[Detnet] Roman Danyliw's No Objection on draft-ietf-detnet-flow-information-model-13: (with COMMENT)

Roman Danyliw via Datatracker <noreply@ietf.org> Wed, 16 December 2020 18:26 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: detnet@ietf.org
Delivered-To: detnet@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 057743A0AD4; Wed, 16 Dec 2020 10:26:26 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-detnet-flow-information-model@ietf.org, detnet-chairs@ietf.org, detnet@ietf.org, Lou Berger <lberger@labn.net>, lberger@labn.net
X-Test-IDTracker: no
X-IETF-IDTracker: 7.23.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <160814318551.22947.10933170108069951354@ietfa.amsl.com>
Date: Wed, 16 Dec 2020 10:26:26 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/tUhg7-mtbheNt0rTXqUgQgvehb4>
Subject: [Detnet] Roman Danyliw's No Objection on draft-ietf-detnet-flow-information-model-13: (with COMMENT)
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2020 18:26:26 -0000

Roman Danyliw has entered the following ballot position for
draft-ietf-detnet-flow-information-model-13: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-detnet-flow-information-model/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you to Shawn Emery for the SECDIR review, and thank you for responding to
it.

** Editorially, the style by which info model elements are described is
different in Section 4 vs. 5.

** Editorially, the level of detail provided for the information elements seems
vary a bit.  For example, Section 5.5a describes a time interval in the with
Interval attribute of TrafficSpecification but provides no data type of units. 
On the other hand, Section 5.9.2 describes MaxLatency as being an integer (data
type) and unit (nanoseconds).

** Section 7.  What is an “information group”?

** Section 10
   The external interfaces of the DetNet domain need to be subject to
   appropriate confidentiality.  Additionally, knowledge of which flows/
   services are provided to a customer or delivered by a network
   operator may supply information that can be used in a variety of
   security attacks.  Security considerations for DetNet are described
   in detail in [I-D.ietf-detnet-security].  General security
   considerations are described in [RFC8655].  This document discusses
   modeling the information, not how it is exchanged.

-- Please clarify what is “appropriate confidentiality” and who determines that?

-- I didn’t follow why the external interface is such a key focus given the
contents of the detnet-security draft.

Perhaps something more streamline as (roughly) the following could work if that
meets the original intent:

NEW (Section 10)
This document describes an information model intended to principally describe
network configuration information.  Knowledge of which flows or services are
provided to a customer or delivered by a network operator can inform a variety
of attacks.

This information model will be instantiated with implementation level details
in a data model.  Such data models (e.g., draft-ietf-detnet-yang) will need to
address the security considerations for DetNet which are described in
[I-D.ietf-detnet-security].  General security considerations are described in
[RFC8655].