[Detnet] DetNet Use Cases comment - time properties of cryptographic algorithms used to verify traffic
"Grossman, Ethan A." <eagros@dolby.com> Thu, 20 December 2018 00:42 UTC
Return-Path: <eagros@dolby.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E24B312D7EA for <detnet@ietfa.amsl.com>; Wed, 19 Dec 2018 16:42:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dolby.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eiLhocHi5tRn for <detnet@ietfa.amsl.com>; Wed, 19 Dec 2018 16:42:22 -0800 (PST)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-eopbgr810137.outbound.protection.outlook.com [40.107.81.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09189129AB8 for <detnet@ietf.org>; Wed, 19 Dec 2018 16:42:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dolby.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k3t6WlpJRJIE60S9I0dlHopisNZuKYhGMheTq4mmai4=; b=BZh8PT7rKe0Z3QrFj5IAB8XL6/YWcyKIZuX31ZHG3x1IhcRdLGBZf/sH5UGskJoxWQGutBvr12iGsxMDAxfM1hYWqfxyfB97gkUhk7UR2us8ijnkoD9CaEKdkRpHz/Ejo1tJ7uN8j1isFXPqLhdnNBm6+bNDRgtFAd+t4gErIzM=
Received: from BY1PR0601MB1403.namprd06.prod.outlook.com (10.162.111.157) by BY1PR0601MB1079.namprd06.prod.outlook.com (10.160.195.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1425.22; Thu, 20 Dec 2018 00:42:19 +0000
Received: from BY1PR0601MB1403.namprd06.prod.outlook.com ([fe80::b186:9ea8:15ee:654e]) by BY1PR0601MB1403.namprd06.prod.outlook.com ([fe80::b186:9ea8:15ee:654e%2]) with mapi id 15.20.1446.018; Thu, 20 Dec 2018 00:42:19 +0000
From: "Grossman, Ethan A." <eagros@dolby.com>
To: "detnet@ietf.org" <detnet@ietf.org>
CC: "ekr@rtfm.com" <ekr@rtfm.com>
Thread-Topic: DetNet Use Cases comment - time properties of cryptographic algorithms used to verify traffic
Thread-Index: AdSX+/sLTp7DPyO1QkG1vyM68OeTlQ==
Date: Thu, 20 Dec 2018 00:42:19 +0000
Message-ID: <BY1PR0601MB1403A041DF88D362261DA127C4BF0@BY1PR0601MB1403.namprd06.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-dg-ref: PG1ldGE+PGF0IG5tPSJib2R5Lmh0bWwiIHA9ImM6XHVzZXJzXGVhZ3Jvc1xhcHBkYXRhXHJvYW1pbmdcMDlkODQ5YjYtMzJkMy00YTQwLTg1ZWUtNmI4NGJhMjllMzViXG1zZ3NcbXNnLTE5ZjAzNzkxLTAzZjAtMTFlOS04MjA5LWFjYmMzMjdhNTFjNlxhbWUtdGVzdFwxOWYwMzc5Mi0wM2YwLTExZTktODIwOS1hY2JjMzI3YTUxYzZib2R5Lmh0bWwiIHN6PSI2MTU3IiB0PSIxMzE4OTc0MDEzODQzMTk0NDYiIGg9IjM5UE9CMnQ4a3pud3M3RGxQR2JSczhFUFZxbz0iIGlkPSIiIGJsPSIwIiBibz0iMSIvPjwvbWV0YT4=
authentication-results: spf=none (sender IP is ) smtp.mailfrom=eagros@dolby.com;
x-originating-ip: [8.39.141.5]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BY1PR0601MB1079; 6:z+tj8xQgZKy0xy4y1nTUILKpxV+S5uGu0BMakZhOLz92MfjGgqeDoiCvPfjsXtfBVjgO2Z0PQ+4zYyOd1C9Jzl5kqJquzcjSvDzyaGqH96du9j9Ff7oTFW+bWBTM/kd1BrHFSd3038dm+peV3oSEp3NolK5F+nihCkoK9F7mtgxIasoE3RqiG4cF+BXGIaqDOBKD+R1vkOp/IqtqM9iRIwt2hTsj7yFrLMsUkD/bm6c64fx/91jtO1gHva4stdRJoEmdRyfg32my3mENkatA+eBGECPLjDZWEFs3fOQC87jlgwbVLHtmF7MzeEvNYlv5mQ7uSAMCo1cBczSsbd8CzrPGOW5Mhm4xrtUuegnLDfGcXiNUBT3mFZCfDTdriYeNjAqIthyo1PNyygVnE57fBPTxBHZgtwgsOdGs3FECwsLNHn0bFOMlS7e2HDrfiKfwVAPN9vbwZpn0wxWtVw37YQ==; 5:+V3Nd5lMdXKAEy84TeNIgN7KkRCKdSaeAKmhsED3C+IDN+HLggTNC8nx2dCGNAf4r0PC2uopu6E0SDdiXUotDFN3N5q26a0iXOBQwmYSqZ+s77zK8HFGcarDSqthiHXRTKa2NGIS4zooL45lHEuFhnJLLLEt3zTvvYoFxK0gXJM=; 7:fkKhoVZE5PWhSh3DgyQjydHf1WRXa+qP94QP2AyUB0TI9rCPrhYackonMRPhqyMgVRIMVpOl1ukvD62JSnGlStQmTO5HCzPJ42PXxgXWxNYBt7TbJwQ1xVD8ajgO9y0f+VpX3ijhlZXvvNg14ZxDzg==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: ee9461d6-01ea-494e-c0e4-08d66613ff5e
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:BY1PR0601MB1079;
x-ms-traffictypediagnostic: BY1PR0601MB1079:
x-microsoft-antispam-prvs: <BY1PR0601MB10792EDD29135D5D38A565B8C4BF0@BY1PR0601MB1079.namprd06.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(3230021)(999002)(5005026)(6040522)(2401047)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231475)(944501520)(52105112)(149066)(150057)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123564045)(20161123558120)(201708071742011)(7699051)(76991095); SRVR:BY1PR0601MB1079; BCL:0; PCL:0; RULEID:; SRVR:BY1PR0601MB1079;
x-forefront-prvs: 0892FA9A88
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(136003)(39860400002)(376002)(346002)(199004)(189003)(53754006)(5660300001)(8936002)(7736002)(7696005)(25786009)(55016002)(86362001)(102836004)(6306002)(15650500001)(97736004)(6436002)(9686003)(476003)(6506007)(14444005)(54896002)(256004)(186003)(486006)(2906002)(14454004)(2501003)(105586002)(5640700003)(9326002)(106356001)(2351001)(71200400001)(71190400001)(10710500007)(3846002)(316002)(790700001)(6116002)(2420400007)(4326008)(81156014)(74316002)(1730700003)(81166006)(33656002)(7110500001)(68736007)(53936002)(478600001)(26005)(8676002)(66066001)(99286004)(6916009); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR0601MB1079; H:BY1PR0601MB1403.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: dolby.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: jTfAbE47yi0yBGngPlpgWTfdecAe92Azd4PKLhRFtLTPAxlzsUe98zYUJSSSXQVfJj8O+bFT5xHdKqTOd5VBT47sOGEWxLT5nwnWvaY9JcQu6lx9lHFRnnVAS8IPkCsbp7H/mHmOW5g4lS1lfK+lMwqwdMS2zpWQ+3Qm3spLDNr8dPeqzzMXPWkrz5bx+8PcMasCxzcYY31UhmGALa9yJUjrJ8I5Bj+AnLtCYxxklRv1t2h3ZMpo4M4/rBn/hDvrrnYTsuDzVQ/dRz481QBwLekPruYEoGdXyMxro+mzvKwhZEG+qOhzIpWtTvMXjXcK
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BY1PR0601MB1403A041DF88D362261DA127C4BF0BY1PR0601MB1403_"
MIME-Version: 1.0
X-OriginatorOrg: dolby.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ee9461d6-01ea-494e-c0e4-08d66613ff5e
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Dec 2018 00:42:19.2213 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 05408d25-cd0d-40c8-8962-5462de64a318
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0601MB1079
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/UTwNwXqTkArBkq2ppV5X6aw9O7U>
Subject: [Detnet] DetNet Use Cases comment - time properties of cryptographic algorithms used to verify traffic
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Dec 2018 00:42:25 -0000
Hi All, In going over the remaining IESG review comments, there is this question on Sec 11.5 (Security). I don't think it is worth holding up the Use Cases draft for, but it seems worth a conversation on the list. Text from Section 11.5: > addition to arriving with the data content as intended, the data must > also arrive at the expected time. This may present "new" security > challenges to implementers, and must be addressed accordingly. There > are other security implications, including (but not limited to) the > change in attack surface presented by packet replication and > elimination. Reviewer's Comment: Do these requirements impose new requirements on the cryptographic algorithms used to verify traffic? Ethan's thoughts: Good question, for example do such algorithms have deterministic execution times? Is there a large spread between best- and worst-case execution times? Is this a topic for the Security draft? The Architecture draft? Or is this a more general matter of network (or network silicon) design/implementation/performance, and thus doesn't get covered in DetNet drafts? --------------------------------------------------
- [Detnet] DetNet Use Cases comment - time properti… Grossman, Ethan A.
- Re: [Detnet] DetNet Use Cases comment - time prop… Black, David
- Re: [Detnet] DetNet Use Cases comment - time prop… Pascal Thubert (pthubert)
- Re: [Detnet] DetNet Use Cases comment - time prop… Eric Rescorla
- Re: [Detnet] DetNet Use Cases comment - time prop… Black, David
- Re: [Detnet] DetNet Use Cases comment - time prop… Black, David
- Re: [Detnet] DetNet Use Cases comment - time prop… Pascal Thubert (pthubert)
- Re: [Detnet] DetNet Use Cases comment - time prop… Grossman, Ethan A.
- Re: [Detnet] DetNet Use Cases comment - time prop… Norman Finn