[nasr] Re: Secure Routing Path Consideration- China Mobile-ietf120

Luigi Iannone <ggx@gigix.net> Mon, 14 October 2024 12:28 UTC

Return-Path: <ggx@gigix.net>
X-Original-To: nasr@ietfa.amsl.com
Delivered-To: nasr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2994C1654EC for <nasr@ietfa.amsl.com>; Mon, 14 Oct 2024 05:28:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gigix-net.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OohP2jH6DSiF for <nasr@ietfa.amsl.com>; Mon, 14 Oct 2024 05:28:24 -0700 (PDT)
Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C71EC1522A0 for <nasr@ietf.org>; Mon, 14 Oct 2024 05:28:24 -0700 (PDT)
Received: by mail-wm1-x32c.google.com with SMTP id 5b1f17b1804b1-4311695c6c2so31962635e9.1 for <nasr@ietf.org>; Mon, 14 Oct 2024 05:28:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gigix-net.20230601.gappssmtp.com; s=20230601; t=1728908902; x=1729513702; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=aqD/1wKRBHcD30BPWiHpi1+Z5RaBXd5ofwDLUWHkwxI=; b=jPvvLr51Kiyz20aZ27zBU1/RAjWdVX5aLsPnUaN3AYR1UtgrHwSakBToAPrWYnoYmq 9KWLhQMpOg4MPGZQWM6mbFD7CNAq7FF1uZrMMwlJM31+tCucQEQOFhwTQX2g/UI3dXcV 3JxZsLWnW/1myJYXvulSTiJG/DMlAleeAhc/WW0RZWn+VAdNrXszkbfanKwKOALnVwoc HppyCJfPX01ueMAU3eRZ/CSTcoMd8fKHrZ0Cu8pbMtIJuxi6gxydv2lXduy4Di4a6JFT +FXcfGt04wMqwXz7j5rOJFUcF7z7wOFg6Hri5wskuL2YSL89woor88JSaA+tK6tAtJUG bA7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728908902; x=1729513702; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=aqD/1wKRBHcD30BPWiHpi1+Z5RaBXd5ofwDLUWHkwxI=; b=G3xR4fU1LCW57D8pgRJowkg+DNgCTHXxOaU53I0SyMAuCQFhBPE7bpztSnYf3KEuYk uloyOGPk7xcOeReCGONvYHuXeYk9KXzENLfqmd6h4FHLveosFDyamm6C1KAfGdFNeKHc xjU3qvtBz7nMgJ1xh9WG5wtDfmczknf1xdFLcCeGyJh+eGPjz0LocBOzSuHW1FN91EZf tFZGTqrc9qGr8lHTtQFFTTCvnyg8YLhgkjt/qvYrKhyggC1PwRDwkZcaAMmK96nYUY12 wc8Ti3keGVR9VH2M8UqsGS0f0SlMmfNGLziRxi27GczHR2SqHN2HfGU97rNFG/YLpyeg b2Tg==
X-Forwarded-Encrypted: i=1; AJvYcCUROMv+humIZcDgqV/482IRWLi5sSZR2y7ecdkmDF1szDF/c7Lk+jcYmswwxb4yC9CRUlVb@ietf.org
X-Gm-Message-State: AOJu0Yy12lpDKvzPH0QbzWPHr0eJ0lJJ8i3gZcRac+hkuUNF21N2C4Wm Gjd5xfFcqsx2duBnIq3z9P+rH/eJpVJIIbt2X3jMzI2Gr2jOiY8uoENeXpqGF9Y=
X-Google-Smtp-Source: AGHT+IGrvc96C+7iT8VECmNGwJM3L8jC5YMKmN9nXkDSI6lMyZco40ZAWFGGr3w+8Kn/tKduYFW76A==
X-Received: by 2002:adf:f3c2:0:b0:37d:3dfc:949c with SMTP id ffacd0b85a97d-37d5ff6cdddmr5183980f8f.41.1728908901947; Mon, 14 Oct 2024 05:28:21 -0700 (PDT)
Received: from smtpclient.apple (91-167-176-17.subs.proxad.net. [91.167.176.17]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-37d4b6d0217sm11251953f8f.60.2024.10.14.05.28.20 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Oct 2024 05:28:21 -0700 (PDT)
From: Luigi Iannone <ggx@gigix.net>
Message-Id: <073DF3CA-0083-4157-A55F-DB34070C9299@gigix.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_20911DD1-83CA-4683-B5CE-BC7B6376710B"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3818.100.11.1.3\))
Date: Mon, 14 Oct 2024 14:27:50 +0200
In-Reply-To: <f1cd3cd20a3b41f4b847ec586097ca8d@huawei.com>
To: "Liuchunchi(Peter)" <liuchunchi=40huawei.com@dmarc.ietf.org>
References: <17219.1722798809@obiwan.sandelman.ca> <202408091800065008405@chinamobile.com> <744c46d5.25b2.19149927bcb.Coremail.liupenghui1982@163.com> <ca7257d77709444a914c402f419ad0b0@huawei.com> <630665a9.436d.1914a2e2fc7.Coremail.liupenghui1982@163.com> <c15aa26cea984239baf9d2d96b6ed5a7@huawei.com> <ZvyK4n-BI9S-SF94@faui48e.informatik.uni-erlangen.de> <24175.1727974451@obiwan.sandelman.ca> <Zv7t5QNKYiBXkLYf@faui48e.informatik.uni-erlangen.de> <5925.1727990783@obiwan.sandelman.ca> <ZwAhzypyovggw3n0@faui48e.informatik.uni-erlangen.de> <51088332df184b1b90017a023b07a639@huawei.com> <CAA7e52rArVz8LKh_=50RPsLLkBO72BXAoab4L3gogP84OVg8Tw@mail.gmail.com> <f0b125fcf8fc45c4b3991202c9b0a3c6@huawei.com> <b8af360c37e8436ba370c70ea165ba85@huawei.com> <f1634460-3fff-7929-10af-73052588dd8e@ietf.contact> <2024101411264178395610@chinamobile.com> <f1cd3cd20a3b41f4b847ec586097ca8d@huawei.com>
X-Mailer: Apple Mail (2.3818.100.11.1.3)
Message-ID-Hash: R2SQW5GHCBHKITPR27KQPNF3RLA5F7M3
X-Message-ID-Hash: R2SQW5GHCBHKITPR27KQPNF3RLA5F7M3
X-MailFrom: ggx@gigix.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Meiling Chen <chenmeiling@chinamobile.com>, Henk Birkholz <henk.birkholz@ietf.contact>, Luigi IANNONE <luigi.iannone@huawei.com>, Jean-Michel Combes <jeanmichel.combes@gmail.com>, Toerless Eckert <tte@cs.fau.de>, Michael Richardson <mcr+ietf@sandelman.ca>, 刘鹏辉 <liupenghui1982@163.com>, nasr <nasr@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [nasr] Re: Secure Routing Path Consideration- China Mobile-ietf120
List-Id: Network Attestation for Secure Routing <nasr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nasr/HxM2sHFbQ4t67fAYF0BNEY6Iua4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nasr>
List-Help: <mailto:nasr-request@ietf.org?subject=help>
List-Owner: <mailto:nasr-owner@ietf.org>
List-Post: <mailto:nasr@ietf.org>
List-Subscribe: <mailto:nasr-join@ietf.org>
List-Unsubscribe: <mailto:nasr-leave@ietf.org>

Hi All,

it seems that we converge to “L2 out of scope”.

Let’s take it a bit further…..    ;-) 

end-to-end encryption for privacy/security is out of scope.

What we need to protect is that no-one can mangle with auditing result.
We have to provide the tools that allow to audit the path and the have a proof of transit, but NASR will not design payload encryption solutions. 

Can we agree on this?

Ciao

L.

> On 14 Oct 2024, at 08:10, Liuchunchi(Peter) <liuchunchi=40huawei.com@dmarc.ietf.org> wrote:
> 
> +1
>  
> From: Meiling Chen <chenmeiling@chinamobile.com> 
> Sent: Monday, October 14, 2024 11:27 AM
> To: Henk Birkholz <henk.birkholz@ietf.contact>; Liuchunchi(Peter) <liuchunchi@huawei.com>; Luigi IANNONE <luigi.iannone@huawei.com>; Jean-Michel Combes <jeanmichel.combes@gmail.com>
> Cc: Toerless Eckert <tte@cs.fau.de>; Michael Richardson <mcr+ietf@sandelman.ca>; 刘鹏辉 <liupenghui1982@163.com>; nasr@ietf.org
> Subject: Re: [nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120
>  
> Hi Henk,
>  
> Agree with you.
> we assumed that L2 was not in the scope, but if there is confusion, it is necessary to explicitly state it in the Charter.
>  
> Best,
> Meiling
>  
> 发件人: Henk Birkholz <mailto:henk.birkholz@ietf.contact>
> 发送时间: 2024-10-11 20:44
> 收件人: Liuchunchi(Peter) <mailto:liuchunchi=40huawei.com@dmarc.ietf.org>; Luigi IANNONE <mailto:luigi.iannone=40huawei.com@dmarc.ietf.org>; Jean-Michel Combes <mailto:jeanmichel.combes@gmail.com>
> 抄送: Toerless Eckert <mailto:tte@cs.fau.de>; Michael Richardson <mailto:mcr+ietf@sandelman.ca>; 刘鹏辉 <mailto:liupenghui1982@163.com>; Meiling Chen <mailto:chenmeiling@chinamobile.com>; nasr@ietf.org <mailto:nasr@ietf.org>
> 主题: [nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120
> Amplifying on that statement, layer2 taps/outlets seems to be
> out-of-scope. Is that a kind of clarifying baseline agreement?
>  
> On 10.10.24 09:04, Liuchunchi(Peter) wrote:
> > proof-of-non-transit, very hard to achieve
>  
> -- 
> nasr mailing list -- nasr@ietf.org
> To unsubscribe send an email to nasr-leave@ietf.org