[saag] 回复: FW: Interests on Initiating the standardization work related to "Zero Trust"?

[Xueting Li <lixt2@foxmail.com>]

Hi, all，
We have submitted an initial draft: draft-li-zt-consideration-00.
This document serves as a starting point to gather use cases, requirements, and challenges related to applying Zero Trust philosophy in network infrastructure―specifically addressing the limitations of perimeter-centric models and the need for in-network ZT deployment to mitigate internal threats.

We warmly welcome your comments, suggestions, and involvement. Please feel free to share your feedback.

Name:     draft-li-zt-consideration
Revision: 00
Title:    Consideration of Applying Zero Trust Philosophy in Network Infrastructure
Date:     2025-12-31
Group:    Individual Submission
Pages:    7
URL: https://www.ietf.org/archive/id/draft-li-zt-consideration-00.txt
Status: https://datatracker.ietf.org/doc/draft-li-zt-consideration/
HTMLized: https://datatracker.ietf.org/doc/html/draft-li-zt-consideration


Abstract:

   Network security has traditionally relied on a perimeter-centric
   model, assuming that traffic originating within the network can be
   implicitly trusted.  This model is fundamentally challenged by
   modern, highly distributed, and software-driven network environments
   where internal compromise is a realistic and high-impact threat
   scenario.  This document examines the critical limitations of edge-
   only network protection and the systemic risks that arise from
   insufficient internal validation.  Once the network perimeter is
   bypassed, the absence of internal protection mechanisms facilitates
   rapid lateral movement, impersonation of network entities, and
   interference with critical control and management functions.  The
   document argues that Zero Trust (ZT) principles, which mandate
   continuous, dynamic verification of all entities and communications
   regardless of network location, are necessary to address contemporary
   threat models.  Deploying ZT-aligned network protection mechanisms
   beyond the network edge is essential to build resilient,
   controllable, and trustworthy networks.


Best regards
Xueting 


lixt2@foxmail.com
 
发件人： Aijun Wang
发送时间： 2025-12-31 09:58
收件人： 'Xueting Li'
主题： FW: [saag] Interests on Initiating the standardization work related to "Zero Trust"?
 
 
From: forwardingalgorithm@ietf.org [mailto:forwardingalgorithm@ietf.org] On Behalf Of Aijun Wang
Sent: Wednesday, December 17, 2025 9:51 AM
To: saag@ietf.org
Cc: 'Benfeng Chen' <benfeng@gmail.com>; 'Erik Johnson' <ejohnson@cloudsecurityalliance.org>; uri@ll.mit.edu; six1@chinatelecom.cn; liux15@pcl.ac.cn; 'Hillary Baron' <hbaron@cloudsecurityalliance.org>; 'Aijun Wang' <wangaj3@chinatelecom.cn>
Subject: [saag] Interests on Initiating the standardization work related to "Zero Trust"?
 
Hi, All:
 
As someone may be aware, that we have held two side meetings regards to the topics about “zero trust” in the past IETF 123 and 124 meetings
In these side meetings, we discussed mainly the problem statements regarding to the “zero trust” and some potential solutions.
 
Now, we want to seek more feedbacks, or interests on this topic, and plan to organize another side meeting, or if possible, one non-wg forming BoF in the coming IETF 125 meetings.
 
Then, if you have interests on this topic, and would like to contribute your thoughts, please feel free to express your supports.
If you have any question on this direction, you can comment also along this threads.
 
We will ask our ADs to build one dedicated mail list for further/deeper discussions, if there are enough interests on this topic.(After the coming Christmas Holiday)
 
Now, we are collaborate with the “Zero Trust” working group (Zero Trust Working Group | CSA - Cloud Security Alliance) in CSA to forward this activities. 
 
Best Regards
 
Aijun Wang
China Telecom