[nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120
Toerless Eckert <tte@cs.fau.de> Fri, 04 October 2024 18:42 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: nasr@ietfa.amsl.com
Delivered-To: nasr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89BE1C14F5E6 for <nasr@ietfa.amsl.com>; Fri, 4 Oct 2024 11:42:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.343
X-Spam-Level:
X-Spam-Status: No, score=0.343 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, URI_DOTEDU=1.999] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zJ5EZrXmmUrH for <nasr@ietfa.amsl.com>; Fri, 4 Oct 2024 11:42:22 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1A48C14F603 for <nasr@ietf.org>; Fri, 4 Oct 2024 11:42:22 -0700 (PDT)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [131.188.34.51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTPS id 4XKy8B3Bqsz1R6gW; Fri, 4 Oct 2024 20:42:18 +0200 (CEST)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id 4XKy8B2MvvzkxTQ; Fri, 4 Oct 2024 20:42:18 +0200 (CEST)
Date: Fri, 04 Oct 2024 20:42:18 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: junzhang <junzhang1@huawei.com>
Message-ID: <ZwA3Cq1bu54Y3fXI@faui48e.informatik.uni-erlangen.de>
References: <202408091800065008405@chinamobile.com> <744c46d5.25b2.19149927bcb.Coremail.liupenghui1982@163.com> <ca7257d77709444a914c402f419ad0b0@huawei.com> <630665a9.436d.1914a2e2fc7.Coremail.liupenghui1982@163.com> <c15aa26cea984239baf9d2d96b6ed5a7@huawei.com> <ZvyK4n-BI9S-SF94@faui48e.informatik.uni-erlangen.de> <24175.1727974451@obiwan.sandelman.ca> <Zv7t5QNKYiBXkLYf@faui48e.informatik.uni-erlangen.de> <5925.1727990783@obiwan.sandelman.ca> <bcb2832ba5f24192be84c5c596ae41dd@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <bcb2832ba5f24192be84c5c596ae41dd@huawei.com>
Message-ID-Hash: OBPKWLNVY32RRCG673LCYXQYUW7YJHIP
X-Message-ID-Hash: OBPKWLNVY32RRCG673LCYXQYUW7YJHIP
X-MailFrom: eckert@i4.informatik.uni-erlangen.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "Liuchunchi(Peter)" <liuchunchi@huawei.com>, 刘鹏辉 <liupenghui1982@163.com>, Meiling Chen <chenmeiling@chinamobile.com>, "nasr@ietf.org" <nasr@ietf.org>
X-Mailman-Version: 3.3.9rc5
Precedence: list
Subject: [nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120
List-Id: Network Attestation for Secure Routing <nasr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nasr/LulH0Ta44dIF9PxVUuLw_LDdiLQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nasr>
List-Help: <mailto:nasr-request@ietf.org?subject=help>
List-Owner: <mailto:nasr-owner@ietf.org>
List-Post: <mailto:nasr@ietf.org>
List-Subscribe: <mailto:nasr-join@ietf.org>
List-Unsubscribe: <mailto:nasr-leave@ietf.org>
Interesting, Junzhan, thanks I think all the concepts of security for data at rest are useful to look at as an adjacency and "steal" useful concepts. But likewise i would think that keeping data at rest out of scope for NASR is one simple way to constrain the scope. What i think will be of interest is to figure out what the most simple modelling of the different degrees of security is for NASR. "Secure Nodes" of course are a key aspect to make NASR useful, aka: If you would create any form of signature from a key pair thats easily accessed by hackers, then it's at best NAsR ;-) In this context (trusted devices), there is definitely the interesting evolution from "destroy the hardware" over "zero the data" to "store encrypted, delete the keys". and each of these steps adds convenience, but increases also risk of new insecurities. To avoid scope creep it would be good to figure out how we can call the maximum amount of those details "problems of other people", but of course, as soon as one thinks of operationalizing NASR, those topics can't be avoided. And the device level requirements against a trustworthy NASR implementation are IMHO as important as the on-the-wire ones. Typically that would worry me in the IETF because it's full of on-the-wire-centric folks, but luckily there are also enough security people to understand that we need to specify security requirements well to meet the expected security requirements of a solution. There was also an interesting side meeting at IETF120 about TPMs... Cheers Toerless On Fri, Oct 04, 2024 at 08:38:02AM +0000, junzhang wrote: > Dear Michael and Toerless, > > In the cloud computing area, there is a concept called assured deletion, that is, to give a proof that after the data is removed from the cloud, and no one else can access it again. One typical approach to realize it is > (1) encrypt the data such that it is computationally prohibitive to decrypt the data without the decryption key, > then (2) store the encrypted data in the cloud while keeping the decryption key secure, > and finally (3) securely delete the encryption key. > > https://cdn.stmarytx.edu/wp-content/uploads/2020/10/Cloud-Storage-Assured-Deletion-Considerations-and-Schemes.pdf > > Is it related to the avoidance of copying traffic that you have discussed? > Yours, > Jun Zhang > > -----Original Message----- > From: Michael Richardson <mcr+ietf@sandelman.ca> > Sent: Thursday, October 3, 2024 11:26 PM > To: Toerless Eckert <tte@cs.fau.de> > Cc: Liuchunchi(Peter) <liuchunchi@huawei.com>; =?us-ascii?B?PT91dGYtOD9CPzVZaVk2Ym1QNkw2Sj89?= <liupenghui1982@163.com>; Meiling Chen <chenmeiling@chinamobile.com>; nasr@ietf.org > Subject: [nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120 > > > Toerless Eckert <tte@cs.fau.de> wrote: > > But avoidance of copying of traffic by undesired third parties if course a core > > benefit that NASR can provide. And those prior examples can provide examples of > > the attack vectors why that is undesirable. Even with todays easily available > > end-to-end encryption. > > NASR can not provide any kind of avoidance of copying! > (To do that you'd need quantum entangled links of the kind the QIRG is contemplating) > > What NASR can do is provide assurance that when you have such links, that: > a) there are no stealth routers in the path. > b) that the two sides of each QIRG link are operating nominally. > > > But maybe much simpler: nation state actors have the means to extract and even decrypt > > end-to-end traffic. But if they can not see the traffic because it does not run across > > the paths desired by them, because they pass their network taps - then > > they can't do that. > > yes. > > -- > Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > -- --- tte@cs.fau.de
- [nasr] Secure Routing Path Consideration- China M… Meiling Chen
- [nasr] Re: Secure Routing Path Consideration- Chi… Luigi Iannone
- [nasr] Re: Secure Routing Path Consideration- Chi… 刘鹏辉
- [nasr] 回复: Re: Secure Routing Path Consideration-… Meiling Chen
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Meiling Chen
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] 回复: Re: 回复: Re: Secure Routing Path Consid… Meiling Chen
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Toerless Eckert
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Toerless Eckert
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… junzhang
- [nasr] Re: Secure Routing Path Consideration- Chi… Luigi Iannone
- [nasr] Re: Secure Routing Path Consideration- Chi… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Toerless Eckert
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Toerless Eckert
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Toerless Eckert
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Jean-Michel Combes
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Yutaka OIWA
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Luigi IANNONE
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Jean-Michel Combes
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Luigi IANNONE
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Luigi IANNONE
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Henk Birkholz
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Michael Richardson
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Meiling Chen
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Liuchunchi(Peter)
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Meiling Chen
- [nasr] Re: Secure Routing Path Consideration- Chi… Luigi Iannone
- [nasr] Re: Secure Routing Path Consideration- Chi… Liuchunchi(Peter)
- [nasr] Re: Secure Routing Path Consideration- Chi… Meiling Chen
- [nasr] Re: Secure Routing Path Consideration- Chi… Luigi IANNONE
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Jean-Michel Combes
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… 刘鹏辉
- [nasr] Re: Secure Routing Path Consideration- Chi… Meiling Chen
- [nasr] Re: 回复: Re: Secure Routing Path Considerat… Jean-Michel Combes