[secdir] Review of draft-ietf-detnet-flow-information-model-10
Shawn Emery <shawn.emery@gmail.com> Fri, 04 September 2020 22:27 UTC
Return-Path: <shawn.emery@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 577413A0C77; Fri, 4 Sep 2020 15:27:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oKeUieCjJ7jW; Fri, 4 Sep 2020 15:27:41 -0700 (PDT)
Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C49083A0C78; Fri, 4 Sep 2020 15:27:37 -0700 (PDT)
Received: by mail-ej1-x630.google.com with SMTP id a26so10574203ejc.2; Fri, 04 Sep 2020 15:27:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=vd1mwzU/xsH6JejQGp8a16TiIfbCpCuKE0Lacmqc56g=; b=FEDrjnFkImq0zMXRqG0dsnDGBHbTKTwXeYcV0boY3tatus+HpOjsn35yN3sc0sCPoH 3xYkHCJ+qLeg6Ct52/R3C5C7EnwJKm5QzudF9fzbIMQH/v/dj8bErCgA7oPM7hBsfpGh J0LEwFCsqegs+JvGXqeFoMbOH7ZbzC94bt1E4i+7ebb24mJNrSIQCv+RFUQB5ZmlEZ9G 1HqVL1o0L47vcoxEgnDVXMnsWdbZuY6N5KR1qArzOtUAII1/JCbaCzZisi0ZukD9iXps RRb2Hzy8LpDBrhf3UGx/i/JYFEzq3MfFLw/35njg3EyvlMX6iWAwCKlxZc+do58t/eFh QzzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=vd1mwzU/xsH6JejQGp8a16TiIfbCpCuKE0Lacmqc56g=; b=bTA8ow2k50Zn10JqZ4EXe/y5XIRna2mCsl4WLT/RcJcWEWajaAGDaTpsVNeQiHarHf 8qOCWbgmBmUEZJgpLvfvX9I76X2PAwphRQe1SQopKfAkHNBO+yW9ktvWxV1b7fGLPqSh BDDc08Ty27mwugTg/GFsaYhoqtWhboC5EPFehobml92RswVrdgghYwPFIMemClgSn/1S f9eDGuhidNeC40KWbpXy/Oy4sDm/fReV8Ck2cX83mMO2J/rgl7KPcX8GgaOS0iT5YAjb +D2ZlNXYa8xOVmnlFqRJ5EbQUmIeOhGxijHnc1pWUQvo1OIlSIuTBfyKUG8viBPg5Oyv e+5w==
X-Gm-Message-State: AOAM530W8fZ+SOFMobSCxpw8ijLs4M2/8+LpDOvZwIyWOi02rNqX74nD v1EiicpVD2NqcshBq0DzrlTq5ACE/dtbeb+23NmmNl0ZK4s=
X-Google-Smtp-Source: ABdhPJx5oo3uiUTzDCiYZrx7LAd2kfeTLNixNqdb8f/7G3MR2caT+cmi+HzOHvzzcaRXkVJAtKR3S9QlaQ67JoTqkHM=
X-Received: by 2002:a17:906:7c82:: with SMTP id w2mr9385659ejo.87.1599258455682; Fri, 04 Sep 2020 15:27:35 -0700 (PDT)
MIME-Version: 1.0
From: Shawn Emery <shawn.emery@gmail.com>
Date: Fri, 04 Sep 2020 16:27:17 -0600
Message-ID: <CAChzXmb3kHoNpjOv=YfQFbxSnuhHsGQp5d-6hnp3=BmfyJnOyg@mail.gmail.com>
To: secdir <secdir@ietf.org>
Cc: last-call@ietf.org, draft-ietf-detnet-flow-information-model.all@ietf.org, Shawn Emery <semery@uccs.edu>
Content-Type: multipart/alternative; boundary="00000000000027b25105ae8460bf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/mDHxl7wnPlRateGZcuaUOgwvwRM>
Subject: [secdir] Review of draft-ietf-detnet-flow-information-model-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Sep 2020 22:27:42 -0000
Reviewer: Shawn M. Emery Review result: Ready with nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This informational draft specifies an information model for Deterministic Networking (DetNet), specifically for data at the IP/MPLS layer. The security considerations section does exist and recommends confidentiality for DetNet's external interfaces and that the knowledge of flows and services associated with customers and network operators could be used by an adversary to launch attacks against these networks. The section defers mitigation of said attacks to the ietf-detnet-security draft and defers to RFC 8655 for DetNet's overall security considerations. These documents provide some coverage in regards to the data model presented in this draft, but unfortunately does not describe how draft specific attributes, e.g. DnServiceRank could be used as a DoS attack. Having said this, when the data model does become a YANG model then DetNet will need to explicitly call out each of these attributes that have security implications, per YANG model guidelines. General comments: Having the draft-ietf-detnet-security draft is a really good idea to help augment this and other DetNet drafts. Having a comprehensive set of threats and how to mitigate against them provides a good foundation for other authors to think about. Editorial comments: s/can distinguished/can be distinguished/ s/flow using,/flow, using/ s/result data/result in data/ Shawn. --
- [secdir] Review of draft-ietf-detnet-flow-informa… Shawn Emery
- Re: [secdir] Review of draft-ietf-detnet-flow-inf… Balázs Varga A