[Secdispatch] Secure routing email list presentation
Meiling Chen <chenmeiling@chinamobile.com> Fri, 11 November 2022 01:21 UTC
Return-Path: <chenmeiling@chinamobile.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDB13C1524C0 for <secdispatch@ietfa.amsl.com>; Thu, 10 Nov 2022 17:21:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wU0-ntrWo7ll for <secdispatch@ietfa.amsl.com>; Thu, 10 Nov 2022 17:21:14 -0800 (PST)
Received: from cmccmta3.chinamobile.com (cmccmta3.chinamobile.com [221.176.66.81]) by ietfa.amsl.com (Postfix) with ESMTP id DE73FC14F721 for <secdispatch@ietf.org>; Thu, 10 Nov 2022 17:21:13 -0800 (PST)
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from spf.mail.chinamobile.com (unknown[172.16.121.7]) by rmmx-syy-dmz-app09-12009 (RichMail) with SMTP id 2ee9636da387f99-6523d; Fri, 11 Nov 2022 09:21:11 +0800 (CST)
X-RM-TRANSID: 2ee9636da387f99-6523d
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from cmcc-PC (unknown[120.244.166.139]) by rmsmtp-syy-appsvr04-12004 (RichMail) with SMTP id 2ee4636da385c81-08d33; Fri, 11 Nov 2022 09:21:11 +0800 (CST)
X-RM-TRANSID: 2ee4636da385c81-08d33
Date: Fri, 11 Nov 2022 09:21:11 +0800
From: Meiling Chen <chenmeiling@chinamobile.com>
To: secdispatch <secdispatch@ietf.org>
Cc: suli <suli@chinamobile.com>
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7.2.9.115[cn]
Mime-Version: 1.0
Message-ID: <2022111109211027963432@chinamobile.com>
Content-Type: multipart/alternative; boundary="----=_001_NextPart567871210186_=----"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/hk4I6lHGq4NgJVQnPr4IfBhlI3k>
Subject: [Secdispatch] Secure routing email list presentation
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Nov 2022 01:21:19 -0000
Hi all, I'm sorry I missed the time of the presentation. Please allow me to show it through the mailing list. 1.What does secure routing do? Provide security services for user link transmission. 2.Why secure routing is required? To network operators: provide users with differentiated security capabilities/services. Network defense, reduce malicious users' attacks on the network. To users: select the network path according to the business security requirements. 3.Why can't the existing technology do Secure Routing? The management and use of existing security devices are separated from the IP network; Network routing strategy is independent of security; 4.What security capabilities are provided? Anti-DDoS IPS IDS ... According to the IPDRR model to classify the capabilities of existing security products into 23 security capability categories. https://datatracker.ietf.org/doc/draft-chen-atomized-security-functions/ 5.What to do for Secure Routing Get the node's security capability information Form routing path according to user security requirements Issue the routing path, which is implemented through routing programming 6.How to get node’s security capabilities? Extended BGP-LS(RFC7752) protocol to carry the security capabilities of the node by Type Node, Link, Prefix. 7.To provide external security services, we need a complete set of processes, step 1: collect the nodes security capabilities step 2: initial configuration on security devices step 3: distribute routing path Then when an attack occurs, security defense can be triggered 8. What to do next? Secure routing is a implementation of built in security which is our most important direction. For this topic has no suitable WG in the Security Area, Whether a new working group can be formed? What should we do? This topic needs more discussion. Your suggestions are very important, Please feel free to comment. Best, Meiling
- [Secdispatch] Secure routing email list presentat… Meiling Chen