[nasr] Re: [saag] Re: NASR BOF Follow-Up

Henk Birkholz <henk.birkholz@ietf.contact> Fri, 11 April 2025 18:50 UTC

Return-Path: <henk.birkholz@ietf.contact>
X-Original-To: nasr@mail2.ietf.org
Delivered-To: nasr@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 959E81ADDFB2; Fri, 11 Apr 2025 11:50:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.173
X-Spam-Level:
X-Spam-Status: No, score=-4.173 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.374, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=ietf.contact
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1FX5lumg77oH; Fri, 11 Apr 2025 11:50:27 -0700 (PDT)
Received: from smtp04-ext3.udag.de (smtp04-ext3.udag.de [62.146.106.41]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id DF1091ADDFA8; Fri, 11 Apr 2025 11:50:26 -0700 (PDT)
Received: from [IPV6:2a01:599:70e:2547:9109:a3af:4961:cdb4] (tmo-126-220.customers.d1-online.com [80.187.126.220]) by smtp04-ext3.udag.de (Postfix) with ESMTPA id ACE1AE02F6; Fri, 11 Apr 2025 20:50:19 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ietf.contact; s=uddkim-202310; t=1744397425; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Z7VK3YNwKA/KMPFTTYvQXMv69kZWpLI5yUJSbAYTheY=; b=VmfHXMu7IR8nRDImMTB6LJ3YXu8IIem9iDMBQn5b921LUCXVAwoip9mkFGrrqTP3reWP36 V5Dq0lRbIFcm9AgyfMpNCp815aXr6wK2b+g+RHsqB7wL5S9Gcw3035/m59+2PiZLhsKhns u0YH413CPhm5wdHkzL6Xj/dgVggppH2CARNGFESkEWZOc+nt+qhYYR5rYXTDECBowmDhkF A3GtPNMW5po/c4S2yK8JjJqGggepbc4ovPMfm+RcGRePnIrLv+OFsjKqDBmZj4YiFV5bpf sRBZaIfJObqvyOdxo3T2iTSod0BHuqVmAAieF+x04zNjZpkKOhErUQYdXuIMVw==
Message-ID: <ee313d5a-967b-c434-804c-097e4777ca20@ietf.contact>
Date: Fri, 11 Apr 2025 20:50:18 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
Content-Language: en-US
To: Eric Rescorla <ekr@rtfm.com>
References: <ef08bf0afa924713acc629dff8156761@huawei.com> <2025040312042771743841@chinamobile.com> <CAL02cgSg53nOB8BCSNCLGC78r41P_1VzBPoj2yOJP1qbS0jqfA@mail.gmail.com> <CABcZeBPFaJMsWyNozXS+osh251631vCStkrmOk=WQig5c1_0qw@mail.gmail.com> <87c61c52-839f-f66e-a66a-b737f01ca93f@ietf.contact> <CABcZeBMOvFXkQ2OFBpz2Ri5_Oz-pHGs=2fHvBNptOdjQy9F7ww@mail.gmail.com> <11730e71-f409-bbaf-9bc1-4f88d207bcab@ietf.contact> <CABcZeBMDg9cFGtf6AMwSiq3ZnZnrvwoAc7TjD0Ftq-JC8jWusQ@mail.gmail.com> <d3de69d6-f46b-fe0c-b6dc-8180864bd9b0@ietf.contact> <CABcZeBO15H=+ds0deqvtOzKvX+JvFzCn2pht3fcKYcp7df=UFw@mail.gmail.com> <52b08a1b-45e2-b03b-a0a8-12e55b56bfa8@ietf.contact> <CABcZeBOwZ3=pz=Xz1D3YwJ6_svTidt5azWDFnTwexsE508rmkA@mail.gmail.com>
From: Henk Birkholz <henk.birkholz@ietf.contact>
In-Reply-To: <CABcZeBOwZ3=pz=Xz1D3YwJ6_svTidt5azWDFnTwexsE508rmkA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Authentication-Results: smtp04-ext3.udag.de; auth=pass smtp.auth=henk.birkholz@ietf.contact smtp.mailfrom=henk.birkholz@ietf.contact
Message-ID-Hash: JWNHFKKEHMFJBYAEVJUR2UY4ST3JPU7K
X-Message-ID-Hash: JWNHFKKEHMFJBYAEVJUR2UY4ST3JPU7K
X-MailFrom: henk.birkholz@ietf.contact
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Richard Barnes <rlb@ipv.sx>, Meiling Chen <chenmeiling@chinamobile.com>, "Liuchunchi(Peter)" <liuchunchi@huawei.com>, "nasr@ietf.org" <nasr@ietf.org>, IETF SAAG <saag@ietf.org>, Luigi Iannone <ggx@gigix.net>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [nasr] Re: [saag] Re: NASR BOF Follow-Up
List-Id: Network Attestation for Secure Routing <nasr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nasr/_L35LrvsYEc0JX0-B_FQEH-rMqo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nasr>
List-Help: <mailto:nasr-request@ietf.org?subject=help>
List-Owner: <mailto:nasr-owner@ietf.org>
List-Post: <mailto:nasr@ietf.org>
List-Subscribe: <mailto:nasr-join@ietf.org>
List-Unsubscribe: <mailto:nasr-leave@ietf.org>

On 11.04.25 19:23, Eric Rescorla wrote:
> 
> 
> On Fri, Apr 11, 2025 at 10:19 AM Henk Birkholz 
> <henk.birkholz@ietf.contact> wrote:
> 
>     On 11.04.25 18:51, Eric Rescorla wrote:
>      >      >
>      >      >     Would some salt help here (like the salted hashes in
>     sd-cwt)?
>      >      >
>      >      >
>      >      > Probably not very much. What salt does is make it more
>     difficult to
>      >      > amortize computation
>      >      > across multiple hashed values. However, if the total number of
>      >     possible
>      >      > values
>      >      > is low (e.g., you have some configuration setting with 3
>     values)
>      >     then
>      >      > you can
>      >      > just exhaustively search at query time.
>      >
>      >     That makes a lot of sense - and might be another good reason
>     not to put
>      >     these types of Claims into Evidence. I still think it is
>     better to
>      >     include software components that provide the conveyance mechanism
>      >     (e.g.,
>      >     a YANG server with YANG Push capability) in a TCB and then use
>      >     successfully appraised software components for trusted
>     telemetry to
>      >     convey such values for evaluation.
>      >
>      >
>      > That may be better from some angles but I think brings us back to
>      > Richard's question about whether operators are in fact willing to
>      > allow counterparties to access their devices to get this
>     configuration data.
>      >
>      > It also doesn't affect--one way or the other--the need to understand
>      > which configuration directives are relevant and what acceptable
>      > values are.
>      >
>      > -Ekr
> 
>     If it is really a requirement that policy must be evaluated on the
>     level
>     you describe, my assumption is that a trusted third party that is a
>     kind
>     of "policy evaluator", not a counterparty, and also taking on the role
>     of an Attester (that can be "RATS approved") could handle such
>     operations. But this is now bordering on speculation on my part as
>     there
>     are many ways to compose such a system and I am not aware of all the
>     requirements.
> 
> 
> Well, this doesn't matter for the point I'm making. *someone* needs
> to do the evaluation and I'm questioning whether it's actually
> practical.
> 
>     My point being here is that RATS is not some kind of smokescreen or
>     some
>     kind of solve-it-all. It is just a building block to increase trust in
>     the trustworthiness of a remote peer.
> 
> 
> You may be addressing Richard here? As I said above I'm interested
> in the question of whether it's in principal practical to determine
> whether a given device's configuration is acceptable even under the
> assumption that you have trustworthy access to that configuration.
> 
> -Ekr
> 


Hi Ekr,

sorry for dragging you through this convo, but I think I now have a 
better understanding of your problem statement than before. Thanks!

As far as I am understanding it for now, the question is: "is it 
possible to determine that the configuration/policy of a device is 
acceptable in a fashion that does not expose that configuration/policy 
to a counterparty?" That question would be independent from "RATS 
Evidence" which was popping up in the thread before.

And yes, I think the smokescreen comment originated Richard.


Viele Grüße,

Henk