[nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120
刘鹏辉 <liupenghui1982@163.com> Thu, 10 October 2024 10:03 UTC
Return-Path: <liupenghui1982@163.com>
X-Original-To: nasr@ietfa.amsl.com
Delivered-To: nasr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E742C1D6FDA for <nasr@ietfa.amsl.com>; Thu, 10 Oct 2024 03:03:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.856
X-Spam-Level:
X-Spam-Status: No, score=-1.856 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=163.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HFpZRBx88MX2 for <nasr@ietfa.amsl.com>; Thu, 10 Oct 2024 03:03:57 -0700 (PDT)
Received: from m16.mail.163.com (m16.mail.163.com [220.197.31.3]) by ietfa.amsl.com (Postfix) with ESMTP id 40462C16941C for <nasr@ietf.org>; Thu, 10 Oct 2024 03:03:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=Date:From:Subject:Content-Type:MIME-Version: Message-ID; bh=aRHlqb6AjnTPufQaF/vOSS8F3djwTxIxlHcrT4iVWMk=; b=e jXl9k5eW03K7dioR4aArz+WqqrY3VNqI14l+XwgoM3hbUTyG+aZofJqnp7XdwOXP dTS625rWOK7aUkYol2xzjrDdYmRMXb24e8k6kkO2CGCN+sLYGs/VQtM3w5BsDTEY /Qx8Aq6C4+gl4AXWLyONq28FCerBsZJgKw5clXgZ5k=
Received: from liupenghui1982$163.com ( [120.237.18.57] ) by ajax-webmail-wmsvr-40-124 (Coremail) ; Thu, 10 Oct 2024 18:03:25 +0800 (CST)
X-Originating-IP: [120.237.18.57]
Date: Thu, 10 Oct 2024 18:03:25 +0800
From: 刘鹏辉 <liupenghui1982@163.com>
To: Luigi IANNONE <luigi.iannone=40huawei.com@dmarc.ietf.org>
X-Priority: 3
X-Mailer: Coremail Webmail Server Version XT5.0.14 build 20240801(9da12a7b) Copyright (c) 2002-2024 www.mailtech.cn 163com
In-Reply-To: <62295fad5a5f4fabb54f0e714b3038e3@huawei.com>
References: <17219.1722798809@obiwan.sandelman.ca> <202408091800065008405@chinamobile.com> <744c46d5.25b2.19149927bcb.Coremail.liupenghui1982@163.com> <ca7257d77709444a914c402f419ad0b0@huawei.com> <630665a9.436d.1914a2e2fc7.Coremail.liupenghui1982@163.com> <c15aa26cea984239baf9d2d96b6ed5a7@huawei.com> <ZvyK4n-BI9S-SF94@faui48e.informatik.uni-erlangen.de> <24175.1727974451@obiwan.sandelman.ca> <Zv7t5QNKYiBXkLYf@faui48e.informatik.uni-erlangen.de> <5925.1727990783@obiwan.sandelman.ca> <ZwAhzypyovggw3n0@faui48e.informatik.uni-erlangen.de> <51088332df184b1b90017a023b07a639@huawei.com> <CAA7e52rArVz8LKh_=50RPsLLkBO72BXAoab4L3gogP84OVg8Tw@mail.gmail.com> <fce93c3.2869.19274386add.Coremail.liupenghui1982@163.com> <62295fad5a5f4fabb54f0e714b3038e3@huawei.com>
X-CM-CTRLMSGS: tfEJzXRyYWNlS2V5PXByZV9jNjE3NDkxOGE2MDhjNWFkNjQ1MWE5MzNmNTkzO WNiYg==
X-NTES-SC: AL_Qu2ZCvmeu04r4ySaYOkfmkoQge03X8Kzvfwu1YVUNpp+jAvpwiY9W25SBEn928e0LiSomgmGczZj8MVfcoBkbYcB+1CGl/IBAhYAzpkFY0a+jA==
Content-Type: multipart/alternative; boundary="----=_Part_164173_857073481.1728554605439"
MIME-Version: 1.0
Message-ID: <298c3b35.aa50.19275e21b7f.Coremail.liupenghui1982@163.com>
X-Coremail-Locale: zh_CN
X-CM-TRANSID: fCgvCgDn79Ntpgdn+VwKAA--.31171W
X-CM-SenderInfo: xolx1v5qjk3xarzyjqqrwthudrp/xtbB0hJ0xmcHmmGV6gAIse
X-Coremail-Antispam: 1U5529EdanIXcx71UUUUU7vcSsGvfC2KfnxnUU==
Message-ID-Hash: CU27HVEL4GS7WIOMK6PTQIYGTYD6K27K
X-Message-ID-Hash: CU27HVEL4GS7WIOMK6PTQIYGTYD6K27K
X-MailFrom: liupenghui1982@163.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Jean-Michel Combes <jeanmichel.combes@gmail.com>, "Liuchunchi(Peter)" <liuchunchi=40huawei.com@dmarc.ietf.org>, Toerless Eckert <tte@cs.fau.de>, Michael Richardson <mcr+ietf@sandelman.ca>, Meiling Chen <chenmeiling@chinamobile.com>, "nasr@ietf.org" <nasr@ietf.org>
X-Mailman-Version: 3.3.9rc5
Precedence: list
Subject: [nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120
List-Id: Network Attestation for Secure Routing <nasr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nasr/L9tn1OWU5IfvYPPoheRxxFj4VQc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nasr>
List-Help: <mailto:nasr-request@ietf.org?subject=help>
List-Owner: <mailto:nasr-owner@ietf.org>
List-Post: <mailto:nasr@ietf.org>
List-Subscribe: <mailto:nasr-join@ietf.org>
List-Unsubscribe: <mailto:nasr-leave@ietf.org>
Hi Luigi, Toerless etc said there may be stealth L2 device in-between routing as discussed in early emails... I mean If NASR is more on forwarding, not routing, then we will have a lot to discuss, such as forwarding content by more non-network external interfaces for multifunctional network devices. > "Hello NASRers, > >One of the topic that we can tackle on the mailing list and finalize during the interim is about the scope of NASR in particular about “Routing vs Forwarding”. > > During the BoF, several persons pointed out that we are not clear on whether NASR is about: > 1) Fowarding: being able to audit a path and obtain a proof of transit. Building the path being out of scope. > >2) Routing: This is forawarding + Building the path by distributing trust and reachability information. > >In my personal opinion I see NASR more on the forwarding side, hence focusing on the auditing tools. > >Extending routing solution to distribute relevant information for NASR to work can be done in the future and not necessarily in the NASR WG but as an extension of other protocols, hence in > their respective WGs. > >Anyone to share more thoughts on this point? > >L. >-- >nasr mailing list -- nasr@ietf.org" At 2024-10-10 17:37:22, "Luigi IANNONE" <luigi.iannone=40huawei.com@dmarc.ietf.org> wrote: Hi Penghui, As for renaming the group, IMO we need first to clearly define the scope and target and then we can check if NASR is still a meaningful name. As for the external device interface, can you elaborate a bit your point? It is not clear to me what you mean. Thanks Ciao L. From:刘鹏辉 <liupenghui1982@163.com> Sent: Thursday, 10 October 2024 04:18 To: Jean-Michel Combes <jeanmichel.combes@gmail.com> Cc: Liuchunchi(Peter) <liuchunchi=40huawei.com@dmarc.ietf.org>; Toerless Eckert <tte@cs.fau.de>; Michael Richardson <mcr+ietf@sandelman.ca>; Meiling Chen <chenmeiling@chinamobile.com>; nasr@ietf.org; Luigi IANNONE <luigi.iannone@huawei.com> Subject: Re:[nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120 Hi, If NASR is more on forwarding, not only routing, the naming of NASR may need to rename? BTW, wether we need to consider external device interface forwarding security? just like in DVB CI-PLUS, USB,CI, HDMI, AV, spdif etc, Many network devices nowadays are multifunctional machines. BR, Penghui liu At 2024-10-09 19:03:24, "Jean-Michel Combes" <jeanmichel.combes@gmail.com> wrote: Hi, IETF has already standardized protocols doing only _assumptions_ (i.e., no way to check the reality) on security rules regarding the boundary of the domain where such protocols are deployed: - SFC [RFC8300, section 8.1] "In summary, packets originating outside the SFC-enabled domain MUST be dropped if they contain an NSH. Similarly, packets exiting the SFC-enabled domain MUST be dropped if they contain an NSH." - RPL [RFC6554, section 5.1] "As specified in this document, RPL routers MUST drop datagrams entering or exiting a RPL routing domain that contain an SRH in the IPv6 Extension headers." - SRv6 [RFC8402, section 8.2] "SR domain boundary routers MUST filter any external traffic destined to an address within the SRGB of the trusted domain or the SRLB of the specific boundary router. External traffic is any traffic received from an interface connected to a node outside the domain of trust. From a network-protection standpoint, there is an assumed trust model such that any node adding an SRH to the packet is assumed to be allowed to do so. Therefore, by default, the explicit routing information MUST NOT be leaked through the boundaries of the administered domain. Segment Routing extensions that have been defined in various protocols, leverage the security mechanisms of these protocols such as encryption, authentication, filtering, etc." Can NASR help to transform such _assumptions_ into _proofs_ and, so, to "achieve" (for the security part) the IETF works done on these protocols? BTW, this is just a list of protocols I am aware of ... maybe others exist with the same _assumptions_ ... Thanks in advance for your replies. Best regards, JMC. Le mar. 8 oct. 2024 à 12:31, Liuchunchi(Peter) <liuchunchi=40huawei.com@dmarc.ietf.org> a écrit : just got back from a national holiday, sorry about the delays using filtering policies to control the dissemination border of security sensitive content is very good to have (and maybe is what we wanted in the first place), but as michael and luigi mentioned, the inability to completely eliminate L2 stealth nodes makes the work less exciting. But what we can do is, based on basic RATS methods, under certain trust assumptions, create a protocol to produce auditable forwarding evidence, which proves the device trustworthiness, execution logs, link security methods used, etc (exact items may be what we have to decide) when certain flow or packets are forwarded. In this way, it appears the more cost-efficient choice (for now, the first step) might be operation-centric forwarding auditing of above information, compact proof creation and visualization. This works as a tool that just objectively verifies and audits forwarding. Just thinking :P > -----Original Message----- > From: Toerless Eckert <tte@cs.fau.de> > Sent: Saturday, October 5, 2024 1:12 AM > To: Michael Richardson <mcr+ietf@sandelman.ca> > Cc: Liuchunchi(Peter) <liuchunchi@huawei.com>; =?us- > ascii?B?PT91dGYtOD9CPzVZaVk2Ym1QNkw2Sj89?= > <liupenghui1982@163.com>; Meiling Chen <chenmeiling@chinamobile.com>; > nasr@ietf.org > Subject: Re: [nasr] Re: 回复: Re: Secure Routing Path Consideration- China > Mobile-ietf120 > > On Thu, Oct 03, 2024 at 05:26:23PM -0400, Michael Richardson wrote: > > > > Toerless Eckert <tte@cs.fau.de> wrote: > > > But avoidance of copying of traffic by undesired third parties if course a > core > > > benefit that NASR can provide. And those prior examples can provide > examples of > > > the attack vectors why that is undesirable. Even with todays easily > available > > > end-to-end encryption. > > > > NASR can not provide any kind of avoidance of copying! > > I meant indirectly by being a way to ensure traffic paths that are expected to > make copying & decryption hard...impossible.... or possible by the "right" > people ;-) > > > (To do that you'd need quantum entangled links of the kind the QIRG is > > contemplating) > > Nice point actually. I remember Huawei was in the past a big fan of quantum > entangled links (last data point 2018). Cryptographers of course are always > dismissive (somewhat of a competition). And the visit in Yokohama to the > quantum research lab on friday was all about allowing entanglement to > actually go across longer paths. > > So i would certainly like to consider the continuuom of different methods to > protect links and nodes as part of a NASR architecture. > > Of course, i would foremost point to the added crypto value of hop-by-hop > encryption as opposed to only end-to-end encrypion, because of the higher > cost of crypto attacks - especially when you combine it with load distribution > across different paths. > > > What NASR can do is provide assurance that when you have such links, that: > > a) there are no stealth routers in the path. > > Depending on the technologies we emply in NAS, your could still have a > stealth L2 device though. Which by the way is a common way how firewalls > operate. > > > b) that the two sides of each QIRG link are operating nominally. > > Right. > > Cheers > Toerless > > > > But maybe much simpler: nation state actors have the means to extract > and even decrypt > > > end-to-end traffic. But if they can not see the traffic because it does not > run across > > > the paths desired by them, because they pass their network taps - then > > > they can't do that. > > > > yes. > > > > -- > > Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) > > Sandelman Software Works Inc, Ottawa and Worldwide > > > > > > > > > > > > -- > --- > tte@cs.fau.de -- nasr mailing list -- nasr@ietf.org To unsubscribe send an email to nasr-leave@ietf.org
- [nasr] Secure Routing Path Consideration- China M… Meiling Chen
- [nasr] Re: Secure Routing Path Consideration- Chi… Luigi Iannone
- [nasr] Re: Secure Routing Path Consideration- Chi… 刘鹏辉
- [nasr] 回复: Re: Secure Routing Path Consideration-… Meiling Chen
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Meiling Chen
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] 回复: Re: 回复: Re: Secure Routing Path Consid… Meiling Chen
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Toerless Eckert
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Toerless Eckert
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… junzhang
- [nasr] Re: Secure Routing Path Consideration- Chi… Luigi Iannone
- [nasr] Re: Secure Routing Path Consideration- Chi… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Toerless Eckert
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Toerless Eckert
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Toerless Eckert
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Jean-Michel Combes
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Yutaka OIWA
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Luigi IANNONE
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Jean-Michel Combes
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Luigi IANNONE
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Luigi IANNONE
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Henk Birkholz
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Meiling Chen
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Meiling Chen
- [nasr] Re: Secure Routing Path Consideration- Chi… Luigi Iannone
- [nasr] Re: Secure Routing Path Consideration- Chi… Liuchunchi(Peter)
- [nasr] Re: Secure Routing Path Consideration- Chi… Meiling Chen
- [nasr] Re: Secure Routing Path Consideration- Chi… Luigi IANNONE
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Jean-Michel Combes
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: Secure Routing Path Consideration- Chi… Meiling Chen
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Jean-Michel Combes