[nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up

Eric Rescorla <ekr@rtfm.com> Fri, 11 April 2025 13:40 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: nasr@mail2.ietf.org
Delivered-To: nasr@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 11E251AAEAE6 for <nasr@mail2.ietf.org>; Fri, 11 Apr 2025 06:40:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IAfoZwfTp8ga for <nasr@mail2.ietf.org>; Fri, 11 Apr 2025 06:40:19 -0700 (PDT)
Received: from mail-yw1-x1133.google.com (mail-yw1-x1133.google.com [IPv6:2607:f8b0:4864:20::1133]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 33C891AAEAD8 for <nasr@ietf.org>; Fri, 11 Apr 2025 06:40:19 -0700 (PDT)
Received: by mail-yw1-x1133.google.com with SMTP id 00721157ae682-6f768e9be1aso34416967b3.0 for <nasr@ietf.org>; Fri, 11 Apr 2025 06:40:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1744378819; x=1744983619; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+5yyHjEqbJeLE/n66dkn9HMw6TBkfW3QhT/ekwDDATs=; b=L1fB6k0xHRD3w251setfMSvNRYc+VCgUKGvUCqIXbe0AkJflJV5DhyKWP/a5D4eyrC NRl3iYCTtYA87ny6dkp8+f/QehxRG91aB3JLMvWe/ICY796uQ4Zz4tCAKs/jFtEsIkSZ s4WmuvTeGVRLv6XzRKV7bCpIEPqfGpH+EUdtQjwmAfms0mJ4L8TCYIaOiP/MSuNfRt6M NK6bm0o1Z9R9oj3YKZUZ/rUuf9guqhv5g2EJJECJPZWNLEvQm9G7Jw32KUEhoPmkO6zB eokqWxOVlxmCF4SU6Rex+5Zg/5tYm0hcgN2WHvt19Fte43E7Q4FiiP/K33DnMHlb3Jgk QRNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744378819; x=1744983619; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+5yyHjEqbJeLE/n66dkn9HMw6TBkfW3QhT/ekwDDATs=; b=CDGQY5dc0fIx1fQMyjYLQpRkiRoa/OAqh6b8g6jKEAyx/DXYnJ1abh8L2Erq/BOVjQ IMQsO28ZxvT5/tupdXjVvfExCGpt+8um3BZDub2DxShVUXF3PpvuG6UhrS/z07YCv4Ny ZJ97u5UKVg0G3KNeSSb7gl71ZbIsDxFPjbbdRf3rWKLmOB29iHhk4MOZx+dh2xtEiGv6 G97QmL6DxDZJY3ArRqF0DBJANn3lJ340ddqekCn7N/wbTSsASKjRAIdPBJulz0KN3XJ5 WXpumpc1Dch7GBvetddeS5WK42SsTDsVHok9Y5g9YM4USifsTW5OxqWbaYOZGhxThWVo oUlQ==
X-Forwarded-Encrypted: i=1; AJvYcCXxEZDHUeYgok2ENbj2HKmgVZlrgSEcnC8q4HOPJHnfAwh0CDZtVhZlpAZvdBqUg1wBWpf7@ietf.org
X-Gm-Message-State: AOJu0Yzu8GwRt7OuL7Tyv1hflZASipFaK4MayGYz5d7lVzcSsFNlppos xTWkNPXbbJT1EKb9JmzIr8AyI3WDj1MlkXpHXaUvmISDpeBspGhFsOAwHDe+es8/JCsCVPu9rJu 8PmjbRrwOnwW/SNjCozlwiVZioLpjZ0EJt8e7gA==
X-Gm-Gg: ASbGncvn0MYUDHX0+s4LWdlz7ixuFLJWrpStHr9OAjlOHOPz/IzmeIzwV5t2xXXSZS0 gmQsE9lzJqPa/JMsEgAbCRDYPEsRbTWDTt8dkrFA0IBx2sLENxgEMZAWfr2BSJZJMCi+f+fn2FD n9skunyxjTZCWLVMrSv/yCe4gG
X-Google-Smtp-Source: AGHT+IFe82i4MvYixblY8dHQpyDiakOrpjhQI6GwFdA61IehT3TtCEvU+bvLU6MocxfkHei5Z07O5qW8PTSLmO1KaBk=
X-Received: by 2002:a05:690c:fc6:b0:703:b296:7897 with SMTP id 00721157ae682-70549e81e80mr117943707b3.6.1744378818631; Fri, 11 Apr 2025 06:40:18 -0700 (PDT)
MIME-Version: 1.0
References: <ef08bf0afa924713acc629dff8156761@huawei.com> <2025040312042771743841@chinamobile.com> <CAL02cgSg53nOB8BCSNCLGC78r41P_1VzBPoj2yOJP1qbS0jqfA@mail.gmail.com> <CABcZeBPFaJMsWyNozXS+osh251631vCStkrmOk=WQig5c1_0qw@mail.gmail.com> <19058.1743968487@obiwan.sandelman.ca> <CABcZeBPGt-OLy9KGpTM22neE7F9ysD=Wm0zK6yHZoQ3gFHXqGw@mail.gmail.com> <fd1b5da9-8d5c-c0f6-c801-578c45529f45@ietf.contact> <CABcZeBPEBrQYBH8oH3-JhQbcxi0djcsGVhSJXO3f-jEvdPik_w@mail.gmail.com> <Z_heIJ4DDae5uX_-@faui48e.informatik.uni-erlangen.de> <85ec24dea0b94ceea81f2dcd0701c2f9@huawei.com>
In-Reply-To: <85ec24dea0b94ceea81f2dcd0701c2f9@huawei.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 11 Apr 2025 06:39:41 -0700
X-Gm-Features: ATxdqUGuNC20a3vtLngXG1O1qhSD4JyTICAbP7g6OFQ5HlDCPJuBPE4ELE71FMs
Message-ID: <CABcZeBPA_mC=MsNXHNMT1+bwcnq_jOrYDVv=Au0SVHru4c2X7A@mail.gmail.com>
To: "Liuchunchi(Peter)" <liuchunchi@huawei.com>
Content-Type: multipart/alternative; boundary="000000000000d6bc0b063280d76f"
Message-ID-Hash: Z3EP24CI45M5H4ZSFBPGNBF7EMOP236V
X-Message-ID-Hash: Z3EP24CI45M5H4ZSFBPGNBF7EMOP236V
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Toerless Eckert <tte@cs.fau.de>, Henk Birkholz <henk.birkholz@ietf.contact>, Michael Richardson <mcr+ietf@sandelman.ca>, "nasr@ietf.org" <nasr@ietf.org>, IETF SAAG <saag@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up
List-Id: Network Attestation for Secure Routing <nasr.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nasr/w3UM5-BSZECN1UB3cu2l2BpeMKw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nasr>
List-Help: <mailto:nasr-request@ietf.org?subject=help>
List-Owner: <mailto:nasr-owner@ietf.org>
List-Post: <mailto:nasr@ietf.org>
List-Subscribe: <mailto:nasr-join@ietf.org>
List-Unsubscribe: <mailto:nasr-leave@ietf.org>

On Fri, Apr 11, 2025 at 2:34 AM Liuchunchi(Peter) <liuchunchi@huawei.com>
wrote:

> > In the same way, you would start collecting enough attestation to trust
> the
> > commands through which you retrieve operational state (including prior
> > valiation of all credentials to talk to the routers). Such as (YANG
> equiv) "show
> > int * macsec state"
> > or the like (to circle back to my most favourite feature ;-). Which
> would show
> > enough details to know the credentials of the peer and that the
> interfaces
> > traffic is MacSEC secured with approved session and data encryption
> > protocols.
>
>
> Yes, and such configuration state and operational state should both be
> collected as baselines in the step 1 of NASR architecture.
>
> For device A in the path A-B-C, its "baseline hash" to obtain from the
> step 1 is a keyed hash for example AHash= hash(expected config state,
> expected operational state, expected Ingress Interface, expected Egress
> Interface...)
>
> For device B, it does it recursively like BHash  = hash(received-AHash,
> expected config state, expected operational state, expected Ingress
> Interface, expected Egress Interface...)
>

Which brings us back to the question of whether there are in fact a small
number of enumerable
good states.

-Ekr


>
> And when actual step 2 forwarding takes place, repeat the
> take-and-hash-and-replace process, only to change " expected config state "
> to " actually measured config state ". And a canonical verification can be
> done.
>
> Hope I am not oversimplifying to confuse people...
>
> Peter
>
> > -----Original Message-----
> > From: Toerless Eckert <tte@cs.fau.de>
> > Sent: Friday, April 11, 2025 8:11 AM
> > To: Eric Rescorla <ekr@rtfm.com>
> > Cc: Henk Birkholz <henk.birkholz@ietf.contact>; Michael Richardson
> > <mcr+ietf@sandelman.ca>; nasr@ietf.org; IETF SAAG <saag@ietf.org>
> > Subject: [nasr] Re: [saag] Re: Re: Re: NASR BOF Follow-Up
> >
> > Eric,
> >
> > >From my understanding, this analysis does not need to be constrained to
> > configuration state. In fact, i would never want to trust configuration
> state
> > alone, but only configuration and operational state.
> >
> > This is the same for existing rats for e.g.: secure bootstrap. The
> attestation
> > provided by a device is not that it has some "operating system file with
> some
> > cert/signature", but that that is actually the running OS.
> >
> > In the same way, you would start collecting enough attestation to trust
> the
> > commands through which you retrieve operational state (including prior
> > valiation of all credentials to talk to the routers). Such as (YANG
> equiv) "show
> > int * macsec state"
> > or the like (to circle back to my most favourite feature ;-). Which
> would show
> > enough details to know the credentials of the peer and that the
> interfaces
> > traffic is MacSEC secured with approved session and data encryption
> > protocols.
> >
> > It is then the controller who provides the attestation for the fact that
> the
> > network (or subdomain or whatever) is running MacSec beteween all
> > members.
> >
> > And if we could get scripts into routers to do this analysis of
> operational state
> > locally on a router, that would be even better, because then it could
> probably
> > be extending what the router can attest to itself - and the NASR
> controller
> > needs to primarily provide only attestation as to the seamless
> connectivity of
> > the per-hop encrypted topoloy or path of interest.
> >
> > Cheers
> >     toerless
> >
> > On Thu, Apr 10, 2025 at 12:28:39PM -0700, Eric Rescorla wrote:
> > > On Thu, Apr 10, 2025 at 11:02 AM Henk Birkholz
> > > <henk.birkholz@ietf.contact>
> > > wrote:
> > >
> > > > Hi ekr,
> > > >
> > > > auditing the "correctness" of configuration or configurable state is
> > > > an additional step that comes with its own security considerations,
> I think.
> > > >
> > > > The fact that a network device is trustworthy (it is doing what it
> > > > is intended to do (by the Verifier Owner) and nothing else) does not
> > > > directly translate to an operational state that is doing what every
> > > > Relying Party expects it to do, I think.
> > > >
> > > > In remote attestation, the Verifier can be considered a trusted
> > > > third party that takes on the burden of Evidence appraisal. As there
> > > > are can be a quite colorful bouquet of Attester and Evidence types,
> > > > that (sometimes quite significant burden/complexity) burden of
> > > > Evidence appraisal is off-loaded to Verifiers so that the audience
> > > > of Relying Parties can consume digestible Attestation Results
> tailored to
> > their needs.
> > > >
> > > > If there is additional "relevant stuff" w.r.t. a network device
> > > > which needs to be evaluated, that might be a task that remote
> > > > attestation is only in support of - but that does not seem to be an
> > > > explicit part of establishing trust in the trustworthiness in a
> > > > remote peer/router. Or am I missing something very obvious here?
> > > >
> > >
> > > I don't know if you're missing something, but I don't really see how
> > > this addresses my point, which is about the complexity of evaluating
> > > the relevant Evidence, not about who does it. Specifically, my concern
> > > is that it will not be practical to determine whether a given router
> > > configuration enforces the high level semantics desired by the Relying
> > > Party, e.g., that the data is going directly from this system to
> > > system B without any ability for anyone else to see it. In order to
> > > ensure this, someone has to know that all configuration values that
> > > might implicate this guarantee are in known good states. That could
> > > happen by, for instance:
> > >
> > > - The Verifier seeing Claims for all the relevant configuration values
> > > - The vendor determining which configuration values are relevant and
> > > causing the device to emit a higher level Claim
> > >
> > > But in either case, someone needs to take on the analysis of all the
> > > configuration values. Has this been done for the types of devices in
> > > question?
> > >
> > > -Ekr
> > >
> > >
> > > >
> > > >
> > > > Viele Grüße,
> > > >
> > > > Henk
> > > >
> > > > On 06.04.25 22:52, Eric Rescorla wrote:
> > > > >
> > > > >
> > > > > On Sun, Apr 6, 2025 at 12:41 PM Michael Richardson
> > > > > <mcr+ietf@sandelman.ca <mailto:mcr%2Bietf@sandelman.ca>> wrote:
> > > > >
> > > > >
> > > > >     Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com>> wrote:
> > > > >          > However, it's not clear to me that that's true in this
> case,
> > > > >     because
> > > > >          > unlike media players, network devices are highly
> configurable
> > > > >     and a
> > > > >          > large number of the configuration directives might
> impact the
> > > > >     relevant
> > > > >          > security claims. Thus, determining whether an element
> > > > > is
> > > > policy
> > > > >          > conformant is a matter of knowing not just what code it
> is
> > > > >     running
> > > > >          > but the state of every relevant configuration
> directive. One
> > > > >     could
> > > > >          > imagine this working at least three ways:
> > > > >
> > > > >     I think you are making routers sound way more complicated than
> > > > > they
> > > > are.
> > > > >
> > > > >
> > > > >     1. 90% of directives have little to no affect.
> > > > >         (I have one toe in the routing/operations space. I'm
> > > > > ASN26227)
> > > > >
> > > > >
> > > > > Perhaps, but they still need to be individually examined in order
> > > > > to to determine that. Has someone done that?
> > > > >
> > > > >
> > > > >     2. they are significantly less complicated than Windows, yet
> all
> > > > >     that media
> > > > >         based DRM stuff you mentioned is dependant upon windows
> boot
> > > > >     doing the
> > > > >         right thing.
> > > > >
> > > > >
> > > > > But essentially none of the relevant stuff that needs to be
> > > > > attested to is configurable (by design). You just attest to the CDM
> > contents.
> > > > >
> > > > >
> > > > >          > In the former case, it is quite likely that there will
> > > > > be a
> > > > large
> > > > >          > number of valid states, because each directive may have
> > > > multiple
> > > > >          > acceptable values, and so you end up with combinatoric
> > > > explosion
> > > > >          > issues if you just have a list of hashes [0]. In the
> latter
> > > > >     case we
> > > > >
> > > > >     yet, the *routing* people with the expertise here, and a few
> > > > >     operators seem
> > > > >     pretty sure they can do this.
> > > > >
> > > > >
> > > > > It's not uncommon to see people be overconfident about things
> > > > > prior to attempting them, especially in the area of security. Has
> > > > > someone actually gone through the exercise of examining every
> > > > > directive and determining which ones are relevant?
> > > > >
> > > > > -Ekr
> > > > >
> > > > >
> > > > >          > Either approach requires studying the impact of every
> existing
> > > > >          > configuration directive for each device type to know
> what the
> > > > >          > impact will be on the relevant policy claims. This seems
> > > > >     challenging
> > > > >          > at best.
> > > > >
> > > > >     --
> > > > >     Michael Richardson <mcr+IETF@sandelman.ca
> > > > >     <mailto:mcr%2BIETF@sandelman.ca>>   . o O ( IPv6 IøT
> consulting )
> > > > >                 Sandelman Software Works Inc, Ottawa and Worldwide
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >     _______________________________________________
> > > > >     saag mailing list -- saag@ietf.org <mailto:saag@ietf.org>
> > > > >     To unsubscribe send an email to saag-leave@ietf.org
> > > > >     <mailto:saag-leave@ietf.org>
> > > > >
> > > >
> >
> > > --
> > > nasr mailing list -- nasr@ietf.org
> > > To unsubscribe send an email to nasr-leave@ietf.org
> >
> >
> > --
> > ---
> > tte@cs.fau.de
> >
> > --
> > nasr mailing list -- nasr@ietf.org
> > To unsubscribe send an email to nasr-leave@ietf.org
>