Re: [secdir] secdir review of draft-ietf-detnet-architecture-08

János Farkas <janos.farkas@ericsson.com> Wed, 17 October 2018 08:28 UTC

Return-Path: <Janos.Farkas@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28524130E97 for <secdir@ietfa.amsl.com>; Wed, 17 Oct 2018 01:28:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.363
X-Spam-Level:
X-Spam-Status: No, score=-4.363 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.064, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6KKlthBBEWEG for <secdir@ietfa.amsl.com>; Wed, 17 Oct 2018 01:28:31 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D984130EA4 for <secdir@ietf.org>; Wed, 17 Oct 2018 01:28:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1539764906; x=1542356906; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=0SC1NrKOtNdcJPB3pCDe0nl15NYnAlXfhxXhDZWcPsA=; b=RpCYkOmV1D3q7EgX2WjpyTfANr5fmWo1X3Kw8N3o9np008tKB1yQQxZUYVUOKqFr fZQZ9XIZ9nUxyI+Sq0pwqo7uhkbsAlzmrYpUU/alIKwS8uka5B02IuKFCVqQ2vpc VWsaGwIw6AOpJr9sLkYv4WQDeE95o/EtbXU9E036xqU=;
X-AuditID: c1b4fb2d-b37ff70000003a27-06-5bc6f2aa0cc2
Received: from ESESSMB505.ericsson.se (Unknown_Domain [153.88.183.123]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id EE.55.14887.AA2F6CB5; Wed, 17 Oct 2018 10:28:26 +0200 (CEST)
Received: from ESESSMR502.ericsson.se (153.88.183.110) by ESESSMB505.ericsson.se (153.88.183.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Wed, 17 Oct 2018 10:28:26 +0200
Received: from ESESSMB502.ericsson.se (153.88.183.163) by ESESSMR502.ericsson.se (153.88.183.110) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Wed, 17 Oct 2018 10:28:26 +0200
Received: from [131.160.183.116] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.190) with Microsoft SMTP Server id 15.1.1466.3 via Frontend Transport; Wed, 17 Oct 2018 10:28:25 +0200
References: <c5b35342-1136-8af2-d0a8-d66603c6e124@ericsson.com>
To: Daniel Harkins <dharkins@lounge.org>
CC: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-detnet-architecture.all@ietf.org, DetNet WG <detnet@ietf.org>
From: János Farkas <janos.farkas@ericsson.com>
X-Forwarded-Message-Id: <c5b35342-1136-8af2-d0a8-d66603c6e124@ericsson.com>
Message-ID: <df8412e9-a2fc-3953-7dc6-5ca48f363b8f@ericsson.com>
Date: Wed, 17 Oct 2018 10:28:25 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <c5b35342-1136-8af2-d0a8-d66603c6e124@ericsson.com>
Content-Type: multipart/alternative; boundary="------------7CA1B052BC73CFD1832EC37D"
Content-Language: en-US
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprFIsWRmVeSWpSXmKPExsUyM2J7te6qT8eiDSYek7f4/Wk2i8XSf19Y LPbN2sRiMePPRGaLDwsfsjiweixZ8pPJ49nulywBTFFcNimpOZllqUX6dglcGYf2yxa8dql4 c2YnSwPjYdMuRk4OCQETiXdNL1i6GLk4hASOMkosv/WeCcL5xijx4sUlBOfM7LVQZccYJfbO mckM0i8sYC/RdWMCE4gtBGTfW/gZzBYR0JDo3LaYDaSBWWAao8SUm4/YQRJsQEV3L21ghlju LbFo8lFGEJsXKH7x33GwZhYBVYnLnZ/YQGxRgViJT1cWM0PUCEqcnPmEBcTmFHCQeLt+FVgv s0CYxJ4/R9kgbHGJW0/mQx2kJvG+4Q7jBEbhWUjaZyFpmYWkBcK2kJg5/zwjhC0v0bx1NjOE rSHROmcuO7L4Akb2VYyixanFxbnpRsZ6qUWZycXF+Xl6eaklmxiBMXZwy2/dHYyrXzseYhTg YFTi4Y38eCxaiDWxrLgy9xCjBAezkghv5mKgEG9KYmVValF+fFFpTmrxIUZpDhYlcV69VXui hATSE0tSs1NTC1KLYLJMHJxSDYwGSz0PsQU+itgVdK3Xxu75plZOl/RLy6w+N5k4b9RZ4Ccw 4e+0wIjPea4JHo8WSfyVuuB9n30P94NN289Mdlm7ZrFWzOrEPIcP3dO6T512T/35y+bxmamX dznO8Erw33j3VuMcGb2l5q809L/bXdX43N62ctL9d2ypr4JedijnrGuvZbkbwSCpxFKckWio xVxUnAgASQl7b60CAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/l-QBtEH0Rbw-c2t2W8FkpUjyFE0>
Subject: Re: [secdir] secdir review of draft-ietf-detnet-architecture-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Oct 2018 08:28:34 -0000

Hi Daniel,

Thank you very much for your review!

Please find below how we plan to update the draft to address your comments.

Best regards,
Janos


On 9/25/2018 2:58 AM, Daniel Harkins wrote:
>
>   Hello,
>    I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
>    The summary of the review is ready with issues.
>
>    This draft describes an architecture for deterministic networking
> that provides for delivery of packet flows with low packet loss and
> with a maximum amount of latency.
>
>    A nit first. The terminology seems a bit overblown. We have DetNet
> Intermediate nodes that could be relay nodes or transit nodes; and a
> DetNet system that is a DetNet aware system or transit node or
> relay node; and DetNet edge nodes that are relay nodes; and DetNet
> relay nodes that can be bridges, firewalls, or anything else that
> participates in DetNet. Finally, to translate between 802.1 TSN and
> DetNet we have a "relay system" that is an 802.1 term for a DetNet
> intermediate node which, as we have seen, is a DetNet relay node. This
> can be simplified considerably.
The definition of DetNet relay node will be updated.
"A DetNet relay node can be a bridge, a router, a firewall, or any other 
system" will be delated.

OLD:
A DetNet node including a service layer function that
interconnects different DetNet transport layer paths to
provide service protection. A DetNet relay node can be a
bridge, a router, a firewall, or any other system that
participates in the DetNet service layer. It typically
incorporates DetNet transport layer functions as well, in
which case it is collocated with a transit node.

NEW:
A DetNet node including a service layer function that
interconnects different DetNet transport layer paths to
provide service protection. A DetNet relay node operates
at the service layer. It typically incorporates DetNet
transport layer functions as well, in which case it is
collocated with a DetNet transit node.



>    The Security Considerations is thin, especially for an architecture
> draft that is going to be referred to by subsequent drafts which will
> just say something along the lines of, "as an instance of the DetNet
> FooBar, these Security Considerations are those from [ARCH]", where
> ARCH is the RFC that comes out of this I-D. I think there needs to be
> a description of the various points in the architecture that an attacker
> could exploit, and if a point is not exploitable it should say so. For
> instance:
>
>    - is it possible for an attacker to launch a DoS attack by manipulating
>      member flows of a DetNet flow in order to force DetNet nodes to
>      consume buffers they allocated to deal with the DetNet flow?
>
>    - If an end system is not DetNet aware there needs to be a DetNet edge
>      node to handle the encaps of the flow into the DetNet system. Can an
>      attacker in that case introduce packets that shouldn't be part of the
>      DetNet flow into the flow by getting the edge node to encaps them as
>      such?
>
> If there are any assumptions being made-- e.g. "insider attacks are not
> being considered"-- they should be mentioned.
>
>    regards,
>
>    Dan.
>
>
Security issues and considerations are addressed by the DetNet Security 
draft: https://datatracker.ietf.org/doc/draft-ietf-detnet-security.
Reference will be added to the DetNet security document.