Re: [secdir] Secdir review of draft-ietf-detnet-tsn-vpn-over-mpls-05

Balázs Varga A <balazs.a.varga@ericsson.com> Tue, 09 February 2021 16:17 UTC

Return-Path: <balazs.a.varga@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA08B3A0EF2; Tue, 9 Feb 2021 08:17:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.349
X-Spam-Level:
X-Spam-Status: No, score=-2.349 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZutvvUpOSvwy; Tue, 9 Feb 2021 08:17:18 -0800 (PST)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40046.outbound.protection.outlook.com [40.107.4.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 555BA3A0EFA; Tue, 9 Feb 2021 08:17:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bEsrJTFwmyO0MNgUYFgKq7P5Ig6WipKnwuWY3fQP4apHQChosK5ui7TCOMMUXNfzXdpkMj7to/qSzsjG5fkNnO2fYg3vWphBEZYDcy3MCZETgNrICPSq9z9Pi2DjirG8uVf68z+ZZdGCICe8GXvFjYZZQGCdhv8n5oKaPhBBHl3dte/rMe2vHJDI94Z3Cd+ahkht7B50rxBL5+ii4n0JRAt5hSJmj3dZBKV4xsSEzFN8WJyo//VPneuaRTRJzjxizkvGFyL8XCDeqsIINd4JSOSNjfTOEx35RXFRIe1A8B/ZsOkgdW6QnPR/85mPk16jf6KI63TMuWUQWDWpSST/bQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1xl6rzFevSRbSyOEYv6VunPtpLVNyCQqL0J8TEaLgiI=; b=S1P0UoJs7inwACt2qS8eilsB/EB330eylhFejFNyXzMe1/WaaCWUKD5IIqVpIBq+CzDVnkMylqbK3hGT9LPTTAzaCsvdoPNvjVZN0gna80+XYGfNIyK2+7K1AhHrdrn82yQBY9Uyrkz89aYt/me5n8Fot/0R8f4SyXFAgLEdKdb+tF6odL/pjYBSCGJlV5rhnWg5BPW888qwYOhBFz4ExPOL7ma++T2q9ujDyHfqn+0uBNLlerjb3A2IGNN2svuimRjSBfgz2VqgVPegw0b1i+VXalsNyFXAXACqr5XB9TJAnDlZuSiBiErTYbIDEiNb021u4NmfljlXUuecn1GXbg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1xl6rzFevSRbSyOEYv6VunPtpLVNyCQqL0J8TEaLgiI=; b=FPNSZtMeBUrmpO39TqC8VgYA7PxKYwopGRtcoA+zfqbRLWx/2empKCKMq30Nca3gvG1MO2FTX39mgYtD8aFaztkB07h9KkBvEuVYdpifMeV55hqYl/JCQcDb0qsG3HsIVx+heb6r48J5jRh9e1ljjE26DJq7K60NtTG6o9IfFtI=
Received: from (2603:10a6:208:22::25) by AM0PR07MB5586.eurprd07.prod.outlook.com (2603:10a6:208:f1::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.24; Tue, 9 Feb 2021 16:17:14 +0000
Received: from AM0PR0702MB3603.eurprd07.prod.outlook.com ([fe80::24d3:85ea:df17:ed0b]) by AM0PR0702MB3603.eurprd07.prod.outlook.com ([fe80::24d3:85ea:df17:ed0b%3]) with mapi id 15.20.3846.024; Tue, 9 Feb 2021 16:17:13 +0000
From: =?utf-8?B?QmFsw6F6cyBWYXJnYSBB?= <balazs.a.varga@ericsson.com>
To: =?utf-8?B?TWFnbnVzIE55c3Ryw7Zt?= <magnusn@gmail.com>, "draft-ietf-detnet-tsn-vpn-over-mpls@ietf.org" <draft-ietf-detnet-tsn-vpn-over-mpls@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Secdir review of draft-ietf-detnet-tsn-vpn-over-mpls-05
Thread-Index: AQHW/rTuo0qEMlGb/EaLZWTlBX+cB6pP/3FA
Date: Tue, 9 Feb 2021 16:17:13 +0000
Message-ID: <AM0PR0702MB360337E4BCB497286CFECC33AC8E9@AM0PR0702MB3603.eurprd07.prod.outlook.com>
References: <CADajj4ZQnWkjKdWpBgsB0oyX8_Kzj6HOL-Vkm=TrByBQMEJfPw@mail.gmail.com> <CADajj4bCTF5EeF6DZkCHpP0_GTnUYQtqa0OE3qf3Z5_AmKWfyA@mail.gmail.com> <CADajj4YxgdNXkWX7dLP0nBDWXLSKFa8M_KWWCPCgfCibYtWkAw@mail.gmail.com> <CADajj4Yw13QWbSqF_hd+P_fcNA4_YvdwqF=OgJ4pdS_1vrWphA@mail.gmail.com> <CADajj4Zw+Js8neUujMbekReVdMMFcz46NDwdHsMdWXob6Upc_w@mail.gmail.com> <CADajj4aoBaSYTFFnvAjcL7mTnfoUJOWzvve=NRhgB3qe5X8uWQ@mail.gmail.com> <CADajj4ZTBoCHo2=RJhYFNMi+5L5JJwc_EqBkeyYUUfYsVk-vVw@mail.gmail.com>
In-Reply-To: <CADajj4ZTBoCHo2=RJhYFNMi+5L5JJwc_EqBkeyYUUfYsVk-vVw@mail.gmail.com>
Accept-Language: hu-HU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [94.21.210.80]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f0ea1cc2-90e2-4ecd-bc24-08d8cd162945
x-ms-traffictypediagnostic: AM0PR07MB5586:
x-microsoft-antispam-prvs: <AM0PR07MB5586C44DE88FA3ACF2FBCD8AAC8E9@AM0PR07MB5586.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jN+jbo0b9IpBnUkTlFprNt17m3vvhsqq+1ogUJgI1zCRzqzsIfhYxilEaG3I2TqHZI64zDlEj+Zv+6ZTPKG1c69vZ/vrnNkX7Ek7Tigco2lIMxMZEoiWOmyhZx9BV5lS3xZAa6ZnAOs3bRFI2b2cXxASc8lr3gvCqW/MDo9UePsjzq3L8LUywo8Q7MafhqvIJy8zNqOGy9D+JDx/oUIL8SITo7ExaPt5htrdf6qY5sBvLLoxj5fDAlgCMJpEJtq/HcpWsad/t2u+QGlxUuomqSENPaq/Wxv6HEB0h1UkcyzS59KfqfOIQpLHuZEU9usZlvAXr8PCIZvUPEG7DHmrYkgK74CwTLxH10d9TYzFTrOxBC+Bybwtf2MGlwZLKqgDDaxMkJqRr7g8njUNtT5mffDtJ9oLKBYL23KdB8FbdB8bx754+PltfRG3fxa232gbHva+/Pk39W1EWBCQFrCgsmrTJV6+DGT2oNZp453fb2y1aJzIJKKxzPGdhed1Xc5jn4k6IiR+OgVmNnB+Wboo0w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR0702MB3603.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(396003)(376002)(366004)(346002)(136003)(85202003)(83380400001)(66446008)(66556008)(76116006)(478600001)(55016002)(66946007)(9686003)(66574015)(52536014)(64756008)(5660300002)(86362001)(71200400001)(66476007)(8676002)(316002)(33656002)(26005)(8936002)(6506007)(9326002)(53546011)(2906002)(7696005)(110136005)(85182001)(186003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?Y1hrMnZRTUlralRLR2tJU1YwMXBFTnAwQmo4VHlXS3o5eldvOHExUkxXSkNs?= =?utf-8?B?MUdCZnM0aVdmTTB0cGg2WGk5bTN0b2JQVVZUeSt3eUlDelFzdHVxRTRKa3BX?= =?utf-8?B?czVPN2RndDhsNGdDL3ptSUlxcG85TFZBYTVhOUlaOEYxd3lpdW5TQTFqbmFy?= =?utf-8?B?UThaVHYyOE8xSVo5MFovU1k1dGVuRXFMUDhEdjRvNkJoODdubTQ0bzFwN0Fy?= =?utf-8?B?V3N0YUhJRyt3T0pKTDgrRG1qaDY3R2RXdEZhOXVuMWpVUzRlbXNmSmdKQjlj?= =?utf-8?B?dzNVOEIrN0lxU1c2K3pOK0t3a3pJUDVKTjd4UUdsRUVKc2M2aEtSZWpuNUVh?= =?utf-8?B?YzJQM052eFQ2aElIdkVFWlNwTXNFWmlDT3hhdGxkMWNPWXR1L0FBanpBMWtk?= =?utf-8?B?aHIvME4vUG9BalBremNDTi9iMFAvVXJkbjZYKys0SE9pcGl6TFExZmFybStt?= =?utf-8?B?L1A1WUp2THg2am05aERId3IvYms1ZWJPQWlsbC90Z0pFc2tUV2RRR3U5Umgv?= =?utf-8?B?Mys3VlFyaXdqTENDRVkyQ29RVU0zOVFHeFBPOUNZbnhQbXR3S1VOYndoNVRO?= =?utf-8?B?eC9TbnJMWm5GeWY1eXp5Z21Wanl6WHd4MXByQ2ZOcjZyMmVFdVlsZmRMKzhW?= =?utf-8?B?cUhsY2tCRmhZZzNLM3NlNVlrTzVoU21FcGRwK2tEVmNqTk9Ba1RLTW5Zempa?= =?utf-8?B?L1NSZTdENnN4ZVAraDVJcHlsaUhGR2dPMFNGTWRjZU9YNHdocklkb0s3OTlx?= =?utf-8?B?cngzV1BqYzJGZUVWbVdwM2NhbFFDdFBGOUpmWVY0akVMT25pdjFqSmNYeWxU?= =?utf-8?B?bVZxZ2lKVjNwVzRseEQxckFja3RnWUtpQVRFYmt2MmpFbEZFL1lSbXB0TVZT?= =?utf-8?B?TU9wMGpkVDQxWHRMMjRNTXR1SVJZaDhqRXdoSEhkRHNaMWc2MnYrTWQvSklu?= =?utf-8?B?VlQ1Y01FMlJ4TXpaTXVoU2VOaFZQTWFkT2VhRE9YQ3ZTcXlreVpHemR1RHBJ?= =?utf-8?B?VWYxZ1NRV0pJM05oaENmOUFjTzkvQ0NLUzhEZ0prRWE5UW51a0owM2x6YjE0?= =?utf-8?B?c2pRQm1VdXd3WjdaMU04L1VWZXFhVFpNMmoxMDZZY1F0V0NENXhuYndraU8x?= =?utf-8?B?N1c0MzFtSzhnSmFYdGl5U0lyTW5ERHdnYURZc2Q1NHFXblZUc0VseForWVZE?= =?utf-8?B?Y3hLbE9uWE1lMGQ2a0FDb00ycU44YzR4YnZ1Sm5Ta01YSEFZbEVVWTNGdkhL?= =?utf-8?B?aDdXVXhZNFlaS2FXSHRqdTZJeDE2clZyZTQvakMzVUswZDJSdjMzMWl3ZGlt?= =?utf-8?B?WFBnWkExWnVkdnFKVFgrU1NFOE81OERldnFMVHJGaExIR2dvL29RSWFRSTBw?= =?utf-8?B?NC9laU9JYWg4ekk5MDJFaFZIQWxyM1lXQlRiMWphSmFQaE44MVA2VU82U1E2?= =?utf-8?B?L2liUGZJdjlBRzdZRkFtZDVVSDhPMUZXcUxNN0pTbHlFSnlxU1h5OWpaVVR0?= =?utf-8?B?OXNpRHpIRTE0aXJEbGloQTNTR3hPc0k4UElDbHlhVTBpODBNc1QvRlBJQ3lS?= =?utf-8?B?RnVsTXQwOCtGRWpzRnNWaDM4VWJxcURob2ZFSEZRRXJVR2JzdkNSelhhbS91?= =?utf-8?B?Z3gwRWpBcFRpLzhUbTFWQk1ZSFdrRGxRckxOaWhvT3hoK2tKZjlkRUtlS3R1?= =?utf-8?B?T2RkMUJic2NjN05RL0lzL0c1MXIyZEtsWG9KTjZ5Z3huV2lrRkJESURML2NY?= =?utf-8?Q?kwFZbl0xJxOPxoa8q5dbbsI00MfuowyP8+qg4c8?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR0702MB360337E4BCB497286CFECC33AC8E9AM0PR0702MB3603_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR0702MB3603.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f0ea1cc2-90e2-4ecd-bc24-08d8cd162945
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Feb 2021 16:17:13.7336 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: DQTcTjhu5anV7NkdAqQWa4nsMd/O5B6zQO2t+XkhcCGI70MDl17E+heGysVRMy/k+spEs/OfDjZ/ClxR0LLTws4LcvHmHtrzsv8zPFFySAI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB5586
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/rvzAsarDXuUOZ1L444Jb2Tsv5V4>
Subject: Re: [secdir] Secdir review of draft-ietf-detnet-tsn-vpn-over-mpls-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2021 16:17:23 -0000

Hi Magnus,
Many thanks for your review.
Security related aspects are covered in a dedicated draft (draft-ietf-detnet-security-14),
so no new security considerations were needed here in this draft.
All your editorial comments are welcome and will be updated in the new version.
Thanks
Bala’zs


From: Magnus Nyström <magnusn@gmail.com>
Sent: Tuesday, February 9, 2021 8:26 AM
To: draft-ietf-detnet-tsn-vpn-over-mpls@ietf.org; secdir@ietf.org
Subject: Secdir review of draft-ietf-detnet-tsn-vpn-over-mpls-05

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document describes a deterministic network data plane when time-sensitive networks are interconnected.

The security considerations section seems adequate though the integration of a protocol (TSN) on top of another protocol (DetNet/MPLS) sometimes can yield new results so it is just a question to the authors if  no new security consideration results from the application of TSN over DetNet/MPLS?

Editorial:

  *   "TSN" is used as an acronym in the abstract as is DetNet (and MPLS, although that is perhaps more common knowledge). Would be goot to spell out these acronyms directly in the abstract.
  *   Section 6, "challanges" -> "challenges"
  *   Section 6, "are member" -> "are members"
Thanks,
-- Magnus