[nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120

Toerless Eckert <tte@cs.fau.de> Tue, 01 October 2024 23:51 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: nasr@ietfa.amsl.com
Delivered-To: nasr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0174C151717 for <nasr@ietfa.amsl.com>; Tue, 1 Oct 2024 16:51:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.655
X-Spam-Level:
X-Spam-Status: No, score=-1.655 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2BhPFeM5ex5y for <nasr@ietfa.amsl.com>; Tue, 1 Oct 2024 16:51:02 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A253DC14F619 for <nasr@ietf.org>; Tue, 1 Oct 2024 16:51:02 -0700 (PDT)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTPS id 4XJF7k53HYz1R6cT; Wed, 2 Oct 2024 01:50:58 +0200 (CEST)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id 4XJF7k49SzzkxS6; Wed, 2 Oct 2024 01:50:58 +0200 (CEST)
Date: Wed, 02 Oct 2024 01:50:58 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: "Liuchunchi(Peter)" <liuchunchi@huawei.com>
Message-ID: <ZvyK4n-BI9S-SF94@faui48e.informatik.uni-erlangen.de>
References: <514b701e.3dbe.190e2e04151.Coremail.liupenghui1982@163.com> <202408011054476926448@chinamobile.com> <fe9299737de2469da894ed6e55a53bf1@huawei.com> <5aaf2f9d.1c92.19110d4dea0.Coremail.liupenghui1982@163.com> <17219.1722798809@obiwan.sandelman.ca> <202408091800065008405@chinamobile.com> <744c46d5.25b2.19149927bcb.Coremail.liupenghui1982@163.com> <ca7257d77709444a914c402f419ad0b0@huawei.com> <630665a9.436d.1914a2e2fc7.Coremail.liupenghui1982@163.com> <c15aa26cea984239baf9d2d96b6ed5a7@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <c15aa26cea984239baf9d2d96b6ed5a7@huawei.com>
Message-ID-Hash: 3JQQKJXFLFT76AXROTCLZFUPDZ32PRSO
X-Message-ID-Hash: 3JQQKJXFLFT76AXROTCLZFUPDZ32PRSO
X-MailFrom: eckert@i4.informatik.uni-erlangen.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: 刘鹏辉 <liupenghui1982@163.com>, Meiling Chen <chenmeiling@chinamobile.com>, Michael Richardson <mcr@sandelman.ca>, "nasr@ietf.org" <nasr@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120
List-Id: Network Attestation for Secure Routing <nasr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nasr/iTf72KcBl-dTQkNO1HuP0JjX3qo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nasr>
List-Help: <mailto:nasr-request@ietf.org?subject=help>
List-Owner: <mailto:nasr-owner@ietf.org>
List-Post: <mailto:nasr@ietf.org>
List-Subscribe: <mailto:nasr-join@ietf.org>
List-Unsubscribe: <mailto:nasr-leave@ietf.org>

No strong opinions here, but i have in the past seen "use-case" as a broad term
covering all reasons why customers want something. Especially in the IETF.
Both "local compliance" and "business reasons" would be sub-bullet items IMHO.

Wrt. data leakage prevention: I remember even as much as 20 years ago or longer,
Providers using IP Multicast where requesting that TV traffic that was encrypted
would still not be permitted to go to subscribers who did not pay for it, but
that those customers would be prohibited by IP Multicast routing policies to
request that traffic. Which required us vendors to implement a wide variety
of policy filtering of IP Multicast routing (IGMP/MLD policy filtering for example).

The reason was simply that content providers had woken up to the attack vector
of encryption keys to not be very good long-term, or that in multicast, the
encrpyption key had to be shared to multiple subscribers, so some subscribers that
where permitted to receive the content could extract and share the encryption key
with subscribers that had not paid for the content. And network filtering to
prohibit such network dissemination would circumvent that attack vector. Of course,
legitimate receivers could can still can today decrypt their content with
appropriate software, but re-sending the whole decrypted content to more
receivers requires a lot more network resources than sharing decryption keys.

Not sure if any of this multicast example is of interested to be written down
in any part of NASR docs, let me know if it is. Else this was just meant as
an example of history in network based leakage prevention to prohibit
encryption key sharing or long-term key cracking as an attack vector.

The unicast equivalent of course is not to upload to-be-protected content to
publically accessible web-caches because that too would make dissemination of
that content plus key cracking easier.


Cheers
    Toerless

On Tue, Aug 13, 2024 at 06:57:05AM +0000, Liuchunchi(Peter) wrote:
> >> mybe we need some addtional cases for meeting this kind of law, legal compliance?
> 
> This is not a use case I think, legal compliance is a policy driver. Use cases are business-specific scenarios that specifies clients, topology, needs and offerings. Like remote training transmission connectivity service (that prevents leakage) we discussed at this IETF.
> 
> VPN has its vulnerabilities, we discussed at the BOF too – traffic analysis, deprecated crypto, …
> 
> Germany TTDSG states a similar legal requirement of data sovereignty (“no go abroad”).
> 
> 
> From: 刘鹏辉 <liupenghui1982@163.com>
> Sent: Tuesday, August 13, 2024 1:20 PM
> To: Liuchunchi(Peter) <liuchunchi@huawei.com>
> Cc: Meiling Chen <chenmeiling@chinamobile.com>; Michael Richardson <mcr@sandelman.ca>; nasr@ietf.org
> Subject: Re:RE: [nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120
> 
> 
> I mean beside the usecase for business secret protection, which already can be met by VPN,  mybe we need some addtional cases for meeting this kind of law, legal compliance?
> 
> 
> 
> Anyway, if there would be sufficient protective measures, GPDR allows for the transmission of data across borders. but we have no positive usecase for the “ no go abroad”,the related technology cannot evolve for long time....
> 
> 
> 
> At 2024-08-13 11:07:12, "Liuchunchi(Peter)" <liuchunchi@huawei.com<mailto:liuchunchi@huawei.com>> wrote:
> > What is the exact significance of this demand of NASR, just meet this kind of law?......
> 
> It is for leakage prevention purposes, for both business secret protection and legal compliance considerations.
> 
> 
> > the law may not be written in such detail, personally I think it should be the Terrestrial boundary...
> 
> By the time of lawmaking I think no technology permitting such promise was available.
> By terrestrial boundary, I think meiling means it is not the ONLY factor when orchestrating a path—device integrity and free of tampering for example is another key factor should be considered when orchestration.
> 
> PCL
> 
> From: 刘鹏辉 <liupenghui1982@163.com<mailto:liupenghui1982@163.com>>
> Sent: Tuesday, August 13, 2024 10:30 AM
> To: Meiling Chen <chenmeiling@chinamobile.com<mailto:chenmeiling@chinamobile.com>>
> Cc: Michael Richardson <mcr@sandelman.ca<mailto:mcr@sandelman.ca>>; nasr@ietf.org<mailto:nasr@ietf.org>
> Subject: [nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120
> 
> 
> Large cloud vendors have different server regions in different countries and operate across borders, the law may not be written in such detail, personally I think it should be the Terrestrial boundary...
> 
> 
> 
> What is the exact significance of this demand of NASR, just meet this kind of law?......
> 
> 
> 
> At 2024-08-09 18:00:06, "Meiling Chen" <chenmeiling@chinamobile.com<mailto:chenmeiling@chinamobile.com>> wrote:
> Indeed, after considering the example mentioned by Mic,
> Terrestrial boundary is not the only determining attribute, need more properties for real no go abroad, right?
> 
> Best,
> Meiling
> 
> From: Michael Richardson<mailto:mcr@sandelman.ca>
> Date: 2024-08-05 03:13
> To: =?UTF-8?B?5YiY6bmP6L6J?=<mailto:liupenghui1982@163.com>; nasr@ietf.org<mailto:nasr@ietf.org>
> Subject: [nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120
> 
> I don't see anything in your summary of GDPR that says that encrypted PII can
> not cross another territory.
> 
> At each end the GDPR clearly applies, but for example, I see nothing in your
> description that prevents data from Geneva to Bern (both in Switzerland) from
> travelling on fiber to the south of Lake Geneva/Leman.  That is, through
> France. (is that a better route for fiber? Probably not. But a redundant
> microwave link from mountain to mountain would make a lot of sense)
> (Or: Zagreb to Bucharest, both EU countries, via Belgrade)
> Does GDPR really apply here?
> 
> I'm sure such edicts exist, but if GDPR mandates this, it would be best to have
> a very specific clause referenced.
> 
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> ]     mcr@sandelman.ca<mailto:mcr@sandelman.ca>  http://www.sandelman.ca/        |   ruby on rails    [
> 
> 
> 
> 
> [https://count.mail.163.com/beacon/webmail.gif?type=webmail_mailtrace&guid=pre_cac6aa139d88fd4620ae8fc6facaae9b]
> [https://count.mail.163.com/beacon/webmail.gif?type=webmail_mailtrace&guid=pre_adbf418b320540ab18e030851aba19bf]

-- 
---
tte@cs.fau.de