Re: [Detnet] Alissa Cooper's Discuss on draft-ietf-detnet-architecture-11: (with DISCUSS and COMMENT)
Greg Mirsky <gregimirsky@gmail.com> Wed, 17 April 2019 01:29 UTC
Return-Path: <gregimirsky@gmail.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 569B112009A; Tue, 16 Apr 2019 18:29:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LDiBJ8RjQijk; Tue, 16 Apr 2019 18:29:23 -0700 (PDT)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90742120088; Tue, 16 Apr 2019 18:29:22 -0700 (PDT)
Received: by mail-lj1-x236.google.com with SMTP id f23so20879111ljc.0; Tue, 16 Apr 2019 18:29:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0bPfgkPsgartXtU7vGNXT6SqN/8hE0J9/h0Um19Yx+0=; b=anW2U4F39PD68l/OmYh78yBYCeoPAgp++d6ft1ZhgcXFk7ZH64Hx2b25UmTkY9MrKb 8NDmgf6P08ATkRmGIqgHn7dM/zGPGX0I9E5bL0zz9u7th+n0xc/FJhfQJQ/zusSWkXYy f3uA2oX3Ezil+NZ00vKTTRuOS93UuPWgZcFoFjVbsX7J5CUPBQSoUD+8gnIvo+KxAshV LX5byY1zQE3F9/mXoEy0nFmp469fLaFMS/Oy3dPkCWf1Zb9lKLedN7p5dbLiuuypqXdc cBUhigsCF+gBcjcEwTzH2XNewsfIm/pcPWVBp55/ukRv181WILZzy4/tvWXAbjF9dapO +TCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0bPfgkPsgartXtU7vGNXT6SqN/8hE0J9/h0Um19Yx+0=; b=TA3J4JV1957V8Mxne0bnCiwerrjod48yVbGU6hXbUh69z3KPXH2crp16KSYTbg9EPk ZhqrE2W7yS4PtT4187WoiqHn7P/D8z8NKnJSVMFs4r64bGvvEJVmyhXNEIRk5rcGgSwu g0t3Isgik9Fx5EJAARzWQckZwpcapxV9ehFWGakt8+5g5NXwqPIyqHw2G3VQHon/7LPR hhRmuki9ucXRc8g74bAEYeoYtT7OtNaxtN3h/fF0j5QaSPgKMNLtvKnLEtUp2qlNlb4Y 3PY3kJERtaYqmLbx7zX7vYMvpKZ0MR5JuWHJqmVl3xvpFiSxfuItc07h5v+NI/3R6gix UcYA==
X-Gm-Message-State: APjAAAXH+OKwIUJMhHwPxvldhfUVGRW9V+1YGYCV34exsWxK1G9rZu8i spW5QqSGXqZ7eTnq4dbUSIswRq23MZB/CGGPLCk=
X-Google-Smtp-Source: APXvYqxlomDpQrr7TQdn67lVqaOk1rPDXO4ydV6+XNexC1lgF+dYDOveYMX4ABuVQyjuiHYKTYilRHAnbyH6Mb8Mdk8=
X-Received: by 2002:a2e:542:: with SMTP id 63mr48050929ljf.144.1555464560532; Tue, 16 Apr 2019 18:29:20 -0700 (PDT)
MIME-Version: 1.0
References: <155067447797.31337.768983002923056061.idtracker@ietfa.amsl.com> <40b28261-5f04-7fcd-4f4f-ce243f32a808@labn.net> <1AA376D8-DE94-4FAF-B9D2-CC4E155CEC85@cooperw.in> <ec41b988-8f3c-4ae0-fc65-1269bf33f93e@labn.net> <b1c6345f-d3f1-735c-04cd-81c5a405ef11@ericsson.com> <0f7e2d9a-bf74-b5ea-6898-29ad2129a0c0@ericsson.com> <CCCB305C-257F-4436-8C6C-CAEBD2137B9D@cooperw.in>
In-Reply-To: <CCCB305C-257F-4436-8C6C-CAEBD2137B9D@cooperw.in>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Tue, 16 Apr 2019 18:29:10 -0700
Message-ID: <CA+RyBmWe-UT5fujK3y=C3HQGum=Cp338JueUFyNrdbMF0ZJhRA@mail.gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Cc: János Farkas <janos.farkas@ericsson.com>, draft-ietf-detnet-architecture@ietf.org, DetNet WG <detnet@ietf.org>, Lou Berger <lberger@labn.net>, IESG <iesg@ietf.org>, DetNet Chairs <detnet-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000975fd50586afd0df"
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/pvQ_rrObh4XFHqBRTJoV6Sf6ez0>
Subject: Re: [Detnet] Alissa Cooper's Discuss on draft-ietf-detnet-architecture-11: (with DISCUSS and COMMENT)
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2019 01:29:43 -0000
Hi Alisa, I agree with your observation that the reporting of the location of replication, duplicate elimination and the order preservation functions within a DetNet domain presents the new security concern and may be the threat to the privacy of data. To address your concern, may I propose the following text: To protect against unauthorized sources trying to obtain DetNet network information, e.g., location of replication, elimination, or packet order preservation functions, it is RECOMMENDED that DetNet implementations provide a means of checking the source addresses of queries against an access list before accepting them. We'll have a more detailed analysis of the new security threats possible resulting from specific to DetNet OAM functions in the DetNet OAM draft <https://datatracker.ietf.org/doc/draft-mirsky-detnet-oam/>. Best regards, Greg On Fri, Apr 12, 2019 at 10:08 AM Alissa Cooper <alissa@cooperw.in> wrote: > Hi János, > > > On Mar 25, 2019, at 12:16 PM, János Farkas <janos.farkas@ericsson.com> > wrote: > > Hi Alissa, > > We believe that we have addressed your comments in the most recent > revision: https://tools.ietf.org/html/draft-ietf-detnet-architecture-12. ( > https://mailarchive.ietf.org/arch/msg/detnet/utVL9ZVGcOeGtRIASRFx5WT_ErM) > > Please let us know what else you would like to see done before you clear > your DISCUSS. > > I/we would be happy to meet with you this week if there is anything you > would like to discuss. > > Regards, > Janos > > > On 2/26/2019 2:20 PM, János Farkas wrote: > > Hi Alissa, > > Thank you for your review! > > We can replace > "DetNet is provides a Quality of Service (QoS), and as such, does not > directly raise any new privacy considerations." > with > "DetNet provides a Quality of Service (QoS), and as such, is not expected > to > directly raise any new privacy considerations.” > > > I don’t understand why this is not expected. From what I can tell, the > architecture allows for the use off domain- or app-flow-specific IDs. These > seem like a new potential vector for tracking, and one that not every QoS > architecture requires. > > This edit also doesn’t seem to cover the potential for additional privacy > exposure implied by the discussion of OAM in Section 4.1.1: > > "OAM can involve specific tagging added in the packets for tracing > implementation or > > network configuration errors; traceability enables to find whether a > packet is a replica, which DetNet relay node performed the > replication, and which segment was intended for the replica. Active > and hybrid OAM methods require additional bandwidth to perform fault > management and performance monitoring of the DetNet domain. OAM may, > for instance, generate special test probes or add OAM information > into the data packet.” > > > Thanks, > > Alissa > > > > > I'm not sure what "references to new flow IDs and OAM tags should be > removed"? > > Could you point to the text that should be changed? > > Thank you! > Janos > > > On 2/20/2019 4:39 PM, Lou Berger wrote: > > > On 2/20/2019 10:25 AM, Alissa Cooper wrote: > > > > On Feb 20, 2019, at 7:17 AM, Lou Berger <lberger@labn.net> wrote: > > Hi Alissa, > > Thanks for the comments - see below. > > On 2/20/2019 9:54 AM, Alissa Cooper wrote: > > Alissa Cooper has entered the following ballot position for > draft-ietf-detnet-architecture-11: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-detnet-architecture/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > = Section 6 = > > "DetNet is provides a Quality of Service (QoS), and as such, does not > directly raise any new privacy considerations." > > This seems like a false statement given the possibility that DetNet may > require > novel flow IDs and OAM tags that create additional identification and > correlation risk beyond existing fields used to support QoS today. > > > Based on the other work in the WG, I think "is not expected" is more > accurate than "does not". This is based on the WG solutions for the DetNet > data plane using existing IP (v4 or 6) headers or MPLS labels for flow > identification. > > > If that is the case then the references to new flow IDs and OAM tags > should be removed from the architecture. > > sounds reasonable. Can you point to the specific offending text? > > Thanks, > > Lou > > > > Would changing to "is not expected" address your concern? > > > Combined with the above removals, that would work for me. > > Thanks, > Alissa > > > Thanks, > > Lou > > > > _______________________________________________ > detnet mailing listdetnet@ietf.orghttps://www.ietf.org/mailman/listinfo/detnet > > > > > _______________________________________________ > detnet mailing list > detnet@ietf.org > https://www.ietf.org/mailman/listinfo/detnet >
- [Detnet] Alissa Cooper's Discuss on draft-ietf-de… Alissa Cooper
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Lou Berger
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Alissa Cooper
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Lou Berger
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… János Farkas
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… János Farkas
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Alissa Cooper
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… János Farkas
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Greg Mirsky
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Stewart Bryant
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Alissa Cooper
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Black, David
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… János Farkas
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… János Farkas
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… Alissa Cooper
- Re: [Detnet] Alissa Cooper's Discuss on draft-iet… János Farkas