[alto] Follow-up on the Security/Trust aspects in ALTO

"Diego R. Lopez" <diego.r.lopez@telefonica.com> Wed, 12 July 2023 19:40 UTC

Return-Path: <diego.r.lopez@telefonica.com>
X-Original-To: alto@ietfa.amsl.com
Delivered-To: alto@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2AC0C14CE42 for <alto@ietfa.amsl.com>; Wed, 12 Jul 2023 12:40:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=telefonica.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6jKhwZld3SHv for <alto@ietfa.amsl.com>; Wed, 12 Jul 2023 12:40:55 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on2115.outbound.protection.outlook.com [40.107.8.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D215C14CE25 for <alto@ietf.org>; Wed, 12 Jul 2023 12:38:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hXvHPnE0cmTuE3viQaVdDUJy9p/rbc+fWHqODTx4YqDCNCyU1i4DZDdWnBp+scTyNwbh1955sM4WMrX4arU8FmJDq9C/mJbWLbSsCkxx8DT+DVMycPqESU1f7+wrMkBQ9lTDQGA//SwUxXPE1SRTB2J9mx7MN6Bkdw84mT8VsjJMLOIUspRH3DtBLyVH4xzSnC5lnu30Pi2VmYSfRgNT9HMGqeeRdvIlOLzNXXjphvhMto90mRbRdGJ/4oB09XHNy36tSkbEUjqYmzy/bpgRDkzc+01ARwoFlSknbDmr28YQNslgqskRdy1q5ww57XRWPGbZNA5tdYil4/M2Fhd0tA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HVmGWDe74cGJyqML+43O+C+/+NRs2rYbiVKaPEdgwJY=; b=ShTXJaguJBqJ+gnim4jsxppM2nPwUHEdHQnoFzh8tH1uZodC1vuptHpX6+IH8/anGNGQHgGdNFc8sxbWNY9YCBpVzHhLZ28ev17blR20IJ8RuOOH8uVITVIqU5TZ6jo4TKzLrsheeWw0WAGTNI03eJeBEbyIH5PwvdxR/Uw5bvOzYoy7GNvHEdLzcoiynUeELD34AUeH7xkRnd4oqy0aiaWNKnYlKxMrt8thNgLQpXC6xcNZBfKXBeW5muGigCc6eQJaEYeeu4d26QYS8g8e2FFwfme/+jX0YOa6uDG0NrbE2yyVDd/ZNJmm2UvhfFxKu3QhqL7NO6dAi6t/MttewQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=telefonica.com; dmarc=pass action=none header.from=telefonica.com; dkim=pass header.d=telefonica.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telefonica.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HVmGWDe74cGJyqML+43O+C+/+NRs2rYbiVKaPEdgwJY=; b=fcnbGo0Rec4zLy0VG3l5892WFOKNbwtZ38l+Xgbc8DJI34CPuaHer+NRmMeAOSXl5q2Ii5b5w7lgGDCqs3qu892NNxNYJA6tkETfmzEJ2d+r4QkSWOJ/MpUxUXlJ2cYEtqg9rCzjPWuZqK67hpdtTKGeDs+txsnCvKaZaekyh0I=
Received: from DBAPR06MB7143.eurprd06.prod.outlook.com (2603:10a6:10:1ae::9) by DUZPR06MB8847.eurprd06.prod.outlook.com (2603:10a6:10:4af::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.32; Wed, 12 Jul 2023 19:38:18 +0000
Received: from DBAPR06MB7143.eurprd06.prod.outlook.com ([fe80::dce:81f7:ac86:3841]) by DBAPR06MB7143.eurprd06.prod.outlook.com ([fe80::dce:81f7:ac86:3841%6]) with mapi id 15.20.6565.028; Wed, 12 Jul 2023 19:38:18 +0000
From: "Diego R. Lopez" <diego.r.lopez@telefonica.com>
To: "ayoub.messous@fujitsu.com" <ayoub.messous@fujitsu.com>, "Randriamasy, Sabine (Nokia - FR/Paris-Saclay)" <sabine.randriamasy@nokia-bell-labs.com>, "Motoyoshi Sekiya (Fujitsu)" <sekiya.motoyosh@fujitsu.com>, "yry@cs.yale.edu" <yry@cs.yale.edu>
CC: Jordi Ros Giralt <jros@qti.qualcomm.com>, LUIS MIGUEL CONTRERAS MURILLO <luismiguel.contrerasmurillo@telefonica.com>, Qin Wu <bill.wu@huawei.com>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "'alto@ietf.org'" <alto@ietf.org>, "Junichi Suga (Fujitsu)" <suga.junichi@fujitsu.com>
Thread-Topic: Follow-up on the Security/Trust aspects in ALTO
Thread-Index: AQHZtPhSSJ77kPrvP0W3035MKprKgg==
Date: Wed, 12 Jul 2023 19:37:50 +0000
Message-ID: <DBAPR06MB71436B2494D6E9849FB747CCDF36A@DBAPR06MB7143.eurprd06.prod.outlook.com>
References: <VE1PR06MB715093C4216F166AC9A32827DF52A@VE1PR06MB7150.eurprd06.prod.outlook.com>
In-Reply-To: <VE1PR06MB715093C4216F166AC9A32827DF52A@VE1PR06MB7150.eurprd06.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=telefonica.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DBAPR06MB7143:EE_|DUZPR06MB8847:EE_
x-ms-office365-filtering-correlation-id: 161c6456-ba50-4387-818b-08db830f8b05
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /kh/RqWUe+2v6vtJK0/ToNiOhl31qkzb+3PAJB30bPndUdjG6b7fUeYXBaInbpZkOuJBpZrAC3hvif5NoxNQFMfieu2DBTX9MREOt7vDuNN+32LsHZ087dMBz9XBqkpvrA1wTWJ5u09IFfsARmtyPZ9pYxjob/2ARkbsOP44NicU0ezvMFXR7CVGr7lWKAp/SfF3MMZid0HVcqz/D4de42ITYDSaz4nOtFcy+WApvKrHd86m0VNvpMr1P7XdLYOjQLCu/BH5KVZX80q91hqH8ZHrlRHw8AMs/VvMxIQrT3yiWAz/60MaP3iJyF6vc8BaeCZk9CedQGCQtDPpB7dyVyOnfWgVwR4ma0ZZmtkP4xVsISCK3OCgfddM0jEmBsAPClydPoRRvsf5RwatzHi5IKIbAhipuFXxc5Y1vpJAPuyOk6k5E2QpmiBwCCcivkNC3psgGSABKqgWM3ecNRtKmayNFZcyf1QuTKDksfISNcs9+SxQ/f/AY7fRD2ZoLMKnfWS0kAcWSBaknf0bcxWawb8FMozP391DYrWhlqjH3ZXcKaUdRfttVdqgMAptOtLA/rQVq5PQYQK/5wtTyemZeCY262to5/3MDMTyiCx8vSXGy6T53a1jIgqcP/BdcUov/rch7FvCCRo5H1P7TME+yNllzsKD04f5SaBL7wUrTGJbWi575aL8KTFV9KhoyP/r
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBAPR06MB7143.eurprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(396003)(346002)(136003)(366004)(376002)(39860400002)(451199021)(83380400001)(15650500001)(66574015)(33656002)(38070700005)(166002)(86362001)(82960400001)(38100700002)(122000001)(2906002)(55016003)(41300700001)(4326008)(7696005)(966005)(316002)(45080400002)(5660300002)(8936002)(8676002)(478600001)(71200400001)(64756008)(76116006)(66446008)(6666004)(91956017)(66946007)(54906003)(66476007)(110136005)(66556008)(26005)(4743002)(66899021)(186003)(6506007)(52536014)(9686003)(9010500006)(15398625002)(554374003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: TdtOoDGQ3mOsiMu5SKB6W9GaJGh5FCR/1BWh6o9fdjfhpYFWuh3Bw8UXxd23e3g6R1Wby+ajbE6to/vYEvz1Zyr5ts/PMJL68rh5cMcSrBPh9vagj8wh9LVW9eUpl8LYjE71H9cERGbdQyVWUkLFD960uwIIqQaves+bcmaZiLCMeVeQQPmvL+vLRC0Vqg2/ALX+pNt8eLXbgdw5i+roi2VG0nJztZG3lHTRTvFFmghkhuQiUQSJthuGqINa6wUkYbBJG3fBOGilu2zurK0lgGB5/yC7fu/Z9OKwqWMFnfzr2Mr7Obpurlmc9rCiwxy36On+/sQPq67o1DiCQ7qUvW3pp6QMw1OhsUsQH9rP47r/9C4IE3g4MBOCHvzkMtY96WpzS7AdcbGWI4boDHd+QjGrETd9+sDdQjsT/RXUHpYPfJibUTYkLgSPyJxATMgKDZpWa8RlX2GaHC2uFEOy0HNUwA2L0mlFZ+zI+cQ16ViMziztT72XltbW/0QVUPu8dFvTFDhQMrczayGAxG1FOzjMuNGD7IR6RuFaQMNJ0if6WNja2gTm7OpKvH6vvaLknYwjv/ViwODr8d/AxsMIjZ2lE+5oavpZS2ayte6pTGSb1DIkgqMHBbe5+jbu86lcRfnRv8dFgTKILz+Nq+AW8dyU99ywK8ztQRoDUb1r5hQeXYbqOhE6gj6ilrgs8r30/3Zhw4uBYLZ3X9d5UAAg0gRInhprjTgbwDg4zmIhR76ogjjlvJwbwhzBRy/fvdPKeZo8zhfhp80VVP6r/JYpxoqV6BDeelNWHj+9Yp11a0fEtJ2XZku70B0pYNO1voTQbrgsm3mTrth1dUUWthnmMIqUGTNCwr7hSVqWg8I0LCdJXh4fh/p2ix29sxUTZK5QmCeRvQRbEGG53pL/KmW74Xm833Q/UKTsX6bKrN9NNwCHQDGwuE80lzcEsTS9hNV+2+/glpyI+mfy6vkq8n9gNKAOQBdYvnxUFwBbu1y05QbDbXKW+9KdfjjUXO6RWa1J7sPBIwD9KVPaDxKVrm1W65pY1Aymlt3TLdqv3npxakci8k6wawY+USFhRWy+VwA0bJx+PG1ZCV72IbI779m5hyw7vitJGbSOUm9I8g1hUpz0uxPzB6qBeRMEuI6S0BBfvahJOIcimqw8KS5FHHOCCvQvt9BHMs4ghBZjV49pkCpESq/sUcYKqZXetqVKFCUnzgzQPlvaBhxS+qA8YBHQmnandea+nA6Vr/4nPBM4IU+Z0LCfkMS9agv2nE1XKU88i7rMG4+k2DcF8nIhyGfS1ixJ3qabVjqVrmdY31HE2C5fk9gbRpLNfK9k+mqoAsphGSQfAM2FNIDvmFQDtFVlxutkQxlPCdjoOCvk1ncJCQEn8vsNgKkHQLkJm+PBQNySPS8bcM8ozaSdL2BiXV7Fa+hvUJ1qW/XOvZpwXHkzVfNEiZ7z+4k8qjTWbURmcB9KjUXnvISD/GzahA37hkiHF14OYV6pbaP/WpUxs4KJFJvGKTy8jvSOngsyr2bwI9twr4I3SAY8P3n5jEqnWJHyw8hj/m51L6JVVueImIPCXHP0PBhS09axVIK2QG8hn0Tn7PLI1Us5hxKNY82sHGVZ+w==
Content-Type: multipart/alternative; boundary="_000_DBAPR06MB71436B2494D6E9849FB747CCDF36ADBAPR06MB7143eurp_"
MIME-Version: 1.0
X-OriginatorOrg: telefonica.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DBAPR06MB7143.eurprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 161c6456-ba50-4387-818b-08db830f8b05
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jul 2023 19:38:18.2942 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PyFiEV8QLRiUtB6GPHqO3utCBE5f1MUQ22aCDWYuHZLdVeGgIqYU4buUBLHVsJKDAgkN98jha9WX3QRC3mCwOqmiHY24BLqvzppicfWqs3o=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DUZPR06MB8847
Archived-At: <https://mailarchive.ietf.org/arch/msg/alto/8N6K4J04Ug-PTq7qRAkfqvybIL4>
X-Mailman-Approved-At: Thu, 13 Jul 2023 19:17:36 -0700
Subject: [alto] Follow-up on the Security/Trust aspects in ALTO
X-BeenThere: alto@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Application-Layer Traffic Optimization \(alto\) WG mailing list" <alto.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/alto>, <mailto:alto-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/alto/>
List-Post: <mailto:alto@ietf.org>
List-Help: <mailto:alto-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jul 2023 19:40:59 -0000

Hi,

I owed you a more detailed analysis of the implications I discussed during the call on security and trust implications in ALTO. First of all, my apologies for the delay, justified by the overload of this period. I have finally found some time, now that I am trying to focus on the coming IETF meeting, and therefore I am sharing with you my reflections.

When talking about security and trust in a network capability exposure protocol like ALTO, I believe we have to consider four different dimensions:


  *   The security of the transport protocol (typically, TLS, though we could even think of other potential encapsulations and consider IPsec, SSH…),  focused on the specific profiles and requirements for this protocol. That would include cyphersuites, requirements for (mutual) authentication, certificate profiles, etc.
Another aspect to take into account is how parameters derived from the secure transport (think of the identities in the certificates) can be forwarded to the application relying on ALTO for making its decisions.
  *   The security of the transferred data itself, associated to data serialization. Given the nature of ALTO, the use of mechanisms for signing (and even encrypting) JSON would be the obvious choice, though it would be interesting to analyze the options at hand, to avoid reinventing a full secure-ALTO protocol, and maximize flexibility while addressing relevant use cases for securing ALTO statements.
  *   The provenance of the data, in order to properly record the origin and history of the data being exposed using ALTO. This includes the different data sources aggregated by the ALTO server and the possible re-use of stored or post-processed ALTO statements. I have submitted a proposal on YANG provenance () that could be applicable here.

  *   The expression of security properties (and trust assessment. Note the difference) as ALTO metrics. This would require an extension to the protocol, of a nature similar to the ones being discussed for other aspects like energy consumption.

If you find this discussion interesting enough, I’d be more than happy to make an introduction to these matters, with the idea of exploring the WG interest on the different aspects, at the coming IETF 117, time permitting…

Be goode,



--
“Esta vez no fallaremos, Doctor Infierno”

Dr Diego R. Lopez
Telefonica I+D
https://www.linkedin.com/dr2lopez/

e-mail: diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com>
Mobile: +34 682 051 091
---------------------------------


________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is confidential and privileged information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
________________________________

Le informamos de que el responsable del tratamiento de sus datos es la entidad del Grupo Telefónica vinculada al remitente, con la finalidad de mantener el contacto profesional y gestionar la relación establecida con el destinatario o con la entidad a la que está vinculado. Puede contactar con el responsable del tratamiento y ejercitar sus derechos escribiendo a privacidad.web@telefonica.com<mailto:privacidad.web@telefonica.com>. Puede consultar información adicional sobre el tratamiento de sus datos en nuestra Política de Privacidad<https://www.telefonica.com/es/telefonica-politica-de-privacidad-de-terceros/>.

We inform you that the data controller is the Telefónica Group entity linked to the sender, for the purpose of maintaining professional contact and managing the relationship established with the recipient or with the entity to which it is linked. You may contact the data controller and exercise your rights by writing to privacidad.web@telefonica.com<mailto:privacidad.web@telefonica.com>. You may consult additional information on the processing of your data in our Privacy Policy<https://www.telefonica.com/en/wp-content/uploads/sites/5/2022/12/Telefonica-Third-data-subjects-Privacy-Policy.pdf>.

Informamos que o responsável pelo tratamento dos seus dados é a entidade do Grupo Telefónica vinculada ao remetente, a fim de manter o contato professional e administrar a relação estabelecida com o destinatário ou com a entidade à qual esteja vinculado. Você pode entrar em contato com o responsável do tratamento de dados e exercer os seus direitos escrevendo a privacidad.web@telefonica.com<mailto:privacidad.web@telefonica.com>. Você pode consultar informação adicional sobre o tratamento do seus dados na nossa Política de Privacidade<https://www.telefonica.com/es/politica-de-privacidade-de-terceiros/>.