[Detnet] Secdir last call review of draft-ietf-detnet-bounded-latency-08

Watson Ladd via Datatracker <noreply@ietf.org> Mon, 31 January 2022 01:29 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: detnet@ietf.org
Delivered-To: detnet@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B280D3A16B7; Sun, 30 Jan 2022 17:29:24 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Watson Ladd via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: detnet@ietf.org, draft-ietf-detnet-bounded-latency.all@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.44.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <164359256461.13046.3662935981665413488@ietfa.amsl.com>
Reply-To: Watson Ladd <watsonbladd@gmail.com>
Date: Sun, 30 Jan 2022 17:29:24 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/vqDqq80-fuwd0zlSZhMynxaeVX0>
Subject: [Detnet] Secdir last call review of draft-ietf-detnet-bounded-latency-08
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jan 2022 01:29:25 -0000

Reviewer: Watson Ladd
Review result: Has Issues

Dear fellow IETFers,

Alas I'm forced to put down draft-ietf-detnet-bounded-latency as having issues.
The vast majority of the draft is a detailed and readable description of how to
compute the resources required for a particular QoS. But unfortunately the
security concerns section has a paragraph about securing the reservations which
doesn't really seem relevant: it would seem to be relevant to the control plane
that does the reserving. At the same time a discussion of how an attacker might
be able to abuse the models presented in the document is lacking.

This is particularly important given that there can be very unintuitive global
effects from changes made to capacity on one node or link in a network.
Sincerely, Watson