IETF Logo Mail Archive

Re: [Detnet] Alissa Cooper's Discuss on draft-ietf-detnet-architecture-11: (with DISCUSS and COMMENT)

Greg Mirsky <gregimirsky@gmail.com> Wed, 17 April 2019 01:29 UTC

Return-Path: <gregimirsky@gmail.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 569B112009A; Tue, 16 Apr 2019 18:29:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LDiBJ8RjQijk; Tue, 16 Apr 2019 18:29:23 -0700 (PDT)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90742120088; Tue, 16 Apr 2019 18:29:22 -0700 (PDT)
Received: by mail-lj1-x236.google.com with SMTP id f23so20879111ljc.0; Tue, 16 Apr 2019 18:29:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0bPfgkPsgartXtU7vGNXT6SqN/8hE0J9/h0Um19Yx+0=; b=anW2U4F39PD68l/OmYh78yBYCeoPAgp++d6ft1ZhgcXFk7ZH64Hx2b25UmTkY9MrKb 8NDmgf6P08ATkRmGIqgHn7dM/zGPGX0I9E5bL0zz9u7th+n0xc/FJhfQJQ/zusSWkXYy f3uA2oX3Ezil+NZ00vKTTRuOS93UuPWgZcFoFjVbsX7J5CUPBQSoUD+8gnIvo+KxAshV LX5byY1zQE3F9/mXoEy0nFmp469fLaFMS/Oy3dPkCWf1Zb9lKLedN7p5dbLiuuypqXdc cBUhigsCF+gBcjcEwTzH2XNewsfIm/pcPWVBp55/ukRv181WILZzy4/tvWXAbjF9dapO +TCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0bPfgkPsgartXtU7vGNXT6SqN/8hE0J9/h0Um19Yx+0=; b=TA3J4JV1957V8Mxne0bnCiwerrjod48yVbGU6hXbUh69z3KPXH2crp16KSYTbg9EPk ZhqrE2W7yS4PtT4187WoiqHn7P/D8z8NKnJSVMFs4r64bGvvEJVmyhXNEIRk5rcGgSwu g0t3Isgik9Fx5EJAARzWQckZwpcapxV9ehFWGakt8+5g5NXwqPIyqHw2G3VQHon/7LPR hhRmuki9ucXRc8g74bAEYeoYtT7OtNaxtN3h/fF0j5QaSPgKMNLtvKnLEtUp2qlNlb4Y 3PY3kJERtaYqmLbx7zX7vYMvpKZ0MR5JuWHJqmVl3xvpFiSxfuItc07h5v+NI/3R6gix UcYA==
X-Gm-Message-State: APjAAAXH+OKwIUJMhHwPxvldhfUVGRW9V+1YGYCV34exsWxK1G9rZu8i spW5QqSGXqZ7eTnq4dbUSIswRq23MZB/CGGPLCk=
X-Google-Smtp-Source: APXvYqxlomDpQrr7TQdn67lVqaOk1rPDXO4ydV6+XNexC1lgF+dYDOveYMX4ABuVQyjuiHYKTYilRHAnbyH6Mb8Mdk8=
X-Received: by 2002:a2e:542:: with SMTP id 63mr48050929ljf.144.1555464560532; Tue, 16 Apr 2019 18:29:20 -0700 (PDT)
MIME-Version: 1.0
References: <155067447797.31337.768983002923056061.idtracker@ietfa.amsl.com> <40b28261-5f04-7fcd-4f4f-ce243f32a808@labn.net> <1AA376D8-DE94-4FAF-B9D2-CC4E155CEC85@cooperw.in> <ec41b988-8f3c-4ae0-fc65-1269bf33f93e@labn.net> <b1c6345f-d3f1-735c-04cd-81c5a405ef11@ericsson.com> <0f7e2d9a-bf74-b5ea-6898-29ad2129a0c0@ericsson.com> <CCCB305C-257F-4436-8C6C-CAEBD2137B9D@cooperw.in>
In-Reply-To: <CCCB305C-257F-4436-8C6C-CAEBD2137B9D@cooperw.in>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Tue, 16 Apr 2019 18:29:10 -0700
Message-ID: <CA+RyBmWe-UT5fujK3y=C3HQGum=Cp338JueUFyNrdbMF0ZJhRA@mail.gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Cc: János Farkas <janos.farkas@ericsson.com>, draft-ietf-detnet-architecture@ietf.org, DetNet WG <detnet@ietf.org>, Lou Berger <lberger@labn.net>, IESG <iesg@ietf.org>, DetNet Chairs <detnet-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000975fd50586afd0df"
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/pvQ_rrObh4XFHqBRTJoV6Sf6ez0>
Subject: Re: [Detnet] Alissa Cooper's Discuss on draft-ietf-detnet-architecture-11: (with DISCUSS and COMMENT)
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2019 01:29:43 -0000

Hi Alisa,
I agree with your observation that the reporting of the location of
replication, duplicate elimination and the order preservation functions
within a DetNet domain presents the new security concern and may be the
threat to the privacy of data. To address your concern, may I propose the
following text:
   To protect against unauthorized sources trying to obtain DetNet network
information,
   e.g., location of replication, elimination, or packet order preservation
functions,
   it is RECOMMENDED that DetNet implementations provide a means
   of checking the source addresses of queries against an access list
before accepting
   them.

We'll have a more detailed analysis of the new security threats possible
resulting from specific to DetNet OAM functions in the DetNet OAM draft
<https://datatracker.ietf.org/doc/draft-mirsky-detnet-oam/>.

Best regards,
Greg

On Fri, Apr 12, 2019 at 10:08 AM Alissa Cooper <alissa@cooperw.in> wrote:

> Hi János,
>
>
> On Mar 25, 2019, at 12:16 PM, János Farkas <janos.farkas@ericsson.com>
> wrote:
>
> Hi Alissa,
>
> We believe that we have addressed your comments in the most recent
> revision: https://tools.ietf.org/html/draft-ietf-detnet-architecture-12. (
> https://mailarchive.ietf.org/arch/msg/detnet/utVL9ZVGcOeGtRIASRFx5WT_ErM)
>
> Please let us know what else you would like to see done before you clear
> your DISCUSS.
>
> I/we would be happy to meet with you this week if there is anything you
> would like to discuss.
>
> Regards,
> Janos
>
>
> On 2/26/2019 2:20 PM, János Farkas wrote:
>
> Hi Alissa,
>
> Thank you for your review!
>
> We can replace
> "DetNet is provides a Quality of Service (QoS), and as such, does not
>    directly raise any new privacy considerations."
> with
> "DetNet provides a Quality of Service (QoS), and as such, is not expected
> to
>    directly raise any new privacy considerations.”
>
>
> I don’t understand why this is not expected. From what I can tell, the
> architecture allows for the use off domain- or app-flow-specific IDs. These
> seem like a new potential vector for tracking, and one that not every QoS
> architecture requires.
>
> This edit also doesn’t seem to cover the potential for additional privacy
> exposure implied by the discussion of OAM in Section 4.1.1:
>
> "OAM can involve specific tagging added in the packets for tracing
> implementation or
>
>    network configuration errors; traceability enables to find whether a
>    packet is a replica, which DetNet relay node performed the
>    replication, and which segment was intended for the replica.  Active
>    and hybrid OAM methods require additional bandwidth to perform fault
>    management and performance monitoring of the DetNet domain.  OAM may,
>    for instance, generate special test probes or add OAM information
>    into the data packet.”
>
>
> Thanks,
>
> Alissa
>
>
>
>
> I'm not sure what "references to new flow IDs and OAM tags should be
> removed"?
>
> Could you point to the text that should be changed?
>
> Thank you!
> Janos
>
>
> On 2/20/2019 4:39 PM, Lou Berger wrote:
>
>
> On 2/20/2019 10:25 AM, Alissa Cooper wrote:
>
>
>
> On Feb 20, 2019, at 7:17 AM, Lou Berger <lberger@labn.net> wrote:
>
> Hi Alissa,
>
> Thanks for the comments - see below.
>
> On 2/20/2019 9:54 AM, Alissa Cooper wrote:
>
> Alissa Cooper has entered the following ballot position for
> draft-ietf-detnet-architecture-11: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-detnet-architecture/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> = Section 6 =
>
> "DetNet is provides a Quality of Service (QoS), and as such, does not
>    directly raise any new privacy considerations."
>
> This seems like a false statement given the possibility that DetNet may
> require
> novel flow IDs and OAM tags that create additional identification and
> correlation risk beyond existing fields used to support QoS today.
>
>
> Based on the other work in the WG, I think "is not expected" is more
> accurate than "does not". This is based on the WG solutions for the DetNet
> data plane using existing IP (v4 or 6) headers or MPLS labels for flow
> identification.
>
>
> If that is the case then the references to new flow IDs and OAM tags
> should be removed from the architecture.
>
> sounds reasonable.  Can you point to the specific offending text?
>
> Thanks,
>
> Lou
>
>
>
> Would changing to "is not expected" address your concern?
>
>
> Combined with the above removals, that would work for me.
>
> Thanks,
> Alissa
>
>
> Thanks,
>
> Lou
>
>
>
> _______________________________________________
> detnet mailing listdetnet@ietf.orghttps://www.ietf.org/mailman/listinfo/detnet
>
>
>
>
> _______________________________________________
> detnet mailing list
> detnet@ietf.org
> https://www.ietf.org/mailman/listinfo/detnet
>

v2.23.0 | Report a Bug | By Email