Re: [Last-Call] [Detnet] Secdir last call review of draft-ietf-detnet-mpls-over-udp-ip-06

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Stephen / Ethan,

Many thanks for the review. 
Draft-ietf-detnet-mpls-over-udp-ip focuses on the scenario where two DetNet
MPLS nodes are interconnected via an IP sub-network and covers data plane
aspects. Security aspects of DetNet are covered in DetNet Security draft. 

DetNet flows are identified using a "6-tuple", what includes UDP, TCP, etc.
In my view using UDP/IP encapsulation between DetNet nodes - covered in
draft-ietf-detnet-mpls-over-udp-ip - is a subset of the general DetNet IP 
flow case, where the 6-tuple is used for DetNet flow identification. So, 
no extra security scenario here.

Thanks & Cheers
Bala'zs

-----Original Message-----
From: Grossman, Ethan A. <eagros@xxxxxxxxx> 
Sent: Thursday, September 24, 2020 10:28 PM
To: Stephen Farrell <stephen.farrell@xxxxxxxxx>; secdir@xxxxxxxx
Cc: last-call@xxxxxxxx; detnet@xxxxxxxx; draft-ietf-detnet-mpls-over-udp-ip.all@xxxxxxxx
Subject: RE: [Detnet] Secdir last call review of draft-ietf-detnet-mpls-over-udp-ip-06

Thanks Stephen. FWIW it isn't too late to add some text to the DetNet Security draft regarding DetNet over UDP, if someone can think up something useful to say. I suppose one could simply mention UDP in the same breath as TCP (implying that the same general security guidelines apply, if that's our stance). 
Any thoughts (from anyone)? 
Thanks,
Ethan (as Editor, DetNet Security draft)

-----Original Message-----
From: detnet <detnet-bounces@xxxxxxxx> On Behalf Of Stephen Farrell via Datatracker
Sent: Thursday, September 24, 2020 11:15 AM
To: secdir@xxxxxxxx
Cc: last-call@xxxxxxxx; detnet@xxxxxxxx; draft-ietf-detnet-mpls-over-udp-ip.all@xxxxxxxx
Subject: [Detnet] Secdir last call review of draft-ietf-detnet-mpls-over-udp-ip-06

Reviewer: Stephen Farrell
Review result: Ready

(Sorry for the missed review deadline.)

Other than general doubts about "I'll only use this in one administrative domain", the only specific thing that concerned me here was that draft-ietf-detnet-security doesn't seem to include any analysis of detnet/UDP (and indeed says that detnet runs over IP) and the security considerations section here is purely by reference. Given that draft-ietf-detnet-security seems to have done a reasonable job of analysis, it's a pity to not have that for the detnet/UDP case. All that said, I don't have any concrete problems to highlight with detnet/UDP, though of course I've not been thinking about this as $dayjob, so there may be issues there.


_______________________________________________
detnet mailing list
detnet@xxxxxxxx
https://www.ietf.org/mailman/listinfo/detnet

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux