Re: [Detnet] Robert Wilton's No Objection on draft-ietf-detnet-security-13: (with COMMENT)
Ethan Grossman <ethan@ieee.org> Mon, 01 February 2021 19:53 UTC
Return-Path: <ethan@ieee.org>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2969D3A1456 for <detnet@ietfa.amsl.com>; Mon, 1 Feb 2021 11:53:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.349
X-Spam-Level:
X-Spam-Status: No, score=-2.349 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ieee.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qYJ5GM5baMYV for <detnet@ietfa.amsl.com>; Mon, 1 Feb 2021 11:53:37 -0800 (PST)
Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 332B23A145C for <detnet@ietf.org>; Mon, 1 Feb 2021 11:53:37 -0800 (PST)
Received: by mail-pf1-x436.google.com with SMTP id y205so12320992pfc.5 for <detnet@ietf.org>; Mon, 01 Feb 2021 11:53:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=reply-to:from:to:cc:references:in-reply-to:subject:date :organization:message-id:mime-version:content-transfer-encoding :thread-index:content-language; bh=KZ5z0qgMQ+FKuZbJ1rBk2ho4SU4MRgYgLoNzFNXb3zs=; b=Iqoh9rsxKLEKvKaTU3P0y8OS3tErWYbawKs8NDJCL6DrBKBi82CrRzn/76Vcl8NCZh OFVzWLgGszmdu6myyw/rilHnuR2YrlLiTRRX7hcDA9xDvMLgHpW547l1Kpyf2uh3j4JF ZtYNSKV6/Kp6bNM1ZJab/6FoVGZubc3ZQJcZ0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:from:to:cc:references:in-reply-to :subject:date:organization:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=KZ5z0qgMQ+FKuZbJ1rBk2ho4SU4MRgYgLoNzFNXb3zs=; b=jbCJrj6drdwOrlVkm32JRwe9AA5cPX8HmzEr52MW8ip3rDiCGKbAP07k43Z7Vpbscf zAllwLFEUCve6QeUCgAmCtLV3GVQp2o6dJZerfz92YOrF0R0KC6xVHlc81HqV3NzMZkC 2PwRqJ1bTzUqtX7gerWinUci0hxfpKOWbfpqJicUHhchWuXMqzTA/FW9YtbrJ/vG8ZGX jzd41h9herbbly10GYDKmHbJXyp8IBJ7PnLf41hiUr6BF+1u9U0+Wvjxw0puulxs/jdK 5JgXrsmfH0lAqL0GZ9CKOCBrgimVzpYJypyX799s++6w/OciqtFSfrKZlOOO1U9GalA4 nJtw==
X-Gm-Message-State: AOAM532Ds9e816L/yzwsppJEVcdxbkjVAHAxgMRMvSVzcOoAMnuE+tB3 +wxnAs6InHjfZtl0nGQBhctL+6trW6h9Cg==
X-Google-Smtp-Source: ABdhPJwYebJzB8I38vB7oVHZ16McBvBOt6I7/Ym2O5o24cBFwTMXmaqdPMfK5pcQ6dgb+rKu9YsTtA==
X-Received: by 2002:a63:fe13:: with SMTP id p19mr18525212pgh.119.1612209215951; Mon, 01 Feb 2021 11:53:35 -0800 (PST)
Received: from DESKTOPC435DDQ (99-46-181-151.lightspeed.sntcca.sbcglobal.net. [99.46.181.151]) by smtp.gmail.com with ESMTPSA id 72sm19250261pfw.170.2021.02.01.11.53.34 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 01 Feb 2021 11:53:34 -0800 (PST)
Reply-To: ethan@ieee.org
From: Ethan Grossman <ethan@ieee.org>
To: 'Robert Wilton' <rwilton@cisco.com>, 'The IESG' <iesg@ietf.org>
Cc: draft-ietf-detnet-security@ietf.org, detnet-chairs@ietf.org, detnet@ietf.org, 'Lou Berger' <lberger@labn.net>
References: <161002586274.24158.18234355864793174101@ietfa.amsl.com>
In-Reply-To: <161002586274.24158.18234355864793174101@ietfa.amsl.com>
Date: Mon, 01 Feb 2021 11:53:32 -0800
Organization: Coast Computer Design
Message-ID: <00ed01d6f8d3$ec27fd80$c477f880$@ieee.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQLGCT+RwoJcohklv5tD9tr1h9MQTqhllGNQ
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/mG4DVRspGVXY0t5247hhM_tofR0>
Subject: Re: [Detnet] Robert Wilton's No Objection on draft-ietf-detnet-security-13: (with COMMENT)
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2021 19:53:46 -0000
Hi Rob, Thank you for your review comments. Our dispositions of them are below, inline, prefixed with the individual author's name who addressed them (EAG (me) or Tal Mizrahi). We expect to publish a draft revision within a few days (14) which will include this new material. If you have any further thoughts on our dispositions or the draft in general, please don't hesitate to let us know. Sincerely, Ethan (as Editor, DetNet Security Considerations draft) -----Original Message----- From: Robert Wilton via Datatracker <noreply@ietf.org> Sent: Thursday, January 7, 2021 5:24 AM To: The IESG <iesg@ietf.org> Cc: draft-ietf-detnet-security@ietf.org; detnet-chairs@ietf.org; detnet@ietf.org; Lou Berger <lberger@labn.net>; lberger@labn.net Subject: Robert Wilton's No Objection on draft-ietf-detnet-security-13: (with COMMENT) Robert Wilton has entered the following ballot position for draft-ietf-detnet-security-13: No Objection ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- -----Original Message----- From: Robert Wilton via Datatracker <noreply@ietf.org> Sent: Thursday, January 7, 2021 5:24 AM To: The IESG <iesg@ietf.org> Cc: draft-ietf-detnet-security@ietf.org; detnet-chairs@ietf.org; detnet@ietf.org; Lou Berger <lberger@labn.net>; lberger@labn.net Subject: Robert Wilton's No Objection on draft-ietf-detnet-security-13: (with COMMENT) ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for this document. Sorry, I've run out time to review this in detail, although I don't immediately see any manageability concerns when I scanned through the document. A few minor comments for your consideration: 1) Perhaps it might be helpful to mention remind that DetNet isn't the same as TSN in the introduction? EAG: Added some text to clarify, including: "Data flows with deterministic properties are well-established for Ethernet networks (see TSN, <xref target="IEEE802.1BA"/>); DetNet brings these capabilities to the IP Network" I don't know if these are already covered, or if they are not valid problems, but I guess a couple of attacks that I would be concerned with are: (2) Overloading the exception path queue on the router. E.g., if any of the DetNet streams require/expect some packets to be punted to the control plane or software data plane for processing (OAM related perhaps), and there is a single queue from the forwarding ASIC to a control plane or software data plane, then it could be possible for Non Detnet flows to overload that shared queue such that punted packets on the DetNet flows would end up being dropped. (2b) Related to (2), if an attacker was able to overload the router or linecard CPU, e.g., through excessive management API requests, then it may be plausible that it could also cause control plane processing of packets to be dropped, or slowed down. (2c) If the control plane is being managed by a separate controller than presumably both (2) and (2b) could equally apply to getting traffic to a controller, or processing events on the controller. Tal: Added a slightly modified version of this text to Sec 5.2.3: <t>A specific example of a resource segmentation attack is by overloading the control plane of the DetNet node, e.g., by overloading the exception path queue on the router. Thus, if any of the DetNet streams require or expect some packets to be punted to the control plane or software data plane for processing, and there is a single queue from the forwarding ASIC to a control plane or software data plane, then it could be possible for non-DetNet flows to overload that shared queue such that punted packets on the DetNet flows would end up being dropped. It should be noted that various attacks directed at the control plane (either the CPU of the DetNet node or a network controller) can be used to compromise the network, but this document focuses on threats that are specific to deterministic networks.</t> (3) Is there any potential issue with traffic being carried over L2 load balanced links (e.g. LAG, Link Aggregation) that apply statistical QoS. E.g., by crafting traffic on a non DetNet flow that overloads one LAG member but doesn't overload the statistical QoS guarantees. Perhaps this is outside the considerations for DetNet, or already covered by TSN. EAG: This is indeed a valid concern; we have already addressed this in section 3.2. I'll leave it to the authors to determine whether any of these are valid and require further text, or if they are either already sufficiently covered, out of scope, or not valid concerns. Regards, Rob ========== END ===============
- [Detnet] Robert Wilton's No Objection on draft-ie… Robert Wilton via Datatracker
- Re: [Detnet] Robert Wilton's No Objection on draf… Ethan Grossman