[saag] Re: 回复: FW: Interests on Initiating the standardization work related to "Zero Trust"?
Xueting Li <lixt2@foxmail.com> Mon, 05 January 2026 03:07 UTC
Return-Path: <lixt2@foxmail.com>
X-Original-To: saag@mail2.ietf.org
Delivered-To: saag@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id AA67FA2AC5A7 for <saag@mail2.ietf.org>; Sun, 4 Jan 2026 19:07:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: 3.8
X-Spam-Level: ***
X-Spam-Status: No, score=3.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HELO_DYNAMIC_IPADDR=1.951, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RDNS_DYNAMIC=0.982, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=foxmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XotvgJNs1DKt for <saag@mail2.ietf.org>; Sun, 4 Jan 2026 19:07:46 -0800 (PST)
Received: from out162-62-58-211.mail.qq.com (out162-62-58-211.mail.qq.com [162.62.58.211]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 07D24A2AC109 for <saag@ietf.org>; Sun, 4 Jan 2026 19:05:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foxmail.com; s=s201512; t=1767582291; bh=EJuIBt7Sj5KcWTcrRwClWSCEaLntpaRy8jvp6WO6q2A=; h=Date:From:To:Cc:Subject:References; b=C7ckF0MhVAWkbaR6X/miVCq/yU/KsqsGgtyWweh40c5vnIFHW8YUw+F+ZwVLcZ4Nl TNb6JB23Vr1dPaPwjmqXiC0u3b6yBeDzLYonqiyDcpYusLZulLZl7x/zfugOyI4Phj GsEbiD7dMk28p59Y4k8MzYTOQdb/URKI9NiBTLQs=
Received: from DESKTOP-690SC9I ([219.142.69.76]) by newxmesmtplogicsvrszb51-0.qq.com (NewEsmtp) with SMTP id 1323224D; Mon, 05 Jan 2026 11:04:50 +0800
X-QQ-mid: xmsmtpt1767582290tm31296lu
Message-ID: <tencent_71C26D9A3215A70B280EE3B47A1E5BB0C809@qq.com>
X-QQ-XMAILINFO: NbfphZrtnXPOJ+WLEOPL36d0T8ajxJ55jGmkxThvptY5CAqGJ/qFI1AdY6mPYN QT84CfpxkBddhhBz4s776tC3/arnbKj+iogvM62s3Nk8X3Jcz0VCft03K+HMCqzU8kfgJqR+4MZD oceiy5hyopzoYtQvbOKJYJFYoT+/H4V3q5SLJfaekv1dTWx4et+Xwh447WovHrYtGP47Ws4HKwm3 BkxaEBGDwLVeBmYMmY0jg8OkLUnEQ7udQaOOcSR3c1X5y7UvNSGOepYMFSv1umSzwhFbbHf/cVtV QSq15t0Y4KMtURgMXsnL+Zz25oiHrHLLBXHHgbnmTlCXfF/gReRRJyUi2bvL56iDXlPS4r5Z9Aa7 orkf67T5fLWQtYjKVuohspD9VrWCoZhbc2ohP2HtsBv/fXLhpTGQMRF1Atfo4PHEjXF3fpBLruUm bX+vaeNqa5dJD38azJUsSD8heUMv2GwX2TUSe+hH8PDRiNqNms4+H/v1Jc3DNEJOB7buLsEdX4HA 4pjv1jLs9vaUU/wN8YqgbOXZvXi4IFqJOrUNJna6tdJkaHqic5StOFQfmQZYp5d6zYImFGJps8ws UehBB/RlEztaz37riM9fTSG/WadSh7WQficoBsZrEN8N6t8F9HFTC6viPhQfUICUION5ZlwoZ7AX 3z64SagQuDlJ/4MGQME/wAm51vfj/NR9jr0zLriQMLnpihUolVVUOHPABMfow/gvnImNY6+xBogQ TdZ5CIkqeIN/aMr3NXgvIDv1RFi/6P3M50iVSonNUoGiIjNOZV+6X3hRDZFbLih2Bk5BsIUVwkzh piOU3q9IiIQ6rPbhrTvkxesCxGG9QBO8+Hft5Y34w4QTQXzxuJbPAxFcWEYhNMmvKixgoMqhMPm2 PyTwKfc0klDTzYsu4ZrtV8EQbi0xg6FBdd7NifOjK9DboAggJROrsOFvsuhGk9+0xif/rOAJWka6 a634BZNJv6a2ITyhBSvaemEwmHvLZ9+cl1/5kBzOMWt3U2rp3NE6g3ML+FP74TjvLGzIFPyzrJKM upH/2BvucGZk4fYZg8xFEBuqNewt7+4l8N2srZTmNlt/aE+WA/hx8UeLfecysWm4qeY/+hnMm/xD VP3B1x
X-QQ-XMRINFO: M/715EihBoGSUXB62xZcgXq0G9J8deowsQ==
Date: Mon, 05 Jan 2026 11:04:50 +0800
From: Xueting Li <lixt2@foxmail.com>
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>, saag <saag@ietf.org>
References: <000001dc6ef7$8a09d570$9e1d8050$@tsinghua.org.cn>, <000c01dc79f8$f2788ff0$d769afd0$@tsinghua.org.cn>, <tencent_A209D88864464D5B53B4C5A9F540B6C8910A@qq.com>, <16ed0b69-f325-4b79-b850-bd7c834de724@tu-dresden.de>
X-Priority: 3
X-GUID: 3AC4A48D-5293-4E80-BAA5-00DD05195E88
X-Has-Attach: no
X-Mailer: Foxmail 7.2.25.213[cn]
Mime-Version: 1.0
X-OQ-MSGID: <202601041516246603892@foxmail.com>
Content-Type: multipart/alternative; boundary="----=_001_NextPart113720647485_=----"
Message-ID-Hash: QAPDDOVUZBEDRHXQXFGFLQFGBICC435Z
X-Message-ID-Hash: QAPDDOVUZBEDRHXQXFGFLQFGBICC435Z
X-MailFrom: lixt2@foxmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-saag.ietf.org-0; header-match-saag.ietf.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: wangaijun <wangaijun@tsinghua.org.cn>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [saag] Re: 回复: FW: Interests on Initiating the standardization work related to "Zero Trust"?
List-Id: Security Area Advisory Group <saag.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/eDRaPJmFHyaJnz23yY3V2fw2spA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Owner: <mailto:saag-owner@ietf.org>
List-Post: <mailto:saag@ietf.org>
List-Subscribe: <mailto:saag-join@ietf.org>
List-Unsubscribe: <mailto:saag-leave@ietf.org>
Hi Usama, Thank you for your valuable comments and references—they help clarify the positioning of our document and we greatly appreciate your engagement. Below is our response to your points: 1. Core Differences from the Two SEAT Drafts Your referenced drafts [1][2] focus on communication-layer device state verification (via TLS post-handshake attestation) to supplement TLS with device/software integrity checks. Our document targets network-layer trust mechanism reconstruction: Scope: Addresses systemic risks of the perimeter-centric model (lateral movement, control/management plane vulnerabilities) by extending zero trust to the entire network, not just endpoint communication. Verification Object: Validates all network entities and interactions (internal communications, control messages, management operations), not just individual device runtime states. Goal: Transforms the "hard shell, soft interior" network into a resilient system with dynamic trust assessment—an architecture upgrade, not just a protocol supplement. 2. Response to Specific Comments Sec.8 Performance Overhead: Included as unaddressed latency/load may degrade availability or prompt disabling security controls, creating gaps—aligning with IETF’s focus on operational risks impacting security. Missing Reference Details: We have supplemented it in the new version. 3. Document Update We’ve released a new version of the draft: draft-li-zt-consideration-01, which adds detailed descriptions of management plane risks (e.g., API/orchestration vulnerabilities) to strengthen the problem statement. URL: https://www.ietf.org/archive/id/draft-li-zt-consideration-01.txt Thank you again for your constructive feedback. We welcome further feedback on the updated draft. Best regards, Xueting China Telecom lixt2@foxmail.com 发件人: Muhammad Usama Sardar 发送时间: 2025-12-31 16:31 收件人: Xueting Li; saag 抄送: wangaijun 主题: Re: [saag] 回复: FW: Interests on Initiating the standardization work related to "Zero Trust"? Hi Xueting and Aijun, On 31.12.25 03:58, Xueting Li wrote: We warmly welcome your comments, suggestions, and involvement. Please feel free to share your feedback. I appreciate that you warmly welcome further comments, but I kindly ask you to warmly address them as well. How is it addressing my questions/concerns in [0]? In particular, see network infrastructure integrity [1]. Your goal seems to be "continuous, dynamic verification" which can be done by post-handshake attestation [2*]. Sec.8: I don't understand what performance overhead has got to do with security consideration? References are missing important details, e.g., author names and links. And why is it standards track? -Usama [0] https://mailarchive.ietf.org/arch/msg/saag/5yJGI21NKtUz18jD-AQbF7pJdok/ [1] https://www.ietf.org/archive/id/draft-mihalcea-seat-use-cases-00.html#section-3.3 [2*] https://tls-attestation.github.io/exported-attestation/draft-fossati-seat-expat.html * Apologies for mentioning the editors' draft. We will roll out the updates in the corresponding draft early next year.
- [saag] Interests on Initiating the standardizatio… Aijun Wang
- [saag] Re: [EXT] Interests on Initiating the stan… Blumenthal, Uri - 0553 - MITLL
- [saag] Re: [EXT] Interests on Initiating the stan… Harry Halpin
- [saag] Re: Interests on Initiating the standardiz… six1@chinatelecom.cn
- [saag] Re: [EXT] Interests on Initiating the stan… Richard Barnes
- [saag] Re: [EXT] Interests on Initiating the stan… Paul Hoffman
- [saag] Re: [EXT] Interests on Initiating the stan… Michael Richardson
- [saag] 回复: Re: Re: [EXT] Interests on Initiating … six1@chinatelecom.cn
- [saag] Re: [EXT] Interests on Initiating the stan… Salz, Rich
- [saag] Re: [EXT] Interests on Initiating the stan… Nico Williams
- [saag] Re: [EXT] Interests on Initiating the stan… Aijun Wang
- [saag] Re: 回复: FW: Interests on Initiating the st… Muhammad Usama Sardar
- [saag] Re: [EXT] Interests on Initiating the stan… Benfeng Chen
- [saag] Re: Interests on Initiating the standardiz… Liuchunchi(Peter)
- [saag] Re: Interests on Initiating the standardiz… Eric Rescorla
- [saag] 回复: FW: Interests on Initiating the standa… Xueting Li
- [saag] Re: 回复: FW: Interests on Initiating the st… Eric Rescorla
- [saag] Re: [EXT] Interests on Initiating the stan… Muhammad Usama Sardar
- [saag] Re: [EXT] Interests on Initiating the stan… Benfeng Chen
- [saag] Re: [EXT] Interests on Initiating the stan… Muhammad Usama Sardar
- [saag] Re: [EXT] Interests on Initiating the stan… Michael P1
- [saag] Re: [EXT] Interests on Initiating the stan… Muhammad Usama Sardar
- [saag] Re: 回复: FW: Interests on Initiating the st… Xueting Li