[nasr] Re: [saag] Re: Re: Re: Re: Re: NASR BOF Follow-Up
Meiling Chen <chenmeiling@chinamobile.com> Thu, 29 May 2025 06:55 UTC
Return-Path: <chenmeiling@chinamobile.com>
X-Original-To: nasr@mail2.ietf.org
Delivered-To: nasr@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 54D922E3A838; Wed, 28 May 2025 23:55:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -0.097
X-Spam-Level:
X-Spam-Status: No, score=-0.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.001, HDRS_MISSP=2.499, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sOAyzTsOxVdP; Wed, 28 May 2025 23:55:12 -0700 (PDT)
Received: from cmccmta1.chinamobile.com (cmccmta6.chinamobile.com [111.22.67.139]) by mail2.ietf.org (Postfix) with ESMTP id C4C5B2E3A832; Wed, 28 May 2025 23:55:06 -0700 (PDT)
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from spf.mail.chinamobile.com (unknown[10.188.0.87]) by rmmx-syy-dmz-app01-12001 (RichMail) with SMTP id 2ee1683804c29de-15337; Thu, 29 May 2025 14:55:05 +0800 (CST)
X-RM-TRANSID: 2ee1683804c29de-15337
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from CMCC-PC (unknown[10.2.53.48]) by rmsmtp-syy-appsvr02-12002 (RichMail) with SMTP id 2ee2683804c78f2-84fa2; Thu, 29 May 2025 14:55:04 +0800 (CST)
X-RM-TRANSID: 2ee2683804c78f2-84fa2
MIME-Version: 1.0
x-PcFlag: db8a9619-3c0c-4820-a4b2-305c85e1d3fe_5_2186
X-Mailer: PC_RICHMAIL 2.9.56
Date: Thu, 29 May 2025 14:55:03 +0800
From: Meiling Chen <chenmeiling@chinamobile.com>
To: Eric Rescorla <ekr@rtfm.com>, "Liuchunchi(Peter)" <liuchunchi@huawei.com>
Message-ID: <2025052914550322834087@chinamobile.com>
Content-Type: multipart/Alternative; boundary="----=_001_NextPart22834087_=----"
Message-ID-Hash: TLYHUL3H7LYG3AEZMLLBJWJJ7QKEUISZ
X-Message-ID-Hash: TLYHUL3H7LYG3AEZMLLBJWJJ7QKEUISZ
X-MailFrom: chenmeiling@chinamobile.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Luigi IANNONE <luigi.iannone@huawei.com>, Toerless Eckert <tte@cs.fau.de>, nasr <nasr@ietf.org>, IETF SAAG <saag@ietf.org>, Luigi Iannone <ggx@gigix.net>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [nasr] Re: [saag] Re: Re: Re: Re: Re: NASR BOF Follow-Up
List-Id: Network Attestation for Secure Routing <nasr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nasr/L3MC0txhrQFMeOWX0JZngqIxyW4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nasr>
List-Help: <mailto:nasr-request@ietf.org?subject=help>
List-Owner: <mailto:nasr-owner@ietf.org>
List-Post: <mailto:nasr@ietf.org>
List-Subscribe: <mailto:nasr-join@ietf.org>
List-Unsubscribe: <mailto:nasr-leave@ietf.org>
Hi Eric, Your reply has left me very confused, please see inline. 发件人: Eric Rescorla 时间: 2025/05/29(星期四)11:00 收件人: Liuchunchi(Peter); 抄送人: Meiling Chen;Luigi IANNONE;Toerless Eckert;nasr;IETF SAAG;Luigi Iannone; 主题: Re: [saag] Re: [nasr] Re: Re: Re: Re: NASR BOF Follow-Up On Wed, May 28, 2025 at 7:32 PM Liuchunchi(Peter) <liuchunchi@huawei.com> wrote: Okay I think there is some minor confusion here… 1. The router in question would forward/has forwarded specific traffic classes on specific links and not others. [LI] Nope. NASR is not about forwarding on specific links. It is about being able to proof that traffic went through a certain set of devices that fulfil a set of claims (or requirements if you wish…). 2. That specific traffic classes would be/had been encrypted using MACSEC. [LI] Nope. (as I state in a previous mail) this is orthogonal to NASR. Whether you want to use it is not part of the NASR problem statement. “A five tuple flow X use encrypted links“ IS a claim at device level. It is attestable by aggregating the evidences (configurations of all devices on path) and be inspected by the verifier. Well, that's precisely the question I think needs to be examined. To take your example, suppose that we have elements A and B which have an IPsec tunnel between them, and we want to know that all traffic with a given 5-tuple will therefore be protected on that link. How do we go about doing that by looking at the configuration directives? [Meiling] I'm a little curious why we've been stuck in the quagmire of end-to-end security. From A to B, as long as both A and B support IPsec, it is sufficient. When establishing a IPsec tunnel between A and B, there is no concern for the status of each node along the way, only mutual communication is required. I guess the question you raised is how to ensure the security status of each node(exlude A and B) in the forwarding path after IPsec has established a secure tunnel, So when checking the configuration directives, are they for A and B, or for forwarding nodes along the path? The obvious place to start is by looking at the IPsec configuration to see which traffic should be sent over the tunnel. This is necessary but not sufficient. For instance, suppose that IPsec is configured to use AH not ESP, so it's not encrypted? So, we need to examine which IPsec modes are in use and which transport ciphers they use. [Meiling] The end-to-end security negotiation is not directly related to the network, IPsec is configued to use AH or ESP is decided by Customers, and usually deployed on user owned nodes, right? Similarly, IKE might be configured with some kind of insecure key establishment mode, so we need to look at the IKE key establishment configuration. Further, we need to look at IKE authentication. Does it use PKI or a shared key? Is that shared key actually being handled securely, or is it a short password everyone knows? [Meiling]So do you mean to monitor the SA and Auth interactions of the entire IKE? This may well not be an exhaustive list, because I haven't thought about all the ways things can be misconfigured, even for a comparatively trivial property like this. -Ekr From: Meiling Chen <chenmeiling@chinamobile.com> Sent: Thursday, May 29, 2025 9:27 AM To: Luigi IANNONE <luigi.iannone@huawei.com>; Eric Rescorla <ekr@rtfm.com> Cc: Toerless Eckert <tte@cs.fau.de>; nasr <nasr@ietf.org>; IETF SAAG <saag@ietf.org>; Luigi Iannone <ggx@gigix.net> Subject: [saag] Re: [nasr] Re: Re: Re: Re: NASR BOF Follow-Up Hi, I think Luigi's reply is completely in line with the original intention. Best, Meiling 发件人: Luigi IANNONE 时间: 2025/05/27(星期二)15:46 收件人: Eric Rescorla;Meiling Chen; 抄送人: Watson Ladd;Henk Birkholz;Liuchunchi;Toerless Eckert;nasr;IETF SAAG;Luigi Iannone; 主题: RE: Re: [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up HI, I think there is a bit of a misunderstanding … The BOF presented a number of problems that allegedly NASR was trying to solve, including that: 1. The router in question would forward/has forwarded specific traffic classes on specific links and not others. [LI] Nope. NASR is not about forwarding on specific links. It is about being able to proof that traffic went through a certain set of devices that fulfil a set of claims (or requirements if you wish…). Attesting that the set of devices fulfils the requirements is done by extending the RATS technology. Proving that the traffic did go through those devices is done a proof of transit technology for which there are a couple of early ideas documented. 2. That specific traffic classes would be/had been encrypted using MACSEC. [LI] Nope. (as I state in a previous mail) this is orthogonal to NASR. Whether you want to use it is not part of the NASR problem statement. NASR represents one specific proposal for addressing these problems, which is to attest to the code and configuration running on specific network elements. So, yes, a system like NASR needs to establish that the code and configuration guarantees these properties in order to address the stated problem. [LI] You do not need that level of granularity. It's certainly not sufficient to demonstrate that the device simply supports MACSEC, because it might be disabled. If you think there is some other set of problems that need to be solved, and that these don't need to be then I think you need to state that more clearly. [LI] Agreed. We certainly need to do more work in clarifying the problem and possible solution space. The ongoing exchange in very helpful in this sense. Thanks Ciao L. -Ekr
- [nasr] NASR BOF Follow-Up Liuchunchi(Peter)
- [nasr] Re: [saag] NASR BOF Follow-Up Meiling Chen
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Richard Barnes
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Michael Richardson
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Luigi IANNONE
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Meiling Chen
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Henk Birkholz
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Henk Birkholz
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up 刘鹏辉
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Toerless Eckert
- [nasr] Re: [saag] Re: Re: Re: Re: Re: NASR BOF Fo… Watson Ladd
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Liuchunchi(Peter)
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Henk Birkholz
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Michael Richardson
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Henk Birkholz
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Henk Birkholz
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Henk Birkholz
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Liuchunchi(Peter)
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Richard Barnes
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Watson Ladd
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Toerless Eckert
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Toerless Eckert
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Henk Birkholz
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Henk Birkholz
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Watson Ladd
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Toerless Eckert
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Toerless Eckert
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Watson Ladd
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Michael Richardson
- [nasr] Summary of Discussions So far---Re: [saag]… Meiling Chen
- [nasr] Re: Summary of Discussions So far---Re: [s… Luigi IANNONE
- [nasr] Re: Summary of Discussions So far---Re: [s… Meiling Chen
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Meiling Chen
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Watson Ladd
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Luigi IANNONE
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Meiling Chen
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Henk Birkholz
- [nasr] Re: [saag] Re: Re: Re: Re: Re: NASR BOF Fo… Liuchunchi(Peter)
- [nasr] Re: [saag] Re: Re: Re: Re: Re: NASR BOF Fo… Toerless Eckert
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Henk Birkholz
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Meiling Chen
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Toerless Eckert
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Henk Birkholz
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Meiling Chen
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Luigi IANNONE
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Meiling Chen
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: Re: Re: Re: Re: NASR BOF Fo… Stephen Farrell
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Eric Rescorla
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Luigi IANNONE
- [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up Liuchunchi(Peter)
- [nasr] Re: [saag] Re: NASR BOF Follow-Up Toerless Eckert
- [nasr] Re: [saag] Re: Re: Re: Re: Re: NASR BOF Fo… Liuchunchi(Peter)
- [nasr] Re: [saag] Re: Re: Re: Re: Re: NASR BOF Fo… Eric Rescorla
- [nasr] Re: [saag] Re: Re: Re: Re: Re: NASR BOF Fo… Meiling Chen
- [nasr] Re: [saag] Re: Re: Re: Re: Re: NASR BOF Fo… Adrian Farrel
- [nasr] Re: [saag] Re: Re: Re: Re: Re: NASR BOF Fo… Luigi IANNONE
- [nasr] Re: [saag] Re: Re: Re: Re: Re: NASR BOF Fo… Eric Rescorla
- [nasr] Re: [saag] Re: Re: NASR BOF Follow-Up Carsten Bormann