Re: [Detnet] I-D Action: draft-ietf-detnet-security-04.txt
"Grossman, Ethan A." <eagros@dolby.com> Sun, 03 March 2019 01:24 UTC
Return-Path: <eagros@dolby.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 666061200D8 for <detnet@ietfa.amsl.com>; Sat, 2 Mar 2019 17:24:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dolby.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5it-vrY3U4Re for <detnet@ietfa.amsl.com>; Sat, 2 Mar 2019 17:24:30 -0800 (PST)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-eopbgr780100.outbound.protection.outlook.com [40.107.78.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04176124B0C for <detnet@ietf.org>; Sat, 2 Mar 2019 17:24:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dolby.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HhesrYDR6xtLzJltmgTgW96rCkORDnTvSfEO5gNPiVc=; b=AJ8j28KZ5Rp6YCnchJ5wmwMuqrOqq92umZc0K6AjB4IHIl5vglYY3IVeCHHn02tvBt9iPsUgkviISpkKmDsRvjiT3FbdTKz7O2wd2yODRj/1bZpgCTgSUmALeVaVmeGuXtAWNSkM8d4HZe41++yo3FCxp8ACZ/AdQEYnO4iFa2g=
Received: from BYAPR06MB4325.namprd06.prod.outlook.com (52.135.240.140) by BYAPR06MB3861.namprd06.prod.outlook.com (52.135.197.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.19; Sun, 3 Mar 2019 01:24:26 +0000
Received: from BYAPR06MB4325.namprd06.prod.outlook.com ([fe80::a55b:5609:ca77:6500]) by BYAPR06MB4325.namprd06.prod.outlook.com ([fe80::a55b:5609:ca77:6500%6]) with mapi id 15.20.1643.022; Sun, 3 Mar 2019 01:24:26 +0000
From: "Grossman, Ethan A." <eagros@dolby.com>
To: "detnet@ietf.org" <detnet@ietf.org>
Thread-Topic: [Detnet] I-D Action: draft-ietf-detnet-security-04.txt
Thread-Index: AQHU0V3y1bXIqVW8QkS0r1168oFHIqX5GVQg
Date: Sun, 03 Mar 2019 01:24:26 +0000
Message-ID: <BYAPR06MB43258A8416B252A504B76EE4C4700@BYAPR06MB4325.namprd06.prod.outlook.com>
References: <155157544420.27185.10498779285399131382@ietfa.amsl.com>
In-Reply-To: <155157544420.27185.10498779285399131382@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-dg-ref: PG1ldGE+PGF0IG5tPSJib2R5LnR4dCIgcD0iYzpcdXNlcnNcZWFncm9zXGFwcGRhdGFccm9hbWluZ1wwOWQ4NDliNi0zMmQzLTRhNDAtODVlZS02Yjg0YmEyOWUzNWJcbXNnc1xtc2ctMTQyNWU0NDktM2Q1My0xMWU5LWFlM2MtYWNiYzMyN2E1MWM2XGFtZS10ZXN0XDE0MjVlNDRiLTNkNTMtMTFlOS1hZTNjLWFjYmMzMjdhNTFjNmJvZHkudHh0IiBzej0iNDAwMiIgdD0iMTMxOTYwNDk4NjUxMjc0MjcyIiBoPSJWMW9zTjhnb2hFLzNjM05QK0lvLzgvb0FNYnc9IiBpZD0iIiBibD0iMCIgYm89IjEiLz48L21ldGE+
authentication-results: spf=none (sender IP is ) smtp.mailfrom=eagros@dolby.com;
x-originating-ip: [73.162.193.175]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 996da5c8-1f67-4c8c-e18b-08d69f76f9db
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:BYAPR06MB3861;
x-ms-traffictypediagnostic: BYAPR06MB3861:
x-ms-exchange-purlcount: 5
x-microsoft-exchange-diagnostics: 1; BYAPR06MB3861; 23:8UtR74sI0srahGafQjc6fOZZzSPHbx8Xu0cj0vwBxJ5nPQz+90NMKO/Ct3L8vNkx0jj52fVvpA3WAh9Qn/n6oAnoP926Xs1wgrxP6HGWkehbqFw4303xjLpsyUwCVl3mRJzH44YCFEc+YSmlxkQASdAPDD9GsfZ9eaDbNb8QYDVAdAlOWsEb1eMYjmF6nSFt4PxuavYbL10vZQRpthrdPvZ1SNmn2+nOAaiUSmu2Yx3Ndjr0xTLYqr5Od14CC+XIHp2Ob1E+6YS8jrYihruAzcoePNea+fjhRWi84NeBiXtxDDhEZg+ZEK5oQuqepgJmMKFZezpjHd+MJ4DXgxHIf0NuLxasntawEEimcKokhPwaQQrCgJABUg5nJvNt1zhB3KA+eC8/jeUAbpZ9aRvkOl+ZUB05cKsbTQEPERK7ESXIgJCZKQVE8XuLMT87pkHY1vCv0X1xA6aRz7bJBvauR5bs3w1YXq9ru3a9iee7btOeh+wGoJPystRcKmEeMVmKlqI4CCps9mBLFDS+Y0UCuRNkM4jTqIy1Y7hxxTURljVpj0DGYYVe9CaOrEI3PxyWLNey/5SVQgpIadttqtH7Ehq01eDvWBCFITDXuAuT35LMuZn7E7aZe9NGvarotohn210tHZSvF7nKHt9ZadxtK3mLffW79kd8S8Wb9q9GbJUnnBqrGJ0iL+pvBPlj3B7HFwwn1Fk+LpGAVJeQiS0Es48IpUgao1vbD4KbodIY1DCch95QbWiDE6jXdHgAo5EvIpz0VbCSLlf3JauAP/pD3iUuw5SoSJaM69Nhbluj0DDGN26Zt4DpcSMQHYA5LlfeDa+SY5Binhm5TjDsiBJqTaMYmU0qm9IRqvv+wbNdH6oeDKG/lJ3wxEV2a/uEihmQQQ7Z2yfdBG6IRlzYuxXoPF4EtZTLAdV4BmupgIoXqdquuLPkPjOOxaL7lF//AqiVKiMbD0GqoQFdCOszk3+EEzk1m3RMc+OZMux1E69XFu6dxMELiA1TE8Yalv3urnq0lG0B2hhkWRerJJcj8cqdGj4QFsILgxDj2j/xkGCO2NhpG9BdKLe3JWAmsFkBQD/3Z+uIG+V4nroVIEJALxnoS8pjsb08jR0/L6DFGMdO+8jdMI152uth/hksqqusgWpHb/GSuQWFwn8TvknaBf2xtkc6Abh0ebgEbt2L2Nxk6NV3QDj3aaaCiEgQw/TfF0uUJoSshLyJJdTk9QKhErnau+r20fieYkk+t/vD0UL77FhmSjXua3CQrCMTDSNYVwq9oiZbnJSNNxGEZUv97CMmRtVsaR1Imz+J4FrpohfOm4LqjJcO39PdJHyq54MM62pifPWaviFlvbHgVTTRkJjqUoVaIDej3G+DU7L86QSUmWpn8gEAgp5UvyYVdoXuVSocU4sxC1cpfU+S+7Kdvepndw==
x-microsoft-antispam-prvs: <BYAPR06MB38618D7BFCBDF6336DBC1972C4700@BYAPR06MB3861.namprd06.prod.outlook.com>
x-forefront-prvs: 096507C068
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39850400004)(136003)(396003)(366004)(346002)(376002)(13464003)(199004)(53754006)(189003)(8676002)(2906002)(2501003)(86362001)(52536013)(2351001)(105586002)(81156014)(81166006)(7736002)(26005)(106356001)(229853002)(66066001)(66574012)(68736007)(76176011)(316002)(5660300002)(8936002)(53936002)(14454004)(256004)(97736004)(15650500001)(99286004)(55016002)(33656002)(14444005)(6916009)(305945005)(74316002)(3846002)(5640700003)(6116002)(6436002)(966005)(7696005)(9686003)(6246003)(6506007)(486006)(476003)(186003)(6306002)(71200400001)(71190400001)(25786009)(478600001)(102836004)(446003)(53546011)(11346002)(1730700003); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR06MB3861; H:BYAPR06MB4325.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: dolby.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: vINVU9RO5zhiIsjRxFA56i+DDQkyIf8EloLfWBRdHY4YzwXxT6ypsZWb3Ds9z0yumrIxJmuHF+4Kk6aVrkzLJLxqgO5e6qEKPI9811WsLP+KlJJoLBrJuLX+msLxsGIy5O8NL1TUiRmZReK5WSLj50ByQISUjUObrE14SbTRHn2gmelvOoC0x447BJKeAJaI/xsvSkXLfMkq9jhyUEHpsCmNvHXQbFtUMIXdlR7yRniSPNDsJ6HqrQWFsJU8gsHtxDCM52Kspx0YvU2IR7m2qs72A1E4VBxTBQxZi29S/AA0BsM+g9vmotO73IAqmZ6AwIVq5qDYLavEOqHSyehbbYZjLQC+UlFTtfK4t4+AyrbzSrKQXwo/4CI5OD3Ta1v/6PIBorRvGGtwuud2uTbCXL/9oVu37QL87OmxgChQhtQ=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: dolby.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 996da5c8-1f67-4c8c-e18b-08d69f76f9db
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Mar 2019 01:24:26.4636 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 05408d25-cd0d-40c8-8962-5462de64a318
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR06MB3861
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/9p5iUtRruwQB7dJ7MoVL-MYk0-4>
Subject: Re: [Detnet] I-D Action: draft-ietf-detnet-security-04.txt
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Mar 2019 01:24:32 -0000
Hi All, This update incorporates the discussion from the list regarding timing considerations in the use of Encryption in DetNet networks, plus a few other small items. These are minor changes, so this notice constitutes the status update for the DetNet Security Considerations draft for IETF 104. Having said that, there has been discussion recently about the degree to which the DetNet Architecture should include specific security expectations for any DetNet system, regardless of the use case for that system. My intent is to convene a side-meeting at IETF 104 on DetNet security topics in general, including this one. If those of you who will be attending have any interest in this, please let me know. Thanks, Ethan (as DetNet Security Draft editor) -----Original Message----- From: detnet <detnet-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org Sent: Saturday, March 02, 2019 5:11 PM To: i-d-announce@ietf.org Cc: detnet@ietf.org Subject: [Detnet] I-D Action: draft-ietf-detnet-security-04.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Deterministic Networking WG of the IETF. Title : Deterministic Networking (DetNet) Security Considerations Authors : Tal Mizrahi Ethan Grossman Andrew J. Hacker Subir Das John Dowdell Henrik Austad Kevin Stanton Norman Finn Filename : draft-ietf-detnet-security-04.txt Pages : 41 Date : 2019-03-02 Abstract: A deterministic network is one that can carry data flows for real- time applications with extremely low data loss rates and bounded latency. Deterministic networks have been successfully deployed in real-time operational technology (OT) applications for some years (for example [ARINC664P7]). However, such networks are typically isolated from external access, and thus the security threat from external attackers is low. IETF Deterministic Networking (DetNet) specifies a set of technologies that enable creation of deterministic networks on IP-based networks of potentially wide area (on the scale of a corporate network) potentially bringing the OT network into contact with Information Technology (IT) traffic and security threats that lie outside of a tightly controlled and bounded area (such as the internals of an aircraft). These DetNet technologies have not previously been deployed together on a wide area IP-based network, and thus can present security considerations that may be new to IP- based wide area network designers. This draft, intended for use by DetNet network designers, provides insight into these security considerations. In addition, this draft collects all security- related statements from the various DetNet drafts (Architecture, Use Cases, etc) into a single location Section 7. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-detnet-security/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-detnet-security-04 https://datatracker.ietf.org/doc/html/draft-ietf-detnet-security-04 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-detnet-security-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ detnet mailing list detnet@ietf.org https://www.ietf.org/mailman/listinfo/detnet
- [Detnet] I-D Action: draft-ietf-detnet-security-0… internet-drafts
- Re: [Detnet] I-D Action: draft-ietf-detnet-securi… Grossman, Ethan A.