Last Call Review of draft-ietf-detnet-architecture-08
review-ietf-detnet-architecture-08-secdir-lc-harkins-2018-09-27-00
| Request | Review of | draft-ietf-detnet-architecture |
|---|---|---|
| Requested revision | No specific revision (document currently at 13) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2018-10-03 | |
| Requested | 2018-09-19 | |
| Authors | Norman Finn , Pascal Thubert , Balazs Varga , János Farkas | |
| Draft last updated | 2018-09-27 | |
| Completed reviews |
Rtgdir Last Call review of -08
by
Henning Rogge
(diff)
Secdir Last Call review of -08 by Dan Harkins (diff) Genart Last Call review of -08 by Joel M. Halpern (diff) Tsvart Last Call review of -08 by Michael Scharf (diff) Tsvart Telechat review of -11 by Michael Scharf (diff) Genart Telechat review of -11 by Joel M. Halpern (diff) |
|
| Assignment | Reviewer | Dan Harkins |
| State | Completed | |
| Review |
review-ietf-detnet-architecture-08-secdir-lc-harkins-2018-09-27
|
|
| Reviewed revision | 08 (document currently at 13) | |
| Result | Has Issues | |
| Completed | 2018-09-27 |
review-ietf-detnet-architecture-08-secdir-lc-harkins-2018-09-27-00
Hello,
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
The summary of the review is ready with issues.
This draft describes an architecture for deterministic networking
that provides for delivery of packet flows with low packet loss and
with a maximum amount of latency.
A nit first. The terminology seems a bit overblown. We have DetNet
Intermediate nodes that could be relay nodes or transit nodes; and a
DetNet system that is a DetNet aware system or transit node or
relay node; and DetNet edge nodes that are relay nodes; and DetNet
relay nodes that can be bridges, firewalls, or anything else that
participates in DetNet. Finally, to translate between 802.1 TSN and
DetNet we have a "relay system" that is an 802.1 term for a DetNet
intermediate node which, as we have seen, is a DetNet relay node. This
can be simplified considerably.
The Security Considerations is thin, especially for an architecture
draft that is going to be referred to by subsequent drafts which will
just say something along the lines of, "as an instance of the DetNet
FooBar, these Security Considerations are those from [ARCH]", where
ARCH is the RFC that comes out of this I-D. I think there needs to be
a description of the various points in the architecture that an attacker
could exploit, and if a point is not exploitable it should say so. For
instance:
- is it possible for an attacker to launch a DoS attack by manipulating
member flows of a DetNet flow in order to force DetNet nodes to
consume buffers they allocated to deal with the DetNet flow?
- If an end system is not DetNet aware there needs to be a DetNet edge
node to handle the encaps of the flow into the DetNet system. Can an
attacker in that case introduce packets that shouldn't be part of the
DetNet flow into the flow by getting the edge node to encaps them as
such?
If there are any assumptions being made-- e.g. "insider attacks are not
being considered"-- they should be mentioned.
regards,
Dan.