[nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120
Michael Richardson <mcr+ietf@sandelman.ca> Thu, 10 October 2024 19:52 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: nasr@ietfa.amsl.com
Delivered-To: nasr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B1BBC1519AF for <nasr@ietfa.amsl.com>; Thu, 10 Oct 2024 12:52:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id faxwMUBuYU9f for <nasr@ietfa.amsl.com>; Thu, 10 Oct 2024 12:52:12 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1018C15106B for <nasr@ietf.org>; Thu, 10 Oct 2024 12:52:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 1BCE31800D; Thu, 10 Oct 2024 15:52:11 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavis, port 10024) with LMTP id 4euVTKIh3oqy; Thu, 10 Oct 2024 15:52:09 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1728589929; bh=7m6OwWEr61OjLJZIZBAvlcLxeCI9bs3MqnUg4A4uhvo=; h=From:To:cc:Subject:In-Reply-To:References:Date:From; b=Ak2t8OY+4EXSgFh91J2Q/4bgwqI8N1bl0N1j8MSH1cUv4c156Akh4e/7+1h/nHdDN sBeMLuTbziGmewZZU5ep+/4PQZb5RSI6aJHgzqbttjx8pMfkCavqrXovfskuVdAdu8 FzlIX97TI1kfdNj788BnpfpgncnAw97ZG6RJChunYUF1YEYXghv6GljBlTYL41d65O eTH793MgHCkAXwxC8xLaMF0twTi1jIxjiP5pWMtbFwNdNweweA8FjfMEFYXGvkTKZK OsH7tfwW2G/8MwN+/d+aw24x9Q4d9KJTiH9G3W678NbxGinYqSDQVhyE9PvPxe8ttc ZaN51MLf56jWQ==
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 3E08D1800C; Thu, 10 Oct 2024 15:52:09 -0400 (EDT)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 3937E2C1; Thu, 10 Oct 2024 15:52:09 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: =?UTF-8?B?5YiY6bmP6L6J?= <liupenghui1982@163.com>
In-Reply-To: <298c3b35.aa50.19275e21b7f.Coremail.liupenghui1982@163.com>
References: <17219.1722798809@obiwan.sandelman.ca> <202408091800065008405@chinamobile.com> <744c46d5.25b2.19149927bcb.Coremail.liupenghui1982@163.com> <ca7257d77709444a914c402f419ad0b0@huawei.com> <630665a9.436d.1914a2e2fc7.Coremail.liupenghui1982@163.com> <c15aa26cea984239baf9d2d96b6ed5a7@huawei.com> <ZvyK4n-BI9S-SF94@faui48e.informatik.uni-erlangen.de> <24175.1727974451@obiwan.sandelman.ca> <Zv7t5QNKYiBXkLYf@faui48e.informatik.uni-erlangen.de> <5925.1727990783@obiwan.sandelman.ca> <ZwAhzypyovggw3n0@faui48e.informatik.uni-erlangen.de> <51088332df184b1b90017a023b07a639@huawei.com> <CAA7e52rArVz8LKh_=50RPsLLkBO72BXAoab4L3gogP84OVg8Tw@mail.gmail.com> <fce93c3.2869.19274386add.Coremail.liupenghui1982@163.com> <62295fad5a5f4fabb54f0e714b3038e3@huawei.com> <298c3b35.aa50.19275e21b7f.Coremail.liupenghui1982@163.com>
X-Mailer: MH-E 8.6+git; nmh 1.8+dev; GNU Emacs 28.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;<'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 10 Oct 2024 15:52:09 -0400
Message-ID: <780.1728589929@obiwan.sandelman.ca>
Message-ID-Hash: FDSVRNQR3NWG6V6PUIXPNA3VLDUOYOV2
X-Message-ID-Hash: FDSVRNQR3NWG6V6PUIXPNA3VLDUOYOV2
X-MailFrom: mcr+ietf@sandelman.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Luigi IANNONE <luigi.iannone=40huawei.com@dmarc.ietf.org>, Jean-Michel Combes <jeanmichel.combes@gmail.com>, "Liuchunchi(Peter)" <liuchunchi=40huawei.com@dmarc.ietf.org>, Toerless Eckert <tte@cs.fau.de>, Meiling Chen <chenmeiling@chinamobile.com>, "nasr@ietf.org" <nasr@ietf.org>
X-Mailman-Version: 3.3.9rc5
Precedence: list
Subject: [nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120
List-Id: Network Attestation for Secure Routing <nasr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nasr/95h-NxxXCsb2lcMLeA7Mloo6OkQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nasr>
List-Help: <mailto:nasr-request@ietf.org?subject=help>
List-Owner: <mailto:nasr-owner@ietf.org>
List-Post: <mailto:nasr@ietf.org>
List-Subscribe: <mailto:nasr-join@ietf.org>
List-Unsubscribe: <mailto:nasr-leave@ietf.org>
刘鹏辉 <liupenghui1982@163.com> wrote: > Toerless etc said there may be stealth L2 device in-between routing as > discussed in early emails... Yes. There may also be bent fibre. https://en.wikipedia.org/wiki/Fiber_tapping That's the same. We can't prevent it, and may be unable to detect it, (short of quantum entangled methods). It presents a capture-now-decrypt-later attack. However, 1) We can encrypt everything (MACsec) 2) we can determine the trustworthiness of the end-points 3) we can pick paths where the fibre does not go through adversarial or insecure routes. We can prove where traffic went, but we can not prove where traffic did not go. -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- [nasr] Secure Routing Path Consideration- China M… Meiling Chen
- [nasr] Re: Secure Routing Path Consideration- Chi… Luigi Iannone
- [nasr] Re: Secure Routing Path Consideration- Chi… 刘鹏辉
- [nasr] 回复: Re: Secure Routing Path Consideration-… Meiling Chen
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Meiling Chen
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] 回复: Re: 回复: Re: Secure Routing Path Consid… Meiling Chen
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Toerless Eckert
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Toerless Eckert
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… junzhang
- [nasr] Re: Secure Routing Path Consideration- Chi… Luigi Iannone
- [nasr] Re: Secure Routing Path Consideration- Chi… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Toerless Eckert
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Toerless Eckert
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Toerless Eckert
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Jean-Michel Combes
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Yutaka OIWA
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Luigi IANNONE
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Jean-Michel Combes
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Luigi IANNONE
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Luigi IANNONE
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Henk Birkholz
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Meiling Chen
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Meiling Chen
- [nasr] Re: Secure Routing Path Consideration- Chi… Luigi Iannone
- [nasr] Re: Secure Routing Path Consideration- Chi… Liuchunchi(Peter)
- [nasr] Re: Secure Routing Path Consideration- Chi… Meiling Chen
- [nasr] Re: Secure Routing Path Consideration- Chi… Luigi IANNONE
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Jean-Michel Combes
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: Secure Routing Path Consideration- Chi… Meiling Chen
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Jean-Michel Combes