|
Hi Shawn, Many thanks for your review. Draft-ietf-detnet-flow-information-model is an
informational draft and describes only the flow and service information model
for DetNet. The WG is working on the YANG model which will call out the security
implications of attributes, per YANG model guidelines. (https://datatracker.ietf.org/doc/draft-ietf-detnet-yang/) Thanks for the editorial comments, I will fix them. Thanks & Cheers Bala’zs From: Shawn Emery <shawn.emery@xxxxxxxxx> Reviewer: Shawn M. Emery Review result: Ready with nits (DetNet), specifically for data at the IP/MPLS layer. The security considerations section does exist and recommends confidentiality for DetNet's external interfaces and that the knowledge of flows and services associated with customers and network operators could be used by an adversary to launch attacks against these networks. The section defers mitigation of said attacks to the ietf-detnet-security draft and defers to RFC 8655 for DetNet's overall security considerations. These documents provide some coverage in regards to the data model presented in this draft, but unfortunately does not describe how draft specific attributes, e.g. DnServiceRank could be used as a DoS attack. Having said this, when the data model does become a YANG model then DetNet will need to explicitly call out each of these attributes that have security implications, per YANG model guidelines. General comments: Having the draft-ietf-detnet-security draft is a really good idea to help augment this and other DetNet drafts. Having a comprehensive set of threats and how to mitigate against them provides a good foundation for other authors to think about. Editorial comments: s/can distinguished/can be distinguished/ s/flow using,/flow, using/ s/result data/result in data/ Shawn. -- |
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
