IETF Logo Mail Archive

Re: [Rats] draft-birkholz-rats-network-device-subscription-00

"Eric Voit (evoit)" <evoit@cisco.com> Tue, 28 July 2020 16:20 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C79A53A0E91 for <rats@ietfa.amsl.com>; Tue, 28 Jul 2020 09:20:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.621
X-Spam-Level:
X-Spam-Status: No, score=-9.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=JIH5QkSD; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=RhCoIKGe
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aePJLjbKGgZF for <rats@ietfa.amsl.com>; Tue, 28 Jul 2020 09:20:39 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E534C3A0E8B for <rats@ietf.org>; Tue, 28 Jul 2020 09:20:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11153; q=dns/txt; s=iport; t=1595953239; x=1597162839; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=h5aZ+WChF+zsdliWrWwLVKSoSK4/rOjhXGE0GlCKCxA=; b=JIH5QkSDHbjzvXGGYQJfazFqon5yxLWPfw5AZV4TYFvnM2Dn8JbVgyLK 4UV+Zoz/LmPTu0YdggH2aoFkezpUBBCfQCKFsz0IOszVtPJuiMSpuy4f8 JJ3mzQ8Q11O3y4co5wmLgvO+56d15Ns5kioYM+Ka/t8hkTHT7v6lW/UWj k=;
X-Files: smime.p7s : 3975
IronPort-PHdr: 9a23:CtDaQR0j6IhTUItAsmDT+zVfbzU7u7jyIg8e44YmjLQLaKm44pD+JxWFuadhiVbTVsPa5u5Kze3MvPOoVW8B5MOHt3YPONxJWgQegMob1wonHIaeCEL9IfKrCk5yHMlLWFJ/uX3uN09TFZXyYlTIqTuz4CIcXBLlOlk9KuH8AIWHicOx2qi78IHSZAMdgj27bPtyIRy6oB+XuNMRhN5pK706zV3CpX4bdg==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ApAADkTyBf/5xdJa1gGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBQIE5AgEBAQELAYFRKSgHbystLywKh3ADjVeYYYJTA1UEBwEBAQkDAQEYCwoCBAEBgW2CXwKCIAIkNwYOAgMBAQsBAQUBAQECAQYEbYVcDIVxAQEBAwEBARAuAQEsCwEEBwQCAQgRBAEBDQEhAiULHQgBAQQBDQUIBhSCOUYEAoF+TQMOEQ8BDqQ1AoE5iGF0gTSDAQEBBYUyAxWCBwcJgTgBgVKBGooBDxqBQT+BEUOCTT6CXAEBAgEWgUgVJ4MLgi2PXYoJgRiaeQqCX4Q1gliBS5E5gnuBIognkyWFUYxGnxoCBAIEBQIOAQEFgWkkDYFKcBUaIYJpCUcXAg2OHgwXg06FFIVCdAIBNAIGCAEBAwl8jmsBgRABAQ
X-IronPort-AV: E=Sophos;i="5.75,406,1589241600"; d="p7s'?scan'208";a="534507154"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 28 Jul 2020 16:20:37 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by rcdn-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id 06SGKbDK025604 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 28 Jul 2020 16:20:37 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 28 Jul 2020 11:20:37 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 28 Jul 2020 12:20:36 -0400
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 28 Jul 2020 11:20:36 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kPl9/2Q3HZE0tNtNxL/vYqlUijFVczKDbFaQar77g3dWzNCS9RnMqkC1LCCNdV3Sq9hIps0SLLARcMAX4eFMcK2RA7T9U8k3gfUxgMIc3Hbo0/fBPbKwugZdHWf0Kcjn54ZkqmwNKjn9f+HK15gw1PUcSq5VzKFI034cYX835U5Yk2b8FFztCQtZkXdVNQNfwEz3uVCiZi88/aETYP1hL2D0QQGF6hEafE+7WgFeyJsy5AqVWXTG773yBmt8pzvhyxRH/RCoelQj7l3ucG2/q9PqW1sH4tX6/O4SplRiMPu7qnqbqpx3C+BGAVU0nrEWggTpVuK6iMNzPYTG1o0QtA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MN9lD16dMyhXjjsHhcnCQz20bRhVVYuQgvRzGfXujdY=; b=InKLFrY4RI6cHT97twmFHCB4fbKDOBk9PgPFeyYSsnEKLwAiQMf+q+x1NqM6BdYY4jUZbczmtBsKIt+ow/IEBnNBBrp2g23Gf9yxEV7X1mK+cBeTAujVB0RG80kGnPQKmCXIRUgCrgqXgopHyvXNbrJau6k7HkOaBC5beIkZHV+KHYHVRIoeAISCv4yA++N2YjRbLgrmRIs+3Qif7t8i84OFa4NmCm/uQZayibJc5YjyfVcTKfQ1HHf4CuQ8WwD5xIySJwlLXpqLRnwzttEFT6FGy5fdKZi6jYIZ3v3C+YK7cTuhJGUkWXmtsRS/Bf73XXOTDVFj6JjQgK1iazEKyA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MN9lD16dMyhXjjsHhcnCQz20bRhVVYuQgvRzGfXujdY=; b=RhCoIKGenN6UuXHlBMzAgqTrz7dpsejZHY5nOC9/n+9wNPDr0/KqpqGNxoM5DWP3fkYrxTsbyeNEa9uoMrxjWVT6yliGS2FrcU6ArgzQqcVtxlfBTOWXk8R4R7wNXeopmaRgW8sAPUL52frwBvIOWrnKfMF0cS29JLSoPKWxObk=
Received: from BL0PR11MB3122.namprd11.prod.outlook.com (2603:10b6:208:75::32) by BL0PR11MB3027.namprd11.prod.outlook.com (2603:10b6:208:77::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23; Tue, 28 Jul 2020 16:20:34 +0000
Received: from BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::3496:c7b1:6ba3:ace2]) by BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::3496:c7b1:6ba3:ace2%5]) with mapi id 15.20.3216.034; Tue, 28 Jul 2020 16:20:34 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: Dave Thaler <dthaler=40microsoft.com@dmarc.ietf.org>, "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>, "rats@ietf.org" <rats@ietf.org>
CC: Wei Pan <william.panwei@huawei.com>, "Birkholz, Henk" <henk.birkholz@sit.fraunhofer.de>
Thread-Topic: draft-birkholz-rats-network-device-subscription-00
Thread-Index: AdZKRjugUmuktT1iTCKR70EUNGNj/gaoi4kQAAPEPuA=
Date: Tue, 28 Jul 2020 16:20:34 +0000
Message-ID: <BL0PR11MB3122F7A9111660B4D3C8B85CA1730@BL0PR11MB3122.namprd11.prod.outlook.com>
References: <BL0PR11MB31221B4EE75AADDB4685CBDEA1950@BL0PR11MB3122.namprd11.prod.outlook.com> <BL0PR2101MB1027CB2B71CA83305B9608BAA3730@BL0PR2101MB1027.namprd21.prod.outlook.com>
In-Reply-To: <BL0PR2101MB1027CB2B71CA83305B9608BAA3730@BL0PR2101MB1027.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-07-28T14:10:27Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=418b9af6-b4d5-4eb1-9d7d-e75014a19a02; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.117.78]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 04f01750-2c15-4388-3004-08d833122821
x-ms-traffictypediagnostic: BL0PR11MB3027:
x-microsoft-antispam-prvs: <BL0PR11MB30274A91E3B29C9ABDFB3B13A1730@BL0PR11MB3027.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: KPkUUxxaNBebxzt3SSdOQEmjLgmHpCsgR8Z7HyULkt6CCprYfXDTqkmR/b05OPZWrWfqH1USpoaZN6jUitzdU7+jJMuXXTfqkrIRZSErpWSETbq0Knr+pyE+jfidBDltPmQs82EIYNpZ/yPpbYSddT/KY24BhvOKDW946Y8DrUO7CQVMg9R8Su/9/M8EiuYIkotk1h2cbtwkTxHeH6rZstehL7EdpDw+qDai8N5voBibwk+tgQuZT43kayhicwfHgay+bVhmOxnOX9cIhTNmVL+oOZLTfvMAwDzqxmVWXHhlvhA7IFqjq8ml93mQbMJ+8XOexao7XTcx+ld19YGmhjuEhorHf0WTdtLAWU6JV/IyBqAwn8fcj4QFNmvmG5m10mMMSCxj5lMOCYJ3t8q4Lw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR11MB3122.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(39860400002)(376002)(136003)(396003)(346002)(45080400002)(478600001)(33656002)(86362001)(53546011)(7696005)(8676002)(4326008)(71200400001)(66574015)(55016002)(186003)(6506007)(966005)(83380400001)(9686003)(66556008)(52536014)(76116006)(66946007)(99936003)(316002)(64756008)(2906002)(66446008)(83080400001)(5660300002)(8936002)(110136005)(54906003)(66616009)(26005)(66476007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 3KTMM6XpeEVN6L8d21BIbQ4XNiS6jO1iTGHWq5ATdVjeHl/MqwyTVhogsBYGeFcZH82iTXOWzhhO4AnOA9F0TUz8DTFjDeceIX4j+Ry02wFZ5bUl8QWui6hZX2Ucy2VR7QV6vU0kk5STBMZ0kDgRzWgA6tIuEkN3jkEeYQHk/+LAcFgGHyL5iQi3SlcRjqaxFknl7HCo1vMfAK3llqsgVjYdVqui+YSEmzfJtf2/RYDv6RJfvuskyQzdbFs1G9uEuyPrkUvXA7XujmR9iWk8+YdURika/F5et5voz9yNyqY7+yLJzEj44V2xXI0+zth+VxEOA9eP0DvNJWQex7XbwXWo78uHCPbV5qfHfpbcWIT9Lb/Ww4TXjMxWAnUkvxOydfZ/EpmfFALMydG5J8CR5M4Gs+5xQpECO9w6orP7eUx5GSMO1j5jAqEbiEuxcdTgY/aUnK38oi75Q8Rm78M9/2vhIdvRPtNqPSp4ol3yYfBRhetfvWoGZDoqQ6ffu7lt
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0C81_01D664D9.7B985530"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR11MB3122.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 04f01750-2c15-4388-3004-08d833122821
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jul 2020 16:20:34.7004 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: gniUoQVMB4rbGVlNKJk9Dcsd2e9YWn2Yr4Ua+HlDoOtU2kjChMWN7traPhgwzM9M
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR11MB3027
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.12, xch-aln-002.cisco.com
X-Outbound-Node: rcdn-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/F78G8Ju7MJ-GEvqg8g33yulNntQ>
Subject: Re: [Rats] draft-birkholz-rats-network-device-subscription-00
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 16:20:43 -0000

> Dave Thaler, July 28, 2020 10:10 AM
> 
> I asked in the meeting how a subscriber knows who to subscribe to, and I
> believe the answer was that CHARRA answers that.  

The answer I gave was that the problem was the same as Charra.  I believe I
also said the problem itself is generic to any YANG based network element (I
don't remember if that came out).  Generalizing more from there, Network
Operators have diverse set embedded management systems which include
discovery, addressability, inventory, etc. of the network devices they
manage.

Moving back to YANG, these network management systems don't include all YANG
info about a device.  So once you have found that a device exists, the
device capabilities it supports can be acquired via a variety of mechanisms
like: 
 - NETCONF RFC 6241, Section 7 (and RFC6470)
 - YANG Library RFC 8525

> Well I looked in draft-
> ietf-rats-yang-tpm-charra-02 and it does not contain any mention of the
> subject.  I think one or the other of the two drafts needs to address this
> issue.  

This topic has not been within the scope of the many other YANG drafts/RFC
which exist.   This is reasonable as there is a huge breadth of topology
discovery protocols available and in-use for routers and switches.

Eric

> My preference is that it be in draft-birkholz-rats-network-device-
> subscription since that's the draft that talks about limitations like
> > Evidence is not streamed to an interested Verifier as soon as it is
> generated.
> Which certainly still applies, it's just another case... you didn't know
to
> subscribe to it until after the evidence was generated when it booted.
> 
> Dave
> 
> -----Original Message-----
> From: RATS <rats-bounces@ietf.org> On Behalf Of Eric Voit (evoit)
> Sent: Wednesday, June 24, 2020 9:41 AM
> To: rats@ietf.org
> Cc: Wei Pan <william.panwei@huawei.com>; Birkholz, Henk
> <henk.birkholz@sit.fraunhofer.de>
> Subject: [Rats] draft-birkholz-rats-network-device-subscription-00
> 
> Hi All,
> 
> This draft defines how to subscribe to a stream of attestation related
> Evidence on TPM-based network devices.  When subscribed, a Telemetry
> stream of verifiably fresh YANG notifications (which are generated when
> TPM PCRs are
> extended) are pushed to the subscriber.
> 
> This draft integrates:
>  *  Section 5 of draft-voit-rats-trusted-path-routing-01
>  *  Elements of draft-xia-rats-pubsub-model
> 
> Thanks!
> 
> Eric, Henk, and Wei
> 
> 
> -----Original Message-----
> From: internet-drafts@ietf.org <internet-drafts@ietf.org>
> Sent: Wednesday, June 24, 2020 12:19 PM
> To: Eric Voit (evoit) <evoit@cisco.com>; Wei Pan
> <william.panwei@huawei.com>; Henk Birkholz
> <henk.birkholz@sit.fraunhofer.de>
> Subject: New Version Notification for
> draft-birkholz-rats-network-device-subscription-00.txt
> 
> 
> A new version of I-D,
draft-birkholz-rats-network-device-subscription-00.txt
> has been successfully submitted by Eric Voit and posted to the IETF
> repository.
> 
> Name:		draft-birkholz-rats-network-device-subscription
> Revision:	00
> Title:		Attestation Event Stream Subscription
> Document date:	2020-06-24
> Group:		Individual Submission
> Pages:		20
> URL:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> ietf.org%2Finternet-drafts%2Fdraft-birkholz-rats-network-device-
> subscription-
> 00.txt&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C25825e2a37834
> 49230a708d8185d77f6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7
> C637286137029115135&amp;sdata=MnEJ5ZwAh4BlTNs09fk0Vr1H39j5N%2BJd
> yBQHNJp7BdY%3D&amp;reserved=0
> Status:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatat
> racker.ietf.org%2Fdoc%2Fdraft-birkholz-rats-network-device-
> subscription%2F&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C2582
> 5e2a3783449230a708d8185d77f6%7C72f988bf86f141af91ab2d7cd011db47%7
> C1%7C0%7C637286137029115135&amp;sdata=qukLQaq17P4ts20nW1L%2B2d
> B9zIM9XB9SRcscFWcOeLw%3D&amp;reserved=0
> Htmlized:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.
> ietf.org%2Fhtml%2Fdraft-birkholz-rats-network-device-subscription-
> 00&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C25825e2a37834492
> 30a708d8185d77f6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63
> 7286137029125095&amp;sdata=Q0TfFjrfHZU%2FKFOT3li4JG0QoBa3Vo%2FkH
> Tp00T6GbZY%3D&amp;reserved=0
> Htmlized:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatat
> racker.ietf.org%2Fdoc%2Fhtml%2Fdraft-birkholz-rats-network-device-
> subscription&amp;data=02%7C01%7Cdthaler%40microsoft.com%7C25825e2a
> 3783449230a708d8185d77f6%7C72f988bf86f141af91ab2d7cd011db47%7C1%
> 7C0%7C637286137029125095&amp;sdata=RLSvdRTcWX4Gew50X2DL7t2pE7N
> %2FA%2BKWrAVz0NhsbiA%3D&amp;reserved=0
> 
> 
> Abstract:
>    This document defines how to subscribe to a stream of attestation
>    related Evidence on TPM-based network devices.
> 
> 
> 
> 
> Please note that it may take a couple of minutes from the time of
> submission until the htmlized version and diff are available at
tools.ietf.org.
> 
> The IETF Secretariat
> 
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats

v2.23.0 | Report a Bug | By Email