[nasr] Re: Secure Routing Path Consideration- China Mobile-ietf120

Meiling Chen <chenmeiling@chinamobile.com> Tue, 15 October 2024 06:43 UTC

Return-Path: <chenmeiling@chinamobile.com>
X-Original-To: nasr@ietfa.amsl.com
Delivered-To: nasr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF75FC151071 for <nasr@ietfa.amsl.com>; Mon, 14 Oct 2024 23:43:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C4FReD59lr3H for <nasr@ietfa.amsl.com>; Mon, 14 Oct 2024 23:43:25 -0700 (PDT)
Received: from cmccmta1.chinamobile.com (cmccmta2.chinamobile.com [111.22.67.135]) by ietfa.amsl.com (Postfix) with ESMTP id C060AC1516E9 for <nasr@ietf.org>; Mon, 14 Oct 2024 23:43:23 -0700 (PDT)
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from spf.mail.chinamobile.com (unknown[10.188.0.87]) by rmmx-syy-dmz-app03-12003 (RichMail) with SMTP id 2ee3670e0f09cdd-ef4f8; Tue, 15 Oct 2024 14:43:21 +0800 (CST)
X-RM-TRANSID: 2ee3670e0f09cdd-ef4f8
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from cmcc-PC (unknown[10.2.53.48]) by rmsmtp-syy-appsvr04-12004 (RichMail) with SMTP id 2ee4670e0f08758-ebd6f; Tue, 15 Oct 2024 14:43:21 +0800 (CST)
X-RM-TRANSID: 2ee4670e0f08758-ebd6f
Date: Tue, 15 Oct 2024 14:43:20 +0800
From: Meiling Chen <chenmeiling@chinamobile.com>
To: Luigi Iannone <ggx@gigix.net>
References: <17219.1722798809@obiwan.sandelman.ca>, <202408091800065008405@chinamobile.com>, <744c46d5.25b2.19149927bcb.Coremail.liupenghui1982@163.com>, <ca7257d77709444a914c402f419ad0b0@huawei.com>, <630665a9.436d.1914a2e2fc7.Coremail.liupenghui1982@163.com>, <c15aa26cea984239baf9d2d96b6ed5a7@huawei.com>, <ZvyK4n-BI9S-SF94@faui48e.informatik.uni-erlangen.de>, <24175.1727974451@obiwan.sandelman.ca>, <Zv7t5QNKYiBXkLYf@faui48e.informatik.uni-erlangen.de>, <5925.1727990783@obiwan.sandelman.ca>, <ZwAhzypyovggw3n0@faui48e.informatik.uni-erlangen.de>, <51088332df184b1b90017a023b07a639@huawei.com>, <CAA7e52rArVz8LKh_=50RPsLLkBO72BXAoab4L3gogP84OVg8Tw@mail.gmail.com>, <f0b125fcf8fc45c4b3991202c9b0a3c6@huawei.com>, <b8af360c37e8436ba370c70ea165ba85@huawei.com>, <f1634460-3fff-7929-10af-73052588dd8e@ietf.contact>, <2024101411264178395610@chinamobile.com>, <f1cd3cd20a3b41f4b847ec586097ca8d@huawei.com>, <073DF3CA-0083-4157-A55F-DB34070C9299@gigix.net>
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7.2.9.115[cn]
Mime-Version: 1.0
Message-ID: <202410151443205744185@chinamobile.com>
Content-Type: multipart/alternative; boundary="----=_001_NextPart878825758515_=----"
Message-ID-Hash: H22OJSYPTWFFAZBYSWDQCGMO3XQDLOTX
X-Message-ID-Hash: H22OJSYPTWFFAZBYSWDQCGMO3XQDLOTX
X-MailFrom: chenmeiling@chinamobile.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Henk Birkholz <henk.birkholz@ietf.contact>, Luigi IANNONE <luigi.iannone@huawei.com>, Jean-Michel Combes <jeanmichel.combes@gmail.com>, Toerless Eckert <tte@cs.fau.de>, Michael Richardson <mcr+ietf@sandelman.ca>, 刘鹏辉 <liupenghui1982@163.com>, "nasr@ietf.org" <nasr@ietf.org>, "Liuchunchi (Peter)" <liuchunchi=40huawei.com@dmarc.ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [nasr] Re: Secure Routing Path Consideration- China Mobile-ietf120
List-Id: Network Attestation for Secure Routing <nasr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nasr/mQTpp5UxOSLAO94fIRPuXvTTMUo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nasr>
List-Help: <mailto:nasr-request@ietf.org?subject=help>
List-Owner: <mailto:nasr-owner@ietf.org>
List-Post: <mailto:nasr@ietf.org>
List-Subscribe: <mailto:nasr-join@ietf.org>
List-Unsubscribe: <mailto:nasr-leave@ietf.org>

Hi Luigi,

end-to-end encryption for privacy/security is out of scope. ---YES
What we need to protect is that no-one can mangle with auditing result.---YES
We have to provide the tools that allow to audit the path and the have a proof of transit, but NASR will not design payload encryption solutions.  ---Not Sure, if we don't know the encryption solutions, how to make audit tools?

Best,
Meiling
 
From: Luigi Iannone
Date: 2024-10-14 20:27
To: Liuchunchi(Peter)
CC: Meiling Chen; Henk Birkholz; Luigi IANNONE; Jean-Michel Combes; Toerless Eckert; Michael Richardson; 刘鹏辉; nasr
Subject: Re: [nasr] Secure Routing Path Consideration- China Mobile-ietf120
Hi All,

it seems that we converge to “L2 out of scope”.

Let’s take it a bit further…..    ;-) 

end-to-end encryption for privacy/security is out of scope.

What we need to protect is that no-one can mangle with auditing result.
We have to provide the tools that allow to audit the path and the have a proof of transit, but NASR will not design payload encryption solutions. 

Can we agree on this?

Ciao

L.

On 14 Oct 2024, at 08:10, Liuchunchi(Peter) <liuchunchi=40huawei.com@dmarc.ietf.org> wrote:

+1
 
From: Meiling Chen <chenmeiling@chinamobile.com> 
Sent: Monday, October 14, 2024 11:27 AM
To: Henk Birkholz <henk.birkholz@ietf.contact>; Liuchunchi(Peter) <liuchunchi@huawei.com>; Luigi IANNONE <luigi.iannone@huawei.com>; Jean-Michel Combes <jeanmichel.combes@gmail.com>
Cc: Toerless Eckert <tte@cs.fau.de>; Michael Richardson <mcr+ietf@sandelman.ca>; 刘鹏辉 <liupenghui1982@163.com>; nasr@ietf.org
Subject: Re: [nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120
 
Hi Henk,
 
Agree with you.
we assumed that L2 was not in the scope, but if there is confusion, it is necessary to explicitly state it in the Charter.
 
Best,
Meiling
 
发件人: Henk Birkholz
发送时间: 2024-10-11 20:44
收件人: Liuchunchi(Peter); Luigi IANNONE; Jean-Michel Combes
抄送: Toerless Eckert; Michael Richardson; 刘鹏辉; Meiling Chen; nasr@ietf.org
主题: [nasr] Re: 回复: Re: Secure Routing Path Consideration- China Mobile-ietf120
Amplifying on that statement, layer2 taps/outlets seems to be
out-of-scope. Is that a kind of clarifying baseline agreement?
 
On 10.10.24 09:04, Liuchunchi(Peter) wrote:
> proof-of-non-transit, very hard to achieve
 
-- 
nasr mailing list -- nasr@ietf.org
To unsubscribe send an email to nasr-leave@ietf.org