Deterministic Networking (DetNet) Security Considerations

Document Type Replaced Internet-Draft (candidate for detnet WG)
Last updated 2017-09-12 (latest revision 2017-07-02)
Replaced by draft-ietf-detnet-security
Stream IETF
Intended RFC status (None)
Expired & archived
plain text pdf html bibtex
Stream WG state Call For Adoption By WG Issued
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-detnet-security
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


A deterministic network is one that can carry data flows for real- time applications with extremely low data loss rates and bounded latency. Deterministic networks have been successfully deployed in real-time operational technology (OT) applications for some years (for example [ARINC664P7]). However, such networks are typically isolated from external access, and thus the security threat from external attackers is low. IETF Deterministic Networking (DetNet) specifies a set of technologies that enable creation of deterministic networks on IP-based networks of potentially wide area (on the scale of a corporate network) potentially bringing the OT network into contact with Information Technology (IT) traffic and security threats that lie outside of a tightly controlled and bounded area (such as the internals of an aircraft). These DetNet technologies have not previously been deployed together on a wide area IP-based network, and thus can present security considerations that may be new to IP- based wide area network designers. This draft, intended for use by DetNet network designers, provides insight into these security considerations. In addition, this draft collects all security- related statements from the various DetNet drafts (Architecture, Use Cases, etc) into a single location Section 7.


Tal Mizrahi (
Ethan Grossman (
Andrew Hacker (
Subir Das (
John Dowdell (
Henrik Austad (
Kevin Stanton (
Norman Finn (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)