[Rats] 答复: I-D Action: draft-xia-rats-pubsub-model-01.txt
"Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com> Fri, 25 October 2019 10:49 UTC
Return-Path: <frank.xialiang@huawei.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 503CB1207FC for <rats@ietfa.amsl.com>; Fri, 25 Oct 2019 03:49:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4LqJ_KvRGwwD for <rats@ietfa.amsl.com>; Fri, 25 Oct 2019 03:49:54 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D523120853 for <rats@ietf.org>; Fri, 25 Oct 2019 03:49:54 -0700 (PDT)
Received: from lhreml701-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id B733CE11394EA5729700 for <rats@ietf.org>; Fri, 25 Oct 2019 11:49:51 +0100 (IST)
Received: from DGGEMM424-HUB.china.huawei.com (10.1.198.41) by lhreml701-cah.china.huawei.com (10.201.108.42) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 25 Oct 2019 11:49:50 +0100
Received: from DGGEMM511-MBS.china.huawei.com ([169.254.2.205]) by dggemm424-hub.china.huawei.com ([10.1.198.41]) with mapi id 14.03.0439.000; Fri, 25 Oct 2019 18:49:46 +0800
From: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
To: "Eric Voit (evoit)" <evoit@cisco.com>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: I-D Action: draft-xia-rats-pubsub-model-01.txt
Thread-Index: AQHViBDOUI4rb/HFBUK0zshVl4zGpqdlEcGwgAOpqICAAFOgUIAArEcAgAF4E0A=
Date: Fri, 25 Oct 2019 10:49:46 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F13E9BE48A@dggemm511-mbs.china.huawei.com>
References: <157166335792.31879.1954974781212349601@ietfa.amsl.com> <C02846B1344F344EB4FAA6FA7AF481F13E9ABCCD@dggemm511-mbs.china.huawei.com> <SN6PR11MB263844CBF5EC4BF9EAA11604A16B0@SN6PR11MB2638.namprd11.prod.outlook.com> <C02846B1344F344EB4FAA6FA7AF481F13E9BCDAD@dggemm511-mbs.china.huawei.com> <BN7PR11MB26271718BBB4C711C15F460FA16A0@BN7PR11MB2627.namprd11.prod.outlook.com>
In-Reply-To: <BN7PR11MB26271718BBB4C711C15F460FA16A0@BN7PR11MB2627.namprd11.prod.outlook.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.138.33.46]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/5LqF8ms6s4rEVRXWxPbnatQTUB0>
Subject: [Rats] 答复: I-D Action: draft-xia-rats-pubsub-model-01.txt
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2019 10:49:57 -0000
Hi Eric, -----邮件原件----- 发件人: RATS [mailto:rats-bounces@ietf.org] 代表 Eric Voit (evoit) 发送时间: 2019年10月24日 20:46 收件人: Xialiang (Frank, Network Standard & Patent Dept) <frank.xialiang@huawei.com> 抄送: rats@ietf.org 主题: Re: [Rats] I-D Action: draft-xia-rats-pubsub-model-01.txt Hi Frank, > From: Xialiang (Frank, Network Standard & Patent Dept), Wednesday, > October 23, 2019 11:32 PM > To: Eric Voit (evoit) <evoit@cisco.com> > > Hi Eric, > Thank you for good comments! > > Please see inline: > > -----邮件原件----- > 发件人: RATS [mailto:rats-bounces@ietf.org] 代表 Eric Voit (evoit) > 发送时间: 2019年10月24日 5:38 > 收件人: Xialiang (Frank, Network Standard & Patent Dept) > <frank.xialiang@huawei.com>; rats@ietf.org > 主题: Re: [Rats] I-D Action: draft-xia-rats-pubsub-model-01.txt > > Hi Frank, > > A few quick thoughts. > > (1) The best way to deliver a nonce is to augment the <establish- > subscription> RPC from RFC8639. This requires just one object update. To > make this work effectively, we would need to expand the > draft-birkholz-rats- basic-yang-module to also include data nodes for > PCR state, rather than just the current RPCs. BTW: If we base the > data nodes on existing groupings, this actually is not a big change. > [Frank]: I don't understand your point exactly. Since nonce for > freshness checking and protecting against replay attack is used by a > randomly generating and varied in each notification message way, I > think current dynamic subscription or configured subscription both > need some extension for achieving this goal. And what is the point of > your next statement of including data nodes for PCR state rather than > just the current RPCs? Do you mean by this way the PCR state can be acquired by netconf push solution? Yes. One way to do this would be sending a TUDA Sync token in the RPC response, or the subscription-started notification. Eric [Frank]: agree. Or maybe more. > (2) Figure 2 & 3 mix the context of both stream subscriptions > (RFC8639) and datastore subscriptions (RFC8641). What you want is an > RFC8641 subscription to draft-birkholz-rats-basic-yang-module, and an > independent > RFC8639 subscription to event streams like pcr-trust-evidence. The > results of these subscriptions can be independently correlated at the verifier. > [Frank]: You are right. Figure 2 is an example of using configured > subscriptions to acquire the on-change state of PCR since they are > very important event for RATS protocol. Figure 3 is an example of > using netconf push (datastore subscriptions) to periodically get > bios-log-trust-evidence for normal checking task. Figure 4 is an > example of using the pre-defined events as the update trigger > according the relatively new ECA netconf method. But I generally agree with your idea of their relation. > > (3) Interestingly, the need to subscribe on-change to the values of > individual PCRs (rather than a hash across multiple PCRs) is a perfect > example of why a router will need to do pre-processing and > summarization of signed information coming off a TPM. This is in > contrast to people who believe that a cryptoprocessor's raw feed is > sufficient for all off-router applications. A raw feed from a TPM is simply not sufficent. > > Eric > > > From: Xialiang (Frank, Network Standard & Patent Dept), October 21, > > 2019 9:13 AM > > > > Hi, > > We submit a new draft describing a method of using the netconf > > pub/sub model in the RATS interaction procedure, to increase its > > flexibility, efficiency and scalability. > > > > Warmly welcome your comments! > > > > B.R. > > Frank > > > > > > -----邮件原件----- > > 发件人: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] 代表 > > internet-drafts@ietf.org > > 发送时间: 2019年10月21日 21:09 > > 收件人: i-d-announce@ietf.org > > 主题: I-D Action: draft-xia-rats-pubsub-model-01.txt > > > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > > > > > Title : Using Netconf Pub/Sub Model for RATS Interaction > > Procedure > > Authors : Liang Xia (Frank) > > Wei Pan > > Filename : draft-xia-rats-pubsub-model-01.txt > > Pages : 14 > > Date : 2019-10-21 > > > > Abstract: > > This draft defines the a new method of using the netconf pub/sub > > model in the RATS interaction procedure, to increse its flexibility, > > efficiency and scalability. > > > > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-xia-rats-pubsub-model/ > > > > There are also htmlized versions available at: > > https://tools.ietf.org/html/draft-xia-rats-pubsub-model-01 > > https://datatracker.ietf.org/doc/html/draft-xia-rats-pubsub-model-01 > > > > A diff from the previous version is available at: > > https://www.ietf.org/rfcdiff?url2=draft-xia-rats-pubsub-model-01 > > > > > > Please note that it may take a couple of minutes from the time of > > submission until the htmlized version and diff are available at > tools.ietf.org. > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > _______________________________________________ > > I-D-Announce mailing list > > I-D-Announce@ietf.org > > https://www.ietf.org/mailman/listinfo/i-d-announce > > Internet-Draft directories: http://www.ietf.org/shadow.html or > > ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > _______________________________________________ > > RATS mailing list > > RATS@ietf.org > > https://www.ietf.org/mailman/listinfo/rats
- [Rats] 转发: I-D Action: draft-xia-rats-pubsub-mode… Xialiang (Frank, Network Standard & Patent Dept)
- Re: [Rats] I-D Action: draft-xia-rats-pubsub-mode… Eric Voit (evoit)
- [Rats] 答复: I-D Action: draft-xia-rats-pubsub-mode… Xialiang (Frank, Network Standard & Patent Dept)
- Re: [Rats] I-D Action: draft-xia-rats-pubsub-mode… Eric Voit (evoit)
- [Rats] 答复: I-D Action: draft-xia-rats-pubsub-mode… Xialiang (Frank, Network Standard & Patent Dept)