Re: [Detnet] WG Last Call: draft-ietf-detnet-security-09 - David Black's initial comments
Lou Berger <lberger@labn.net> Tue, 21 April 2020 23:30 UTC
Return-Path: <lberger@labn.net>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E21C3A0DE7 for <detnet@ietfa.amsl.com>; Tue, 21 Apr 2020 16:30:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=labn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a_qYo537ktju for <detnet@ietfa.amsl.com>; Tue, 21 Apr 2020 16:30:29 -0700 (PDT)
Received: from gproxy6-pub.mail.unifiedlayer.com (gproxy6-pub.mail.unifiedlayer.com [67.222.39.168]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C4B63A0DE5 for <detnet@ietf.org>; Tue, 21 Apr 2020 16:30:29 -0700 (PDT)
Received: from cmgw15.unifiedlayer.com (unknown [10.9.0.15]) by gproxy6.mail.unifiedlayer.com (Postfix) with ESMTP id CB8FC1E15B0 for <detnet@ietf.org>; Tue, 21 Apr 2020 17:30:28 -0600 (MDT)
Received: from box313.bluehost.com ([69.89.31.113]) by cmsmtp with ESMTP id R2LUj0dqmrO3uR2LUjgvja; Tue, 21 Apr 2020 17:30:28 -0600
X-Authority-Reason: nr=8
X-Authority-Analysis: v=2.3 cv=HIPt6Llv c=1 sm=1 tr=0 a=h1BC+oY+fLhyFmnTBx92Jg==:117 a=h1BC+oY+fLhyFmnTBx92Jg==:17 a=dLZJa+xiwSxG16/P+YVxDGlgEgI=:19 a=kj9zAlcOel0A:10:nop_charset_1 a=cl8xLZFz6L8A:10:nop_rcvd_month_year a=Vy_oeq2dmq0A:10:endurance_base64_authed_username_1 a=iLNU1ar6AAAA:8 a=48vgC7mUAAAA:8 a=FIZfYQ5awjDueuGHrX4A:9 a=CjuIK1q_8ugA:10:nop_charset_2 a=w1C3t2QeGrPiZgrLijVG:22
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Subject: References:In-Reply-To:Message-ID:Date:To:From:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=KQ3L3EsfV9e2BmskptV2iWElEN+7Le5KvE7LCdeqyyk=; b=uoN3IZVIQ7hPoGgdLd+UV7jaXU aoHWqkUlbJU4FuhW1C0P5hSm/UcN30vSi6QjiUaWr1pDMExDUbKI0FZAY8puGjXb1KFY7Mk+DNLTW Wx8RyesTWUI9++a6DLV9hgH3R;
Received: from pool-72-66-11-201.washdc.fios.verizon.net ([72.66.11.201]:43384 helo=[11.5.0.140]) by box313.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from <lberger@labn.net>) id 1jR2LU-0031f5-Dc; Tue, 21 Apr 2020 17:30:28 -0600
From: Lou Berger <lberger@labn.net>
To: "Black, David" <David.Black@dell.com>, DetNet WG <detnet@ietf.org>
Date: Tue, 21 Apr 2020 19:30:28 -0400
Message-ID: <1719f141e20.277b.9b4188e636579690ba6c69f2c8a0f1fd@labn.net>
In-Reply-To: <MN2PR19MB4045021D3B08F605104933BF83D50@MN2PR19MB4045.namprd19.prod.outlook.com>
References: <MN2PR19MB4045021D3B08F605104933BF83D50@MN2PR19MB4045.namprd19.prod.outlook.com>
User-Agent: AquaMail/1.23.0-1556 (build: 102300002)
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="us-ascii"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box313.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - labn.net
X-BWhitelist: no
X-Source-IP: 72.66.11.201
X-Source-L: No
X-Exim-ID: 1jR2LU-0031f5-Dc
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: pool-72-66-11-201.washdc.fios.verizon.net ([11.5.0.140]) [72.66.11.201]:43384
X-Source-Auth: lberger@labn.net
X-Email-Count: 1
X-Source-Cap: bGFibm1vYmk7bGFibm1vYmk7Ym94MzEzLmJsdWVob3N0LmNvbQ==
X-Local-Domain: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/vslsmK3e_2OBSMm7XVz5BBaiYN4>
Subject: Re: [Detnet] WG Last Call: draft-ietf-detnet-security-09 - David Black's initial comments
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2020 23:30:34 -0000
Hi David, ---------- On April 21, 2020 7:05:49 PM "Black, David" <David.Black@dell.com> wrote: > Hi Lou, > >> The working group last call ends on April 4. >> Please send your comments to the working group mailing list. > > Surely May 4 was intended ... as a WG chair, I've been there ... and been > off by much more than one month :-). > Correct - others pointed it out too:-) I'll leave the rest of your comments to the authors... Cheers Lou > Here are some initial relatively high-level comments (I may have more to > add after a detailed read): > > [1-Editorial] The relationship to RFC 7384 deserves more mention. A > statement towards the end of the introduction to indicate that the threat > model and the structure of at least the threat analysis are similar because > of the importance of time to the security of both time protocols and DetNet > would be good to add. > > [2-Minor] In section 4, I suggest removing the discussion of Effects and > the Effects rows in the table, as they don't appear to play much of a role > in the draft. > > [3-Editorial] This draft uses a lot of internal cross references to other > sections, e.g., in the Related Attacks discussions in section 5. It would > be helpful to the reader to include section names and/or short description > of the contents of the referenced section with each cross reference. > > [4-Minor] Sections 5.1 and 5.2 should state that path replication and > elimination are not available in the IP data plane > > [5-Major] Section 5.8 seems incomplete. It contains a sizeable summary > table of attacks, impacts and mitigations, but doesn't provide > recommendations on what to do. Scanning the mitigations column, a good > start would be to characterize control message protection and performance > analytics as [MUST implement, SHOULD use] and the combination of DetNet > authentication and integrity protection as [MUST implement, MAY use]. > Both "MUST" requirements are my initial take that I'd be happy to discuss > further. > > [6-Major] Section 7.1 on the IP data plane seems rather weak - I'm not sure > whether it says anything that's seriously useful. Section 7.2 on the MPLS > data plane is much better in directing the reader to relevant security > considerations in other documents. > > Thanks, --David > >> -----Original Message----- >> From: detnet <detnet-bounces@ietf.org> On Behalf Of Lou Berger >> Sent: Monday, April 20, 2020 11:01 AM >> To: DetNet WG >> Subject: [Detnet] WG Last Call: draft-ietf-detnet-security-09 >> >> >> [EXTERNAL EMAIL] >> >> All, >> >> This starts a two-week working group last call for >> draft-ietf-detnet-security-09 >> >> The working group last call ends on April 4. >> Please send your comments to the working group mailing list. >> >> Positive comments, e.g., "I've reviewed this document >> and believe it is ready for publication", are welcome! >> This is useful and important, even from authors. >> >> Thank you, >> Lou (DetNet Co-Chair & doc Shepherd) >> >> _______________________________________________ >> detnet mailing list >> detnet@ietf.org >> https://www.ietf.org/mailman/listinfo/detnet > > _______________________________________________ > detnet mailing list > detnet@ietf.org > https://www.ietf.org/mailman/listinfo/detnet >
- [Detnet] WG Last Call: draft-ietf-detnet-security… Black, David
- Re: [Detnet] WG Last Call: draft-ietf-detnet-secu… Lou Berger
- Re: [Detnet] WG Last Call: draft-ietf-detnet-secu… Grossman, Ethan A.
- Re: [Detnet] WG Last Call: draft-ietf-detnet-secu… Black, David