[alto] Security/Trust aspects in ALTO

"ayoub.messous@fujitsu.com" <ayoub.messous@fujitsu.com> Tue, 06 June 2023 14:53 UTC

Return-Path: <ayoub.messous@fujitsu.com>
X-Original-To: alto@ietfa.amsl.com
Delivered-To: alto@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC97EC151B17 for <alto@ietfa.amsl.com>; Tue, 6 Jun 2023 07:53:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.392
X-Spam-Level:
X-Spam-Status: No, score=-4.392 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fujitsu.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B7tkqUrTWyoS for <alto@ietfa.amsl.com>; Tue, 6 Jun 2023 07:53:07 -0700 (PDT)
Received: from esa20.fujitsucc.c3s2.iphmx.com (esa20.fujitsucc.c3s2.iphmx.com [216.71.158.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1959C151B20 for <alto@ietf.org>; Tue, 6 Jun 2023 07:53:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=fujitsu.com; i=@fujitsu.com; q=dns/txt; s=fj1; t=1686063187; x=1717599187; h=from:to:cc:subject:date:message-id:mime-version; bh=2W3SH5XJVnsjuWVj2WvMCPPgjE726HQgluuegZjjS1Q=; b=imhhoGUelfhtbpNyFTZuj0ZPQ2Z3ULbI5+dlZgk3ZdhaWWanw6OuvZpx Qfj+I0jeDSQL/n2Ug/NxqoS9isbQToJJx/pGhxJrY7Q5DVjuh5HNXFl1O Mbbiyx2gCYeDeh7RHegrQoxgJ5BinQvrGR5sv8dI+pBaNKY9ZmK84ko0Z 8auruD5gIg6ESCWabBTnVSQfnwpZnqsE8jKXgtqSIJNICHTIhGtcWGCjB 6y98qdz2m/9iJ4IY1VmWuoV8JK2GItONOd8icgGdzaZYC0oJynXVxUAXM NlKaBcT0Z4kYcNrVDFWeUQmwWJqUmq11rhplEHQsYxpS5UOaNQH/N4mQU Q==;
X-IronPort-AV: E=McAfee;i="6600,9927,10733"; a="86283684"
X-IronPort-AV: E=Sophos; i="6.00,221,1681138800"; d="scan'208,217"; a="86283684"
Received: from mail-cwlgbr01lp2051.outbound.protection.outlook.com (HELO GBR01-CWL-obe.outbound.protection.outlook.com) ([104.47.20.51]) by ob1.fujitsucc.c3s2.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Jun 2023 23:53:04 +0900
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JlbQ8wjBUsOLb6MiSJCFvZOOZkH2l99Cye/7q+XHf15tixXcUiR7tRrr+h5Pd8kMyAnga2N57IKHkW6hprpY/ICZ/OHUc0KChr/0MJM58zg+soJo1FrD0ArIB4d0iviaPuPUZ4t28HC3l1qtnNgxJKwIo+KRC/s4UjBaXRWU5Ae8sgfojm0plasuFuYYgbaaajYjcSq7YFijKRCzdw9B+VctIwNyEejRxjpn9WtGIKREAAoxZwJyeAXIjy4MJygWet0bmNfhzZ2/5HgqoNfxTHb/4TjuuKwy9T8U4EBsTJWmBObT3h81DzGg5FTwnOz5o4EOTWQpUqJEo3Jpyduf1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2W3SH5XJVnsjuWVj2WvMCPPgjE726HQgluuegZjjS1Q=; b=Yc+hHWIR2f6V6rX6KjZl+2ukL1sWPK1Cc0vKfiful3QfgpjtuRvQZbgw65uTGwEpVbwwMX7nyaxOjkZQ1L1ZMHety+DrrXPRmnynSpd/7fo3dV5p3AQGEemORDXFw3Hq/aM1Ssf0/3twp6Bi7HmWaWe3NYOTYny3S36dKUk5Tk/GruJErxfo60XR/LcBfZiWBgm8C0sGAzinmZ/3auJEGMEVKMvhhLez5vItbOvIgicXU68bWbIRntTj0ZWZ7mreYpdW9oJINfkv848ZOHpFiCk54Ji4wu/TwwXSxUcu1KXCYpYQG30ZaDZOWxXUht/zMktmtCargsulF4kWwFJlZg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fujitsu.com; dmarc=pass action=none header.from=fujitsu.com; dkim=pass header.d=fujitsu.com; arc=none
Received: from CWXP265MB5565.GBRP265.PROD.OUTLOOK.COM (2603:10a6:400:15b::10) by LO2P265MB5039.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:22e::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6477.18; Tue, 6 Jun 2023 14:53:02 +0000
Received: from CWXP265MB5565.GBRP265.PROD.OUTLOOK.COM ([fe80::2a78:3610:76af:2a7e]) by CWXP265MB5565.GBRP265.PROD.OUTLOOK.COM ([fe80::2a78:3610:76af:2a7e%3]) with mapi id 15.20.6477.016; Tue, 6 Jun 2023 14:53:02 +0000
From: "ayoub.messous@fujitsu.com" <ayoub.messous@fujitsu.com>
To: "Randriamasy, Sabine (Nokia - FR/Paris-Saclay)" <sabine.randriamasy@nokia-bell-labs.com>, "Motoyoshi Sekiya (Fujitsu)" <sekiya.motoyosh@fujitsu.com>
CC: Jordi Ros Giralt <jros@qti.qualcomm.com>, LUIS MIGUEL CONTRERAS MURILLO <luismiguel.contrerasmurillo@telefonica.com>, Qin Wu <bill.wu@huawei.com>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "'alto@ietf.org'" <alto@ietf.org>, "Junichi Suga (Fujitsu)" <suga.junichi@fujitsu.com>
Thread-Topic: Security/Trust aspects in ALTO
Thread-Index: AdmYgB+ULTonABhLRxav7sPhn0E8ewAAEGjg
Date: Tue, 06 Jun 2023 14:53:02 +0000
Message-ID: <CWXP265MB5565D3075B329934EB722280F852A@CWXP265MB5565.GBRP265.PROD.OUTLOOK.COM>
Accept-Language: en-GB, fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=fujitsu.com;
x-ms-exchange-calendar-series-instance-id: BAAAAIIA4AB0xbcQGoLgCAAAAAAA3IqEh5jZAQAAAAAAAAAAEAAAAI65tuWU1lpNiO3TiCjX4qE=
x-ms-traffictypediagnostic: CWXP265MB5565:EE_MeetingMessage|LO2P265MB5039:EE_MeetingMessage
x-ms-office365-filtering-correlation-id: 2d7cd61c-b83c-4602-b746-08db669dba13
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: nI857jTtrvDGqWZSWFJGVyihi+nWtccnAQVWjfX0SyAi6KeGTJkjerHR5acqgageop1tKF1dENkPUtJMCxBrSuoA82fGyiKk+Ey0d7Q3WNQTIDTPoimnYL4rOUyw7TC3uNp2fl2RDDjDzyV/+AyR1KMDHmtnOL1q3r+4yrwGKnapFpCLS+qCulz1nXy6cQT/wGygdhYR1cWTUU+xFGOgOvmzZANo3MNZUKVK8bWY6yt/+WnRc3QS13CzdZvOXEuMRq3WHWLCpG3Q0DIiwp9PDljGUG1I0sAUEETCaqcUptMJsD0VcS7uFq0pWYgk6m3RkyYNPs5RcugV0T0w8bZP/MLX9KFFvTlANXgJvDq2H2pYIOOpjO5LhqlNj00oE+5liojYe2NhDB9Xz29D5aTbwfC0n/yG9FFJ4lDDCaS/yGVIfU3Fc8/6tCcBMq2db35Zx3SBNqxh4RihWHObLQcfinIZ9y9FwhVwFfiKaKsvBpqccMH3RHGIUR7S9d9gYL2pGYynuFac4HVc6TFSUXg4gHjxlKV6t8mixJsuGPMnrULdmzcisU523bcc8r3XOp6rx2rXaZI+NmM4pB9lALAA5Rc4GjAvdzEknj/QwGe8rB8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CWXP265MB5565.GBRP265.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230028)(4636009)(366004)(136003)(376002)(39860400002)(346002)(396003)(451199021)(66476007)(76116006)(66946007)(2906002)(66446008)(478600001)(15650500001)(45080400002)(4326008)(316002)(6636002)(4744005)(8936002)(64756008)(8676002)(110136005)(41300700001)(54906003)(66556008)(52536014)(5660300002)(7696005)(71200400001)(66899021)(6506007)(26005)(107886003)(9686003)(38100700002)(82960400001)(186003)(55016003)(4743002)(83380400001)(3480700007)(38070700005)(86362001)(166002)(33656002)(122000001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: D0doSudxEx05SWJVeBdvFZigy3DPXzEL81TKcjx4u5x04mf5JWAvLclw3Q++PwljnPEEz6IVWyaWrVvWowv2wUybaCTAg29EiN7AQvrdG10AGOZhYKirp3btUgylgqAnXF9TKJUB3AMxl8FiK6HRUscpwYvP5zOD1zfSVjrjdrt32LzCTM+nkL1lrOpvcq/F4QojDJVKTN0nTGH06WAMws23/FOkZ6L7o+RSmBzitFnPQYV4v1nxCjfzHVvZ0C1T9zn06HAUXjq9Gj7oW8bCQd9U/5thxQ0EqM8ZNVq9QuJ6Nl/CSi/LfnV3Wg34BXLlppe5DtpNNo34QU3gr/P89GaqYUL7w0WRUElIciZzUXjoH6+nYALXKyE+IfIUB+raz2xvkpvQKiIVaE6ib/letZu3Za+amhdYpuWAWoNiY+tZkrl+7x/FTJK7TRmsW+yhGBXcQReAqc9aWBKTPkJmOSySySHL3qeQV4aH+EK9DLOF5DQLF66izLGhMfCowJv/lRp6giMPbhUN7tLlRRyY1oNlXbmmRZ2wjjgrmsqEL3RrZyJbLKMMGz732W8wSGRwumB86OTrwxxGsVxnFMhkF9AjY2SQWBeWo7uhhMMdOYQwaYw1w0G4w2a/2xmLcMempNlOGMGgP1TUPbujipAdTYnkZpqW5xyIrgN7IKmpvtjPBTos9zG4DCsUf8TA0oVcv6s8aBMIafZa2cJqktdh41tSiEUJ0ZSd0/bucQ2QdFxcFC7i1D98YPYo1w+SL6Ud4qjmp/u2EJ7DZHics4V/626XjrXuIVqRoEbhbQ1ifBuEXigiYjYBSbPF2GQ4R+iZUiy/nQcOguw7kKKMdtutMtyF58HuG6oxbaR0fp4qxPIjG1Rj/rWVZv8KDK142wqP1uhRqB1xKqW4GC5ZC6PkmDIlnuJk77xPimi0Jui1nNScTQf+HYDqaErUuYmbvrA7Bv1LU4xJUJTlc4k3f+hhyEbmSZKOmeIn+ngzP1WHvsFOq3U7ohRdBcnr+XHjA0UkKwP5HetSoGwRJcyftxtjG1ady3zTLMWrhdlhsCn7OyoE+hyrAba97ny2OTt8kLT03u9PlWsrbkBGrvYMCb26yWGBBjEhVmzE+s2MqqNiX8a1rTqQ1YM2VcW+EoD3Jumu05MoeduwAtg/YTmArcFPKK/+12E/ReI4pk2KnpBjI+g4fatqQj0E6ARnqYvKYvcAbZW7L5VIXFv4FO6rPqxiBmPU1M0PpqxCTnh+S9Sl8NKITHV1gjTX3tU7PvQYZkJ61PVrWQ1CAkT5zUZii7sCuhmCfI2Rc+W8SpTznIERr2Yohaj5nExd/77gh5UyeEhkqcFlbMtgTI/DOBvo89qHowsYc2HCBUtoh9VF1+U+Dfr555/++D5DQGbwwjMWrSkMQNCaIMZ0epnfGFwObYMVt/OBtTZCqsuLD0cnMWKVGEflpjTZm0Ul8SY3I6UMko5PVEOWaLZZ3t7Brk9XNRUWbcZRoJcxRgejEkhizhbf+EkPcAZk4ZcOeMnLi3BD9n+PNnstsNGDeLeRkaCEsXW7WXZCm72ARtEulWpmu8UM+iL3DOe7ugYwPVyVP7cMrzUb
Content-Type: multipart/alternative; boundary="_000_CWXP265MB5565D3075B329934EB722280F852ACWXP265MB5565GBRP_"
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: lgo42qNZZj/S4j/pYH7CBsCQQnfzQ6uIgOVGRClMXSow3H66liX/hFZIwtK8BxEqrdfJ/yWv/vrflJxZb/IindT1oqTR4Zn3Mpv9fYKvNGwWlZTtcVCAEgO7NkZYfszjc+Njpxfx/CPO+cRb0UPQLWhani8R/Rxmj5tDTOqU0x3z2KWk/vsyr3f0OrB6oEsG+mQlttba4ylwUfu7Ek3kh98QpvhYB3WVxIDPjIJoACk3KKCeZUSeHSc36mtFFYSLFvkv8vy3bksyNiDijf40T10+ovlL1/0/5FEVbsMfOxCTQsYsgGdoJJYF+dpuY/ogRqIIrFBxMb0lIWTLooH/cmGpMgiNaScBVKsoZg8gPR+qfRs0rbHf53K/SudAbk1IEDsRzhS4S8DazLcEBHCYtkh3/gEIBq3rnr7WTUlRCPHaJjCuMawb6Lxy24GQv+7UvnNoeQ7ShzT7DL4BIfNAGhDItqlZvE0MROKsFEqCnlGYY0vhYAqBQE/jSqUnHmeqqkdwySeJN5RLnwwOAfdaIorwxCHKjI1YxwJ8cX0Y/5Gu0pzX9SbfucMuLDJ4nktoryhdbQOIczEIywCfNGGAG9Kdff5Qc76r6XNRo+D64M9bsv/s4MduZHzNL2LmNLW9QnEBdK1IwVIYnRvqXGPXJIIu9nCmEMxOSeWhB3zwPvb4iHS05j8G2i/X14GeV6vFEjaGwY0f0cqTynApe5dwxdaFIW2T6iFbmJB7RrT91ogLlj4wObMeBHTsAedufYmqBQgmIZh3gK3sMjQedin+OZR3X/INuNFfe5zpvmbctx/n6SLdqyMnIpV2iMTN3Xl4LYNzf59CvC+GaUNHYt3AjlUhvCge9L+svBd6fzRiP4Plk2rqEOFWswBORFUAX6ez334gpzVi0uIzCjiqinhkYGHWO9A76AlU5K1C9+0ToikjccMAlIUBZ2pH98rXnfvz
X-OriginatorOrg: fujitsu.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CWXP265MB5565.GBRP265.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 2d7cd61c-b83c-4602-b746-08db669dba13
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jun 2023 14:53:02.0505 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a19f121d-81e1-4858-a9d8-736e267fd4c7
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 7yUFi1jfoOXPSjahH63+xgjfM1J10Niy8129AdId2D6nIIpMfMssziKdwUqL1y0NwhaY8JKtWNt+WDyo0EoAmJ948hCtZfoOEj/wVw5rJ88=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO2P265MB5039
Archived-At: <https://mailarchive.ietf.org/arch/msg/alto/mWCe5mGvsSS0d_e6Beff8CLsXoE>
Subject: [alto] Security/Trust aspects in ALTO
X-BeenThere: alto@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Application-Layer Traffic Optimization \(alto\) WG mailing list" <alto.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/alto>, <mailto:alto-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/alto/>
List-Post: <mailto:alto@ietf.org>
List-Help: <mailto:alto-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2023 14:53:11 -0000

Dear ALTOers,

Following the question from Sabine during our today’s weekly meeting,  I am suggesting this short discussion focusing on “Security/Trust aspects as part of ALTO”. The questions that we want to address revolve around:

  *   How to assess Security vulnerabilities.
  *   How to cover Security aspects (bottom-up vs top-down approaches)
  *   What are the best options to integrate security elements into ALTO.
  *   Other relevant questions.

Regards,
Ayoub


________________________________________________________________________________
Microsoft Teams meeting
Join on your computer, mobile app or room device
Click here to join the meeting<https://teams.microsoft.com/l/meetup-join/19%3ameeting_MGNkMWMwODAtYmRjMy00MGFhLWI4ZDktOGEzMDFiYzg1YTg1%40thread.v2/0?context=%7b%22Tid%22%3a%22a19f121d-81e1-4858-a9d8-736e267fd4c7%22%2c%22Oid%22%3a%22fca5f38d-5297-46aa-b455-d0973e7cb68a%22%7d>
Meeting ID: 434 067 335 84
Passcode: KLqbfi
Download Teams<https://www.microsoft.com/en-us/microsoft-teams/download-app> | Join on the web<https://www.microsoft.com/microsoft-teams/join-a-meeting>
Learn More<https://aka.ms/JoinTeamsMeeting> | Meeting options<https://teams.microsoft.com/meetingOptions/?organizerId=fca5f38d-5297-46aa-b455-d0973e7cb68a&tenantId=a19f121d-81e1-4858-a9d8-736e267fd4c7&threadId=19_meeting_MGNkMWMwODAtYmRjMy00MGFhLWI4ZDktOGEzMDFiYzg1YTg1@thread.v2&messageId=0&language=en-US> | Legal<https://www.fujitsu.com/global/about/resources/privacy/>
________________________________________________________________________________