2020 16:00:29 -0800 (PST)
Received: from DESKTOPC435DDQ (99-46-181-151.lightspeed.sntcca.sbcglobal.net. [99.46.181.151]) by smtp.gmail.com with ESMTPSA id x1sm12080931pfj.95.2020.12.11.16.00.28 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 11 Dec 2020 16:00:29 -0800 (PST)
Reply-To: ethan@ieee.org
From: Ethan Grossman <ethan@ieee.org>
To: detnet@ietf.org
Cc: tal.mizrahi.phd@gmail.com, henrik@austad.us, housley@vigilsec.com, 'Yaron Sheffer' <yaronf.ietf@gmail.com>, detnet-chairs@ietf.org, db3546@att.com
References: <160773019855.16280.13676173127624172336@ietfa.amsl.com>
In-Reply-To: <160773019855.16280.13676173127624172336@ietfa.amsl.com>
Date: Fri, 11 Dec 2020 16:00:26 -0800
Organization: Coast Computer Design
Message-ID: <013301d6d019$ccc65c80$66531580$@ieee.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHXernySjoVhFQvQisaBz9aJUnW8KnxOkhg
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/cmK3SYWGwZxV1n_TeJCkBYoXdpo>
Subject: Re: [Detnet] I-D Action: draft-ietf-detnet-security-13.txt
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Dec 2020 00:00:33 -0000

Hi All,
This v13 incorporates all of the review comments from Russ Housley (genart)
and almost all of the comments from Yaron Sheffer (secdir). The one
remaining comment from Yaron ("please provide additional specifics on the
mitigations presented") is partly addressed in v13 but additional work is
planned for v14. 
As far as I know, there are no other open comments - if anyone knows of
anything I missed, please let me know. 
As always, any additional comments or suggestions are welcome. 
Best,
Ethan (as DetNet Security draft editor and co-author)

-----Original Message-----
From: detnet <detnet-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org
Sent: Friday, December 11, 2020 3:43 PM
To: i-d-announce@ietf.org
Cc: detnet@ietf.org
Subject: [Detnet] I-D Action: draft-ietf-detnet-security-13.txt


A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Deterministic Networking WG of the IETF.

        Title           : Deterministic Networking (DetNet) Security
Considerations
        Authors         : Ethan Grossman
                          Tal Mizrahi
                          Andrew  J. Hacker
	Filename        : draft-ietf-detnet-security-13.txt
	Pages           : 52
	Date            : 2020-12-11

Abstract:
   A DetNet (deterministic network) provides specific performance
   guarantees to its data flows, such as extremely low data loss rates
   and bounded latency (including bounded latency variation, i.e.
   "jitter").  As a result, securing a DetNet requires that in addition
   to the best practice security measures taken for any mission-critical
   network, additional security measures may be needed to secure the
   intended operation of these novel service properties.

   This document addresses DetNet-specific security considerations from
   the perspectives of both the DetNet system-level designer and
   component designer.  System considerations include a threat model,
   taxonomy of relevant attacks, and associations of threats versus use
   cases and service properties.  Component-level considerations include
   ingress filtering and packet arrival time violation detection.

   This document also addresses security considerations specific to the
   IP and MPLS data plane technologies, thereby complementing the
   Security Considerations sections of those documents.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-detnet-security/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-detnet-security-13
https://datatracker.ietf.org/doc/html/draft-ietf-detnet-security-13

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-detnet-security-13


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


_______________________________________________
detnet mailing list
detnet@ietf.org
https://www.ietf.org/mailman/listinfo/detnet