IETF Logo Mail Archive

Re: [secdir] [Detnet] Secdir last call review of draft-ietf-detnet-mpls-over-udp-ip-06

"Black, David" <David.Black@dell.com> Fri, 02 October 2020 15:40 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A49A13A165E; Fri, 2 Oct 2020 08:40:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com header.b=VKWw6SSX; dkim=pass (1024-bit key) header.d=dell.onmicrosoft.com header.b=i0weTgT6
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fshs-FI4iwCe; Fri, 2 Oct 2020 08:40:40 -0700 (PDT)
Received: from mx0b-00154904.pphosted.com (mx0b-00154904.pphosted.com [148.163.137.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEF2F3A165D; Fri, 2 Oct 2020 08:40:39 -0700 (PDT)
Received: from pps.filterd (m0170396.ppops.net [127.0.0.1]) by mx0b-00154904.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 092FMv0g006431; Fri, 2 Oct 2020 11:40:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=smtpout1; bh=pkJAj1lM5we2Ngw4ng6gvosTADuAwu/tRCCP8Y9OCGs=; b=VKWw6SSXrHXX/XmTP/Bu6zDssDk8xUFM14NKtQ5ZC0qGfysgIsHHX9xjcbdwMX/3Yj4l mAoMX1Db0oMAmwuJUlILqynW8qvhSr+CvWKQVc2IDFrR74CWEHIKtmgC1OwejIXWFBEJ 5aMiUD5ZI99vmtdhg+jBtXaKMI0CkVIr52waW+9qeo/s6WBxG7wub8HlgmqNUYTMahM0 RPbhb7azn5HuNP+sYf4r3oD6XrAZnF2x+idM42pizTBeElckeY2rxz1KUpnFKQgl4q2h PS+7BOKciRboVH/50u0LtpxT343BbPCGpAuPxKa25yyp7dqMNdx1ggsPDTHORUsLflLy RQ==
Received: from mx0a-00154901.pphosted.com (mx0a-00154901.pphosted.com [67.231.149.39]) by mx0b-00154904.pphosted.com with ESMTP id 33t1fyx6v1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 02 Oct 2020 11:40:34 -0400
Received: from pps.filterd (m0142699.ppops.net [127.0.0.1]) by mx0a-00154901.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 092FL8tB177606; Fri, 2 Oct 2020 11:40:33 -0400
Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2177.outbound.protection.outlook.com [104.47.59.177]) by mx0a-00154901.pphosted.com with ESMTP id 33x4catuh2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 02 Oct 2020 11:40:33 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=e6TQKqlCrJi24tbspWR2yDpLsupDAZ00oZHn+KP8tbV+xh9WljfTi/82/ZMgSqntBttLg6dV/YYNUghyaOtH40C1UWzLXokOQeeuVwOMbMkcaQqbHsCnDSKcQo3MXp0xwDT5fJPG//hOKMYRD68oKbnU1efM9fVX08G+mRUhJxKLZxzgQkmuZBnIOReTjUd6zDHunmSgBiMqyWcRpwLGm2vDcnI0r00F4+x8MZ7mX+zbuaj+xRqe2H1fQOuBLUzLEtQNUdYLr9vZ2jUNtSw5XUfzo3UOoCqN2UIfcYvMccqiu5XmVrEARG9u0xBpSEbY+bH2j5kyoHnxRp4BcRbFeQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pkJAj1lM5we2Ngw4ng6gvosTADuAwu/tRCCP8Y9OCGs=; b=AQewL/xBFWRSZWampWAv3IXISwgYimS4bQ3v4nAP6zqZu6fr5OUbG+seAQebRxi/x+4GvSimT/IE7QVC/TWco7rkJMWX2Z2JiUk3PN3G+R2GBEBr7o4fiBmXIzwY1po/2gkufeHh4RxBhHAXV18MI2WcODCxRP9ARfca0tX2QQeYWWoBgsR+pvW9GGgnrj+lKk1KZ70mEe5i8GKIYa9060bDeKfZJkQ5AwA9IxmmieLqTrbw2dkHS25UfDEy1g8YZzUFvaKKEkFfQSwwegrW00Fn6nd1ushgl/YY45+mMoPXiYKhXxsyh/kPQwnt2zJkM4YwsEscMjYPxTMEkyEfOQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dell.com; dmarc=pass action=none header.from=dell.com; dkim=pass header.d=dell.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Dell.onmicrosoft.com; s=selector1-Dell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pkJAj1lM5we2Ngw4ng6gvosTADuAwu/tRCCP8Y9OCGs=; b=i0weTgT6l+W5d2VMB6owZN3d6cX0txTlCX3RQIvWFlYck7GWTv/qvEt+gnyaVgKzaMjzOICLGHECwst2cTYAJk8OyasfopIxeTQXiE78THwkptWvcHoKH6+25cUprASRedm1HXX0nL1qX0Pkpyrln8JQEK+qbnERepk04EaHKQI=
Received: from MN2PR19MB4045.namprd19.prod.outlook.com (2603:10b6:208:1e4::9) by MN2PR19MB3933.namprd19.prod.outlook.com (2603:10b6:208:1e0::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.32; Fri, 2 Oct 2020 15:40:31 +0000
Received: from MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::b423:5f36:f591:2fcd]) by MN2PR19MB4045.namprd19.prod.outlook.com ([fe80::b423:5f36:f591:2fcd%6]) with mapi id 15.20.3433.039; Fri, 2 Oct 2020 15:40:31 +0000
From: "Black, David" <David.Black@dell.com>
To: Stewart Bryant <stewart.bryant@gmail.com>
CC: "Grossman, Ethan A." <eagros@dolby.com>, "secdir@ietf.org" <secdir@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "detnet@ietf.org" <detnet@ietf.org>, "draft-ietf-detnet-mpls-over-udp-ip.all@ietf.org" <draft-ietf-detnet-mpls-over-udp-ip.all@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "Black, David" <David.Black@dell.com>
Thread-Topic: [Detnet] Secdir last call review of draft-ietf-detnet-mpls-over-udp-ip-06
Thread-Index: AQHWmAVHkKliTan2Cky0cNPan4qVfamDISEwgAEbw4CAADamsA==
Date: Fri, 02 Oct 2020 15:40:31 +0000
Message-ID: <MN2PR19MB4045DD73D13B4C5833AE937183310@MN2PR19MB4045.namprd19.prod.outlook.com>
References: <160097130665.26261.15986068503995393539@ietfa.amsl.com> <BY5PR06MB6611BE0705F79CB6C4FE8883C4390@BY5PR06MB6611.namprd06.prod.outlook.com> <3D90BF69-C0F5-4538-B029-D6D189463100@gmail.com> <MN2PR19MB404579FE42A2EA751B56381783300@MN2PR19MB4045.namprd19.prod.outlook.com> <4587A7BB-F83B-4A2A-89CF-CE36F922E277@gmail.com>
In-Reply-To: <4587A7BB-F83B-4A2A-89CF-CE36F922E277@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Enabled=True; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Owner=david.black@emc.com; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SetDate=2020-10-02T15:38:59.0401286Z; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Name=External Public; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Application=Microsoft Azure Information Protection; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_ActionId=55017ebd-cb9f-416b-9016-e8a8e9ccdda0; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Extended_MSFT_Method=Manual
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=dell.com;
x-originating-ip: [72.74.71.221]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cdde8a86-8293-402c-903f-08d866e97eef
x-ms-traffictypediagnostic: MN2PR19MB3933:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR19MB393397CD7D1BC95D59A4523E83310@MN2PR19MB3933.namprd19.prod.outlook.com>
x-exotenant: 2khUwGVqB6N9v58KS13ncyUmMJd8q4
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 1zh8+B5AKlWNN/vszhoU3YZ/pLj2cZ8kE5RRO8/5joLLeFZtr8iUPriMGWZ9T2+WkrTQu8LsPsiTViPG3dB1A4HFFrUTR069Ml7kh3ZfGk7Tvd8qmPY0DOWByxpG2sEXsWIdL7wi+/cMyoHh+JLcqNJJ24CUxcWIFe+5XY5IUepIFD2gZd95fHcGdMGH82jgMX3qpiWKwydeqbbOFC/F3LwHkw6hOYGeiZD6nBsrgDVoqRunMEbEN/PuH+shDsX4nRU79xE8Yjyay5rfXVrdpEqbjYUCCbEnbFP4cVBPthZL+jH1URq2O6sSZnT7vTfli3IcpqWqHqYUhpU1XWXgAl2dSvQTKQ5QH8IDlPf2MT5AUHLsmq96K/R4DbW6IO5GofyHoPJJbct3wDz8NjyFfQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR19MB4045.namprd19.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(376002)(346002)(39860400002)(366004)(136003)(8676002)(4326008)(107886003)(186003)(55016002)(9686003)(83080400001)(26005)(83380400001)(33656002)(6916009)(8936002)(966005)(71200400001)(52536014)(66556008)(2906002)(66946007)(66476007)(64756008)(66446008)(478600001)(86362001)(5660300002)(53546011)(6506007)(316002)(76116006)(786003)(7696005)(54906003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: lqEqWMT0Dw6u6kiIgpLqz3f6VWBp9rVX+Nktcbo4UENlGg824Vsavned6HH03aXcPwc/5Ld7WAn+DWuZYbg12QCIHhHSchlVXjJdtWa/mJePrMi59MrD2ySTTJ3WrhVKi8IzDFkPIBIWoVvShaTbdGOANGwC4+Q5p0CK+5/RDT4Dp03kDuw6DMZpN8/qgnvZq5Rv+FIeGZ4+zacV2GJYGz3yltOY+fkhfsq5lEy84L36Es2RaKZ9sBsMhDtTT35C3QrTN+kSTzwXsnH4BZwi+btvrUU+t8bUW96TT5otDLgBi+ZlzuvZVKT3wP301nDSMnBxJCJ2ExzRBuV5mlfOgrH4eTUZX7jEUls+B0RssuH8C+XLOuvTD8B/bVXt0tY9m11ZX906IiK5U7z7qp0LxUY/3T0WH1awRxu1Dq2z2v3hCPuUvixm+rg+LJygNQwusdtP0tzUgZNp3doNNvNWE/+CnorKTEV2Qk/ypjDuSF/h2BQL1eLWukJSDn2tT7f+MW68zJtLSAECE7DSYau8Dp+79ONWt7K6yvJok4+0Yi2UlYhnNQJktpgWWfUx6T9Pm9+myZBVzNiq9lXwduLKWxgF7FoD5fGhigwI4jPmJzt82k1+4PNG/9fXjgVVkagL1QcOLzLi+vdeTx3/5ISaOQ==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: Dell.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR19MB4045.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cdde8a86-8293-402c-903f-08d866e97eef
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Oct 2020 15:40:31.4822 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 945c199a-83a2-4e80-9f8c-5a91be5752dd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Ah5vzPFv32VsCCsyXmo3lnJVPzxOTw/nHqiJEoARFixOgGRPtH4JQ0FVVaD1f1ZH1+kCmFf03v55e1hyUoG5SA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR19MB3933
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-10-02_10:2020-10-02, 2020-10-02 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 impostorscore=0 phishscore=0 clxscore=1015 lowpriorityscore=0 bulkscore=0 mlxscore=0 adultscore=0 suspectscore=0 priorityscore=1501 mlxlogscore=999 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2010020120
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 spamscore=0 malwarescore=0 phishscore=0 bulkscore=0 mlxlogscore=999 adultscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2010020120
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/wdpQJ-Oyp54vciO_aAWhy1LI3kg>
Subject: Re: [secdir] [Detnet] Secdir last call review of draft-ietf-detnet-mpls-over-udp-ip-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Oct 2020 15:40:42 -0000

Stewart,

Going back to my earlier note to identify the design choice:

> > ... IF the DetNet service defines packet loss as a failure case, i.e., something
> > that can't happen unless something in the network has actually failed and the
> > preferred failure behavior is late delivery rather than non-delivery of impacted
> > data, THEN TCP may be useful/appropriate.  

I read your note as advocating that the preferred failure behavior is non-delivery of impacted data, in which case, I would agree that TCP is not a good choice of protocol.

Thanks, --David

> -----Original Message-----
> From: Stewart Bryant <stewart.bryant@gmail.com>
> Sent: Friday, October 2, 2020 8:21 AM
> To: Black, David
> Cc: Stewart Bryant; Grossman, Ethan A.; secdir@ietf.org; last-call@ietf.org;
> detnet@ietf.org; draft-ietf-detnet-mpls-over-udp-ip.all@ietf.org; Stephen
> Farrell
> Subject: Re: [Detnet] Secdir last call review of draft-ietf-detnet-mpls-over-udp-
> ip-06
> 
> 
> [EXTERNAL EMAIL]
> 
> David
> 
> The way that I look at it, TCP will deliver a given byte fed into its transmission
> stream in its own good time, delaying that byte until all previous bytes are
> delivered. It will also keep trying to deliver that byte as long as there is
> connectivity between source and sink. That is a contrast with DetNet which is
> looking for fast delivery with possibly some mitigation for packet loss. In such
> circumstances TCP is a liability to the service that wanted deterministic
> characteristics. I cannot therefore think of any good reason to pay the price of
> DetNet to deliver TCP. If you do want to use a transport protocol that is more
> sophisticated than UDP, then SCTP-PR is probably a better choice.
> 
> - Stewart
> 
> 
> 
> > On 1 Oct 2020, at 20:35, Black, David <David.Black@dell.com> wrote:
> >
> > Playing devil's advocate for a moment ...
> >
> >> I would be rather surprised if anyone tried to run a deterministic
> >> application over TCP.
> >>
> >> TCP would undo all the temporal determinism and or course it looks
> >> after packet loss.
> >
> > ... IF the DetNet service defines packet loss as a failure case, i.e., something
> that can't happen unless something in the network has actually failed and the
> preferred failure behavior is late delivery rather than non-delivery of impacted
> data, THEN TCP may be useful/appropriate.  OTOH, use of TCP increases the
> DetNet attack surface, as (in contrast to UDP), causing a drop or otherwise
> triggering retransmission becomes a way to attack the DetNet service by
> increasing the amount of traffic sent into limited reserved network capacity and
> also by delaying delivery of received data to the deterministic application.
> >
> > I've lost track of the original context, so I'm not able to suggest specific text and
> where to add it or make changes.
> >
> > Thanks, --David
> >
> >> -----Original Message-----
> >> From: detnet <detnet-bounces@ietf.org> On Behalf Of Stewart Bryant
> >> Sent: Thursday, October 1, 2020 11:12 AM
> >> To: Grossman, Ethan A.
> >> Cc: secdir@ietf.org; last-call@ietf.org; Stewart Bryant;
> >> detnet@ietf.org; draft- ietf-detnet-mpls-over-udp-ip.all@ietf.org;
> >> Stephen Farrell
> >> Subject: Re: [Detnet] Secdir last call review of
> >> draft-ietf-detnet-mpls-over-udp-
> >> ip-06
> >>
> >>
> >> [EXTERNAL EMAIL]
> >>
> >>
> >>
> >>> On 24 Sep 2020, at 21:28, Grossman, Ethan A. <eagros@dolby.com> wrote:
> >>>
> >>> Thanks Stephen. FWIW it isn't too late to add some text to the
> >>> DetNet Security
> >> draft regarding DetNet over UDP, if someone can think up something
> >> useful to say. I suppose one could simply mention UDP in the same
> >> breath as TCP (implying that the same general security guidelines apply, if
> that's our stance).
> >>> Any thoughts (from anyone)?
> >>
> >> Ethan
> >>
> >> I would be rather surprised if anyone tried to run a deterministic
> >> application over TCP.
> >>
> >> TCP would undo all the temporal determinism and or course it looks
> >> after packet loss.
> >>
> >> - Stewart
> >>
> >>
> >>
> >> _______________________________________________
> >> detnet mailing list
> >> detnet@ietf.org
> >> https://www.ietf.org/mailman/listinfo/detnet

v2.23.0 | Report a Bug | By Email