Re: [I2nsf] Questions & suggstions to draft-pastor-i2nsf-vnsf-attestation-00
DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com> Mon, 21 March 2016 12:57 UTC
Return-Path: <diego.r.lopez@telefonica.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B699F12D801 for <i2nsf@ietfa.amsl.com>; Mon, 21 Mar 2016 05:57:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.611
X-Spam-Level:
X-Spam-Status: No, score=-2.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bh8kHRH4vFvq for <i2nsf@ietfa.amsl.com>; Mon, 21 Mar 2016 05:57:30 -0700 (PDT)
Received: from smtpjc.telefonica.com (smtpjc.telefonica.com [81.47.204.76]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CB2C12D7CB for <i2nsf@ietf.org>; Mon, 21 Mar 2016 05:57:29 -0700 (PDT)
Received: from smtpjc.telefonica.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A7EE82F08FA; Mon, 21 Mar 2016 13:57:26 +0100 (CET)
Received: from ESTGVMSP102.EUROPE.telefonica.corp (unknown [10.92.4.9]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client CN "ESTGVMSP102", Issuer "ESTGVMSP102" (not verified)) by smtpjc.telefonica.com (Postfix) with ESMTPS id 9696E2F08CD; Mon, 21 Mar 2016 13:57:26 +0100 (CET)
Received: from emea01-am1-obe.outbound.protection.outlook.com (10.92.5.139) by tls.telefonica.com (10.93.6.49) with Microsoft SMTP Server (TLS) id 14.3.235.1; Mon, 21 Mar 2016 13:57:26 +0100
Received: from DB4PR06MB0624.eurprd06.prod.outlook.com (10.161.13.142) by DB4PR06MB265.eurprd06.prod.outlook.com (10.242.231.142) with Microsoft SMTP Server (TLS) id 15.1.434.16; Mon, 21 Mar 2016 12:57:24 +0000
Received: from DB4PR06MB0624.eurprd06.prod.outlook.com ([10.161.13.142]) by DB4PR06MB0624.eurprd06.prod.outlook.com ([10.161.13.142]) with mapi id 15.01.0434.021; Mon, 21 Mar 2016 12:57:24 +0000
From: DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com>
To: Linda Dunbar <linda.dunbar@huawei.com>
Thread-Topic: Questions & suggstions to draft-pastor-i2nsf-vnsf-attestation-00
Thread-Index: AdFa6dZPY3cOkGxTRvK10yqlMgLXcgAAX9GAASg8JfAI+TvygA==
Date: Mon, 21 Mar 2016 12:57:24 +0000
Message-ID: <975015BA-3F01-4861-95C3-E29190ECA41C@telefonica.com>
References: <4A95BA014132FF49AE685FAB4B9F17F657DE48CA@dfweml701-chm> <0C9F4855-450C-4960-9CB5-1F31DA7E2088@telefonica.com> <4A95BA014132FF49AE685FAB4B9F17F657DE73C3@dfweml701-chm>
In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F657DE73C3@dfweml701-chm>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: huawei.com; dkim=none (message not signed) header.d=none;huawei.com; dmarc=none action=none header.from=telefonica.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [176.84.211.64]
x-ms-office365-filtering-correlation-id: f3581d0d-6eda-49bd-3f9a-08d351885945
x-microsoft-exchange-diagnostics: 1; DB4PR06MB265; 5:/NnZ7HRh5lv8V2uCXT1t0a00G7KyUqNeQo/ptPnii1yTUQoXDynkO8TH9OZSdJ6jEICnla7fiRQHZnqCRZGXP1klHx6M6Id64qF/JY1SJ4WwbTJ1nt/JU95njrRna68+kW4t21zjTcZmklQmFA9uNw==; 24:PURCqgtVfUDSu9buiQlaXlQirD6eYyFXG5W7Pyhu7UE2igiqwO1ZLbs3j6Xtc4cEUtp4MOwF4Iki00aZDx/PaMhhlRRBC1dwkcOWpJ57y9s=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB4PR06MB265;
x-microsoft-antispam-prvs: <DB4PR06MB265945A02F39E9A427F00F5DF8F0@DB4PR06MB265.eurprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001); SRVR:DB4PR06MB265; BCL:0; PCL:0; RULEID:; SRVR:DB4PR06MB265;
x-forefront-prvs: 0888B1D284
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(52314003)(45984002)(377454003)(252514010)(24454002)(40134004)(36756003)(76176999)(82746002)(54356999)(50986999)(5008740100001)(86362001)(2906002)(19617315012)(87936001)(66066001)(10400500002)(83716003)(16236675004)(81166005)(1096002)(122556002)(33656002)(1220700001)(15975445007)(77096005)(189998001)(2900100001)(2950100001)(586003)(5002640100001)(5004730100002)(92566002)(230783001)(110136002)(19580405001)(102836003)(3846002)(11100500001)(19580395003)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:DB4PR06MB265; H:DB4PR06MB0624.eurprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_975015BA3F01486195C3E29190ECA41Ctelefonicacom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Mar 2016 12:57:24.2921 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR06MB265
X-OriginatorOrg: telefonica.com
X-TM-AS-GCONF: 00
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2nsf/pjKBYZumIHR160TbaL4ZCcGSDM4>
Cc: ANTONIO AGUSTIN PASTOR PERALES <antonio.pastorperales@telefonica.com>, "i2nsf@ietf.org" <i2nsf@ietf.org>, Futianfu <futianfu@huawei.com>
Subject: Re: [I2nsf] Questions & suggstions to draft-pastor-i2nsf-vnsf-attestation-00
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2016 12:57:43 -0000
Hi Linda, When making the final updates to the new version of the draft I am about to upload I noticed I did not reply to this last comment of yours. The document considers different levels of assurance that can be requested by users. This level of assurance will determine how stringent the requirements for authentication (in both directions) and how detailed the collected measurements and their verification will be. I have included a mention to this in the draft as well. Be goode, On 4 Feb 2016, at 22:17 , Linda Dunbar <linda.dunbar@huawei.com<mailto:linda.dunbar@huawei.com>> wrote: Diego, Thank you very much for your explanation of the questions. A few more questions. The Trusted Computing Group has defined the Remote Attestation: to enable a remote system to determine the level of trust in the integrity of platform of another system (attestator). The architecture for remote attestation consists of two major components: Integrity measurement architecture and remote attestation protocol. Are you trying to apply what being defined by TCG RA to “Client <=> Controller” context? Or is the intent to identify the reasonable deployment scenarios, so that (lower cost) simplified procedures and protocols for remote attestation can be identified? For example, if all requests to controller have to be carried by the TCP session initiated by the trusted controller, remote attestation procedure can be simpler. Your opinion? Linda From: DIEGO LOPEZ GARCIA [mailto:diego.r.lopez@telefonica.com] Sent: Friday, January 29, 2016 5:18 PM To: Linda Dunbar Cc: ANTONIO AGUSTIN PASTOR PERALES; i2nsf@ietf.org<mailto:i2nsf@ietf.org> Subject: Re: Questions & suggstions to draft-pastor-i2nsf-vnsf-attestation-00 Hi Linda, Thanks for your comments. We are working in a new version and will try to address them in it, but let me make a few remarks inlined below… On 30 Jan 2016, at 24:07 , Linda Dunbar <linda.dunbar@huawei.com<mailto:linda.dunbar@huawei.com>> wrote: Section 1 provides a very good threat analysis for I2NSF environment. However, the solution (Section 5) only covers how “user” attest the “Controller”. Do you plan to expand the draft to cover all the security threats documented in the Section 1? DRL> We will try to expand the document to cover of the threats that can addressed by trust assessment on the platform and the NSFs, so we’ll make a note on which ones are in that category. I understand some of the issues described in the Section 1 is very difficult to solves. For example: An authorized user may misuse assigned privileges to alter the network traffic processing of other users in the virtualization platform… It is great to have those security threats documented. It would also be good to add a note when those issues are out of the scope of I2NSF. Another example: A user with physical access to the virtualization platform can modify the behavior of hardware components. (my note: This issue is true to all virtualized functions. There is also data leakage across different VNFs instantiated on the same physical servers. We should put a note that this is not something that IETF can address) DRL> This is a good suggestion. We’ll follow it Architecturally, there are two ways that users can use I2NSF: 1. Users can specify the “Service Layer Policies/rules” to the Security Controller. The Controller select the appropriate NSFs (virtual or physical) to enforce the “Service Policies” by passing down the “Capability Layer rules/policies”. 2. vNSFs are allocated to the Users. So the Users can send direct policies to its designated vNSFs via the Security Controller. Your draft covers the Case 2 above very well. Can you add some description to the Case 1 ? DRL> The selection of the appropriate NSFs is supposed to happen before the attestation procedures are applied, so I’d say this draft addresses the situation of both cases 1 and 2. Anyway, I see interesting to explore your suggestion, especially in case 1, that would require a rather intelligent controller... Some questions: Section 4.1.3: Secure Boot is applicable to any Hypervisors that host multiple VMs. Should it be out of scope for I2NSF? DRL> The specification of Secure Boot yes, but I consider a reference to its applicability necessary... Section 5.2: Does the controller measure the User's hardware & software components or measure its own HW&SW? DRL> The controller should measure the HW/SW on which the NSFs run, what we call the platform. We’ll try to make it clearer in the draft Section 5.3: Instantiation of vNSF to Container should be done by the lifecycle management of vNSF. The controller's job is only to pass policies. Is this your understanding too? DRL> Indeed, and this is connected with the discussion on the selection of the vNSFs above. We’ll try to make it clear in the draft Be goode, -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D http://people.tid.es/diego.lopez/ e-mail: diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com> Tel: +34 913 129 041 Mobile: +34 682 051 091 ---------------------------------- ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D http://people.tid.es/diego.lopez/ e-mail: diego.r.lopez@telefonica.com Tel: +34 913 129 041 Mobile: +34 682 051 091 ---------------------------------- ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
- [I2nsf] Questions & suggstions to draft-pastor-i2… Linda Dunbar
- Re: [I2nsf] Questions & suggstions to draft-pasto… DIEGO LOPEZ GARCIA
- Re: [I2nsf] Questions & suggstions to draft-pasto… Linda Dunbar
- Re: [I2nsf] Questions & suggstions to draft-pasto… DIEGO LOPEZ GARCIA