Re: [Detnet] Secdir last call review of draft-ietf-detnet-bounded-latency-08

Mohammadpour Ehsan <> Wed, 16 February 2022 09:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A92EE3A0CFE for <>; Wed, 16 Feb 2022 01:31:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id F2qwFhzutM7U for <>; Wed, 16 Feb 2022 01:31:14 -0800 (PST)
Received: from ( [IPv6:2001:620:618:1e0:1:80b2:e034:1]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C68BF3A0CDD for <>; Wed, 16 Feb 2022 01:31:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=epfl; t=1645003868; h=From:To:CC:Subject:Date:Message-ID:Content-Type:MIME-Version; bh=PLMuWQVAljlEAXERtG6O7k/+1KUj9TNgdEuyvLwD/GY=; b=mq4C3FEgvVLUUCGxIZN3OJ1z8qX5J44SWQsCxdVO9MIAKq2WQD8BP0GlSWLOzzWSr ji2ipYIfd9S1UJX4xbRlYwQki0wdxp9fRurQSVCUizq3+r1iF1tz2B3IPTv9AYIMF EMjcAfftn43rijp3mTlAnZNx2557+z4zkWZ8EWTo0=
Received: (qmail 7459 invoked by uid 107); 16 Feb 2022 09:31:08 -0000
Received: from (HELO ( (TLS, ECDHE-RSA-AES256-GCM-SHA384 (X25519 curve) cipher) by (AngelmatoPhylax SMTP proxy) with ESMTPS; Wed, 16 Feb 2022 10:31:08 +0100
X-EPFL-Auth: ChiTjig/1nrDVI4nqge2ismk1jUImHrXM36ogFxJSFIlnLHe2XM=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.18; Wed, 16 Feb 2022 10:31:08 +0100
Received: from ([fe80::ddaf:e0cc:a2d6:4aaf]) by ([fe80::ddaf:e0cc:a2d6:4aaf%3]) with mapi id 15.01.2375.018; Wed, 16 Feb 2022 10:31:08 +0100
From: Mohammadpour Ehsan <>
To: Watson Ladd <>
CC: "" <>, "" <>, "" <>, "" <>
Thread-Topic: Secdir last call review of draft-ietf-detnet-bounded-latency-08
Thread-Index: AQHYFkH/2ASreex3aEmk3R9DC2PWFKyV8pMA
Date: Wed, 16 Feb 2022 09:31:08 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US, fr-CH
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_0D2CDDB58BDF484CA154554EDAD1C85Depflch_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Detnet] Secdir last call review of draft-ietf-detnet-bounded-latency-08
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 16 Feb 2022 09:31:19 -0000

Dear Watson,

Thank you very much for your comments. We have modified the “Security Consideration” section; specifically, we added potential attack scenarios on the model presented in the draft. You can find the new version of the draft in:

as well as the difference between the new version and the previous version in:


Ehsan Mohammadpour
PhD candidate at Swiss Federal Institute of Technology (EPFL)
IC IINFCOM, LCA2, INF 011, Station 14, 1015 Lausanne, Switzerland

On 31 Jan 2022, at 02:29, Watson Ladd via Datatracker <<>> wrote:

Reviewer: Watson Ladd
Review result: Has Issues

Dear fellow IETFers,

Alas I'm forced to put down draft-ietf-detnet-bounded-latency as having issues.
The vast majority of the draft is a detailed and readable description of how to
compute the resources required for a particular QoS. But unfortunately the
security concerns section has a paragraph about securing the reservations which
doesn't really seem relevant: it would seem to be relevant to the control plane
that does the reserving. At the same time a discussion of how an attacker might
be able to abuse the models presented in the document is lacking.

This is particularly important given that there can be very unintuitive global
effects from changes made to capacity on one node or link in a network.
Sincerely, Watson