Re: [secdir] [Detnet] Secdir last call review of draft-ietf-detnet-mpls-over-udp-ip-06
Balázs Varga A <balazs.a.varga@ericsson.com> Thu, 01 October 2020 15:05 UTC
Return-Path: <balazs.a.varga@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B25183A109D; Thu, 1 Oct 2020 08:05:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.3
X-Spam-Level:
X-Spam-Status: No, score=-3.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RzbdqtD4G5wn; Thu, 1 Oct 2020 08:05:13 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30051.outbound.protection.outlook.com [40.107.3.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84BA63A10C5; Thu, 1 Oct 2020 08:05:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ap8aUcuQ0LiCGFvcg+20z5rGBoQwuoYbcWP97bFad7f6XWvH+QCfO0rlBo4eZvTHBPklUl/cKCg5r14RdbqvijGgvJcod0nvtsx46x1jaAhXCd6ExP1ycED+ca42qaV7Hesye/WOFA/5ZBQCp+nvdJ675C3ymcoAz3LV1fgDoJ9eJjj4x2+/j90cJSESfIe7ai7gAOfwqNClaHFHAR/U5mOSTF/kZd1HmPP3/W8O6VJbAUofFWmgUaDqaSndKAX489NnzyMhxNzyTqVKvNtNoQ2Ytx1gs9FY4+DR7OB0k9dZQ2B7XCbtX7Qrx0jzzIDIpkgq+p34D8HAC3S/rls+Ew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7thAfScPm2bVSBzEDjul7kBxxle+/HtvC2TdsCSsRFE=; b=EdxuszL1sY8BqgRmxhV4oyKI/1olM/RzM9VRNgt7W/igGIPpEghxEhZvLfnizXwSUFPkUNiM9cv7ZrTPju5t/1Vt2g1A/Wa8FRU6baA6Ai+NDQ/x64R6PoGfOk7+/an7TojBTjQhXdVUXf6fnzghVeaxfr4ex+F6wlcs4r/+hTsx5RzVWF6d+1hKV9jVatc53SLfDoXHgvMnCgVuw+vsNfujqqdUMk2I4EYmokYsoTvFotBOY0yHoItuSAyvRAHsw2DnYBpeRtmkmZrMxn4SLYCSOPrwCkwX9sLRYGuz5ExUnzbjoaA7OnfQiPTpv8NQSgf7BZKwcZZ20vv8ITZvHg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7thAfScPm2bVSBzEDjul7kBxxle+/HtvC2TdsCSsRFE=; b=JaXms4FlrNqBqgOkuS5AbUUn8h251zJPu1rvYdl7pjsgegYSkhSPdj6yG9qZhgRaDBpC0wFDCuRHJCkR5pKrOMQvnpcdk15JkdUwEObxrGAZFUVMvsuKu06z6SbPF2OEEYXN0bOa+QmoKTCdRv19VXLcXSDCslXyOi2cVC8S0q8=
Received: from AM0PR0702MB3603.eurprd07.prod.outlook.com (2603:10a6:208:22::25) by AM0PR07MB5409.eurprd07.prod.outlook.com (2603:10a6:208:100::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.13; Thu, 1 Oct 2020 15:05:06 +0000
Received: from AM0PR0702MB3603.eurprd07.prod.outlook.com ([fe80::59ca:540d:b7f3:58b9]) by AM0PR0702MB3603.eurprd07.prod.outlook.com ([fe80::59ca:540d:b7f3:58b9%6]) with mapi id 15.20.3433.035; Thu, 1 Oct 2020 15:05:06 +0000
From: Balázs Varga A <balazs.a.varga@ericsson.com>
To: "Grossman, Ethan A." <eagros@dolby.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "secdir@ietf.org" <secdir@ietf.org>
CC: "last-call@ietf.org" <last-call@ietf.org>, "detnet@ietf.org" <detnet@ietf.org>, "draft-ietf-detnet-mpls-over-udp-ip.all@ietf.org" <draft-ietf-detnet-mpls-over-udp-ip.all@ietf.org>
Thread-Topic: [Detnet] Secdir last call review of draft-ietf-detnet-mpls-over-udp-ip-06
Thread-Index: AQHWkp6pkKliTan2Cky0cNPan4qVfal4PT2AgAqiVSA=
Date: Thu, 01 Oct 2020 15:05:06 +0000
Message-ID: <AM0PR0702MB3603831C9FE220E6EA3A0820AC300@AM0PR0702MB3603.eurprd07.prod.outlook.com>
References: <160097130665.26261.15986068503995393539@ietfa.amsl.com> <BY5PR06MB6611BE0705F79CB6C4FE8883C4390@BY5PR06MB6611.namprd06.prod.outlook.com>
In-Reply-To: <BY5PR06MB6611BE0705F79CB6C4FE8883C4390@BY5PR06MB6611.namprd06.prod.outlook.com>
Accept-Language: hu-HU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dolby.com; dkim=none (message not signed) header.d=none;dolby.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [94.21.192.99]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: dcf7612e-8624-4135-f45e-08d8661b6213
x-ms-traffictypediagnostic: AM0PR07MB5409:
x-microsoft-antispam-prvs: <AM0PR07MB5409E1C4E044CB5BE7DD9150AC300@AM0PR07MB5409.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: CGFnBibW97lGh2XYJignWwse/B6mJOQZ0DPp7QPN5EDI2eJt63rVGkLpPnaGND5DPxcatRMlMRnVT04FC/UwN4bek/qXLkhqJoOXjhl9Tx+qWGvD0iRemixR754c/oqMOaPQH+b6trf5C65YSAQI1JPyr6GOP+KD6/HClcocrXWSFObFGlOlr9bLGDYjPWVJ2FT/zCiu05rlAB/D4hw2WXBUuMsBLOIJxk6dCFYTccX1ku5xPrvgxmMLDaa3VnE2tusKlfmTA8n+lEtym3BpquSgZPGoYDaQUC4ElPQc/mSz6M8hVDT03x8ThG31+ETwUkNYH2UsaUBk9l7HdXjpnfBVqgI7fw8kiOLEgSMuKmHvRQckZ2qFIROqcaFfakhSVBUoWwW0afULOwB2J3qwDQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR0702MB3603.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(376002)(346002)(396003)(136003)(39860400002)(83080400001)(316002)(110136005)(53546011)(6506007)(478600001)(54906003)(71200400001)(33656002)(4326008)(186003)(86362001)(2906002)(5660300002)(8676002)(9686003)(8936002)(66446008)(66556008)(66476007)(7696005)(64756008)(76116006)(52536014)(55016002)(966005)(66946007)(26005)(83380400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 4149FeDQojej1wYlHiFZnUQB8IJ8ZdKsKUK2r5ke2oIU1Kb2xEBsGmDmHeESMO4NRekPNTLpaSBViCUxs43OrBlSQy0Z7jJJWjlkz8Kya/fvUGhcO97JB670EcnSGw6p1Or0T2B7Bw0v0mt5hVVp4TC/mIyfwckMC4BVf3a9z77EjuxPbSU5QYVfRQGD+D7O+S0G7b+1UWV2dJAstbcDYqxL33vZiHWO8JwX+TG241ptRteJ57qcYysFAEFSOu3SmEBRErbqg157+O/XkHx9T/bTqr6udyRfPvH/Ym5GrCVgcRT/hufO6Rh4uf+mT9hg7DUTBKCeujZfRissfDXTjvvnDtds1l9GJzbM+QyE/hNnDuCgNrb3qsktfMWw3SGVw/BRYlYyV5FOZf8QEmhcVZEFrEohuntV+FynvjCVo2x73eLgMkPNpzjtuZs4deJYect43SdmsG7y0qUxNahj4Qjs8uGRYzNA7iE7VhtabNl577f9YjvntRlaRoAV9mZm0O8omKGF2GG9aaz5s8osB9QU9LUMqUSjGF5FgQJkvsa6E8+3+sERlM8/PM2nQZpnag7wfrFsiK4T2MFRKAR4hvxT7cwRA4nqxy8cFQ3OFzmTGxRJQeYlFNGMjn4+q8q9imjF722yTyhUF8WbgxfD6A==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR0702MB3603.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: dcf7612e-8624-4135-f45e-08d8661b6213
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Oct 2020 15:05:06.7650 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: doD8qvc057onq3iBFmp9hQmXHBtaEdLrnoul7XeIzicq9fQLBNLCvjoaEzn6NOD0qo/BiYhcKk09hbKUwyeRTv1vSmltDS0yQNDUwiLLK2k=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB5409
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/KUSdvoyG8TVQCtI82sQ-bgI-gWE>
Subject: Re: [secdir] [Detnet] Secdir last call review of draft-ietf-detnet-mpls-over-udp-ip-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Oct 2020 15:05:16 -0000
Hi Stephen / Ethan, Many thanks for the review. Draft-ietf-detnet-mpls-over-udp-ip focuses on the scenario where two DetNet MPLS nodes are interconnected via an IP sub-network and covers data plane aspects. Security aspects of DetNet are covered in DetNet Security draft. DetNet flows are identified using a "6-tuple", what includes UDP, TCP, etc. In my view using UDP/IP encapsulation between DetNet nodes - covered in draft-ietf-detnet-mpls-over-udp-ip - is a subset of the general DetNet IP flow case, where the 6-tuple is used for DetNet flow identification. So, no extra security scenario here. Thanks & Cheers Bala'zs -----Original Message----- From: Grossman, Ethan A. <eagros@dolby.com> Sent: Thursday, September 24, 2020 10:28 PM To: Stephen Farrell <stephen.farrell@cs.tcd.ie>; secdir@ietf.org Cc: last-call@ietf.org; detnet@ietf.org; draft-ietf-detnet-mpls-over-udp-ip.all@ietf.org Subject: RE: [Detnet] Secdir last call review of draft-ietf-detnet-mpls-over-udp-ip-06 Thanks Stephen. FWIW it isn't too late to add some text to the DetNet Security draft regarding DetNet over UDP, if someone can think up something useful to say. I suppose one could simply mention UDP in the same breath as TCP (implying that the same general security guidelines apply, if that's our stance). Any thoughts (from anyone)? Thanks, Ethan (as Editor, DetNet Security draft) -----Original Message----- From: detnet <detnet-bounces@ietf.org> On Behalf Of Stephen Farrell via Datatracker Sent: Thursday, September 24, 2020 11:15 AM To: secdir@ietf.org Cc: last-call@ietf.org; detnet@ietf.org; draft-ietf-detnet-mpls-over-udp-ip.all@ietf.org Subject: [Detnet] Secdir last call review of draft-ietf-detnet-mpls-over-udp-ip-06 Reviewer: Stephen Farrell Review result: Ready (Sorry for the missed review deadline.) Other than general doubts about "I'll only use this in one administrative domain", the only specific thing that concerned me here was that draft-ietf-detnet-security doesn't seem to include any analysis of detnet/UDP (and indeed says that detnet runs over IP) and the security considerations section here is purely by reference. Given that draft-ietf-detnet-security seems to have done a reasonable job of analysis, it's a pity to not have that for the detnet/UDP case. All that said, I don't have any concrete problems to highlight with detnet/UDP, though of course I've not been thinking about this as $dayjob, so there may be issues there. _______________________________________________ detnet mailing list detnet@ietf.org https://www.ietf.org/mailman/listinfo/detnet
- [secdir] Secdir last call review of draft-ietf-de… Stephen Farrell via Datatracker
- Re: [secdir] [Detnet] Secdir last call review of … Grossman, Ethan A.
- Re: [secdir] [Detnet] Secdir last call review of … Balázs Varga A
- Re: [secdir] [Detnet] Secdir last call review of … Stewart Bryant
- Re: [secdir] [Detnet] Secdir last call review of … Grossman, Ethan A.
- Re: [secdir] [Detnet] Secdir last call review of … Black, David
- Re: [secdir] [Detnet] Secdir last call review of … Stewart Bryant
- Re: [secdir] [Detnet] Secdir last call review of … Black, David