[secdir] Secdir review of draft-ietf-detnet-tsn-vpn-over-mpls-05

Magnus Nyström <magnusn@gmail.com> Tue, 09 February 2021 07:26 UTC

Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70CDA3A11CA; Mon, 8 Feb 2021 23:26:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NPJhtZqgHsqG; Mon, 8 Feb 2021 23:26:33 -0800 (PST)
Received: from mail-il1-x134.google.com (mail-il1-x134.google.com [IPv6:2607:f8b0:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E24693A11C0; Mon, 8 Feb 2021 23:26:32 -0800 (PST)
Received: by mail-il1-x134.google.com with SMTP id a16so15229593ilq.5; Mon, 08 Feb 2021 23:26:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=70ASxyPI10GjeT+AgFIiUTYipRDJfGahcre7bjIvM2s=; b=QALnsAR3sViSZssW9EgAheaI9TjRllpZ1a4My3+77bVDdwPKWigESghYz5F9zpZXn4 2Dd9RCl/OIybihfJf1tPR3HnX3dYVAZUsAiaBbVdKKwrawJBs+ZgVeAYVYOylTFPGVP5 98C3dNYn7d2cEywHqcZk/OzQ5LeCmrxp0xqgkZwZkKA+6ChKlW5StrKX66Lx1GK3Z6zd Z9CqpgBFpDidY/Azpc5lt/5vk3OcNWuk66dke0Qweovq2nrODoS38Z5JxR/xZUV+TbX3 Cwmq/hagR+8iRWIphT/ufYRALdpEumpFaJPk+ABv14xsMkRWF4i0rmMQO9BPOciRCrdd KeZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=70ASxyPI10GjeT+AgFIiUTYipRDJfGahcre7bjIvM2s=; b=UL4BRH0XsK5vZaW4lx94EBlSmSyOjI0wjC78NaPHTcojarsyUr55g6UyGWc5uo1O0M +gWEuoCG0iybgInTr2W4NTjtfVnXHtEXMkT4XMERlfa+JWY5E960MjdzUOUJgqQBZw2m T74EpzO/m5tepHFCP9V/X/MnxKO0wyfgxfkvdj9u1Kc6oDqtlpNVJMwQTD91PXrejAZg LwP9T5goSBkEmodwLeq0N/WqIKdbZDGzpleGb6KuZG33+gHH8i7S0IlMqcxqIyu74o8q FzgMAuj4JFoYP/tR46JkmHRG8VuuujxuJmYOPoYws+u4DN1yt4cDaroESnoYc0Wum2Fb Hdnw==
X-Gm-Message-State: AOAM531fPv326gczX2vZh+9fxQ6P9gi5tlj4KyQ24NLNon5HEW+NCYdw h1rsIfEF2oclJKmaUihlC0K8A/ReuwolmY+H22APUtVJ
X-Google-Smtp-Source: ABdhPJw5ZA+NKMxptbjwgB7uOfVPC+BOCUxarDEttPLkvKwu661gmr2/xReL+jpKE012KWT3QLgNZZjBrB55X+mqIO8=
X-Received: by 2002:a05:6e02:96d:: with SMTP id q13mr18162883ilt.16.1612855591913; Mon, 08 Feb 2021 23:26:31 -0800 (PST)
MIME-Version: 1.0
References: <CADajj4ZQnWkjKdWpBgsB0oyX8_Kzj6HOL-Vkm=TrByBQMEJfPw@mail.gmail.com> <CADajj4bCTF5EeF6DZkCHpP0_GTnUYQtqa0OE3qf3Z5_AmKWfyA@mail.gmail.com> <CADajj4YxgdNXkWX7dLP0nBDWXLSKFa8M_KWWCPCgfCibYtWkAw@mail.gmail.com> <CADajj4Yw13QWbSqF_hd+P_fcNA4_YvdwqF=OgJ4pdS_1vrWphA@mail.gmail.com> <CADajj4Zw+Js8neUujMbekReVdMMFcz46NDwdHsMdWXob6Upc_w@mail.gmail.com> <CADajj4aoBaSYTFFnvAjcL7mTnfoUJOWzvve=NRhgB3qe5X8uWQ@mail.gmail.com>
In-Reply-To: <CADajj4aoBaSYTFFnvAjcL7mTnfoUJOWzvve=NRhgB3qe5X8uWQ@mail.gmail.com>
From: =?UTF-8?Q?Magnus_Nystr=C3=B6m?= <magnusn@gmail.com>
Date: Mon, 8 Feb 2021 23:26:23 -0800
Message-ID: <CADajj4ZTBoCHo2=RJhYFNMi+5L5JJwc_EqBkeyYUUfYsVk-vVw@mail.gmail.com>
To: draft-ietf-detnet-tsn-vpn-over-mpls@ietf.org, secdir@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a14be505bae23464"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/FPOfz_AUaPgx1dX9Rxc5ohBzONw>
Subject: [secdir] Secdir review of draft-ietf-detnet-tsn-vpn-over-mpls-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2021 07:26:35 -0000

 I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document describes a deterministic network data plane when
time-sensitive networks are interconnected.

The security considerations section seems adequate though the integration
of a protocol (TSN) on top of another protocol (DetNet/MPLS) sometimes can
yield new results so it is just a question to the authors if  no new
security consideration results from the application of TSN over DetNet/MPLS?

Editorial:

   - "TSN" is used as an acronym in the abstract as is DetNet (and MPLS,
   although that is perhaps more common knowledge). Would be goot to spell out
   these acronyms directly in the abstract.
   - Section 6, "challanges" -> "challenges"
   - Section 6, "are member" -> "are members"

Thanks,
-- Magnus