Dear Dave,
We've posted rev -13 addressing your comments and others from the IESG review:
Can you please let us know if your comments have been properly addressed?
Thanks!
Carlos
On Thu, Aug 14, 2025 at 9:10 AM Xuesong Geng <gengxuesong=40huawei.com@xxxxxxxxxxxxxx> wrote:
Hi Dave,
Thank you for your thorough review and for providing a version with your comments. We appreciate your time and effort in helping improve the document.
Regarding your comment on the security aspect, we agree that the current text does not explicitly incorporate the relevant security requirements from RFC 9055. In the next revision, we will:
1. Add RFC 9055 as a reference 1.
2. Review Section 7 of RFC 9055 (Security Threat Mitigation) and extract the applicable protocol requirements.
Also we will address the editorial nits based on your marked-up copy.
Thanks again for your helpful feedback.
Best
Xuesong
> -----Original Message-----
> From: Dave Thaler via Datatracker [mailto:noreply@xxxxxxxx]
> Sent: Tuesday, July 29, 2025 4:53 AM
> To: secdir@xxxxxxxx
> Cc: detnet@xxxxxxxx; draft-ietf-detnet-controller-plane-framework.all@xxxxxxxx;
> last-call@xxxxxxxx
> Subject: draft-ietf-detnet-controller-plane-framework-12 telechat Secdir
> review
>
> Document: draft-ietf-detnet-controller-plane-framework
> Title: Deterministic Networking (DetNet) Controller Plane Framework
> Reviewer: Dave Thaler
> Review result: Has Issues
>
> I have reviewed this document as part of the security directorate’s ongoing
> effort to review all IETF documents being processed by the IESG. These
> comments were written primarily for the benefit of the security area
> directors. Document editors and WG chairs should treat these comments
> just like any other last call comments.
>
> There are numerous editorial nits which I won't call out here but a marked up
> copy with my comments inline is at:
> https://1drv.ms/b/c/dc2b364f3f06fea8/EV3K2Un0TlVFrspsJvc_kOQB2FOkEj
> 5UvFwc66fW3c_fYQ?e=KyM9xq
>
> The one more substantial comment is that section 2 claims to compile the
> controller plane requirements from various other documents.
> However, from a secdir perspective, the compiled requirements are notably
> missing any security requirements from RFC 9055, which isn't even cited in
> this section (the security considerations section cites an earlier I-D version of
> it, but mentions nothing as a requirement only considerations). I did a
> quick scan of RFC 9055 section 7 (Security Threat Mitigation) and it does
> appear to contain some things that should, I think, really be treated as
> requirements.
> For example, RFC 9055 section 7.3 says:
> > Authentication verifies the identity of DetNet nodes (including DetNet
> > Controller Plane nodes), and this enables mitigation of Spoofing
> > attacks.
> which implies a requirement that the controller plane authenticate the
> identity of controller plane nodes.
>
> Hence I would recommend this document also incorporate any protocol
> requirements resulting from RFC 9055 section 7.
>
> Dave
>
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
