IETF Logo Mail Archive

[Teas-ns-dt] Security, and especially encryption.

Eric Gray <eric.gray@ericsson.com> Thu, 14 May 2020 17:42 UTC

Return-Path: <eric.gray@ericsson.com>
X-Original-To: teas-ns-dt@ietfa.amsl.com
Delivered-To: teas-ns-dt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D60A3A0C98 for <teas-ns-dt@ietfa.amsl.com>; Thu, 14 May 2020 10:42:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.273
X-Spam-Level:
X-Spam-Status: No, score=-2.273 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.173, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V8NDK-TA-6aS for <teas-ns-dt@ietfa.amsl.com>; Thu, 14 May 2020 10:42:29 -0700 (PDT)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2052.outbound.protection.outlook.com [40.107.223.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16D943A0CB5 for <teas-ns-dt@ietf.org>; Thu, 14 May 2020 10:42:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A4/5jaqYIpA/RuBaJsyTlkawXOwt7DlxKd03KbI0lH9Y6+MM1KdlaoyakNgNUnPky8XRzstpKkCSVYFxLToaVCn1Pd7+Hu0Fkoe7bTpSjoAf1dLmzBfca5Aqu7lyIBxt+HrD+akpZmV1TAEcWX/WodWS+mo2kwKnabCRIxrSSI17MnsIffFMNwR1/ZrHZTmDux3MQ/okLVQbhNZhrplFzj3WC2ztFSf66sAZlS86du5LgEv5pLv7gvadeZQ3fsFiTZdwh9DLaA/ZG0VzLEM9siWQE9FrKDuZ5z3r+kHUtvUAqbbIHiqfMhN09aXTi6Y4hE4FNiL8ZgaYNzuEascVnw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=X077w1oI19Z22/8W0RZ/kJ/3zULeOtmaPQCYrUZnA2E=; b=N7HttN0WXhuLylH3L/Y2C03Fk3cRf0FETCuy6Fw7+UJl/W8icfhvSRG4YXJsOQ9tqzM3p/YiB3vnQrTH6SEEbWiqHRzeXc30FKXrFBj+tHkUlqesqhSpuyEH0wQOAo19u2nISxIgFqLg9RJh8/1E49w3rMPSqcSDtLyYOfaYWX/Yk5ZnsbSVYT9fRxZW3gytofr72UohuiWhNtKBKzWc1fLe2+JKyiUxsyDVe+jw2Xzz/0Kcyj+rGummCRTTiH5kC7wOXDlDkPGXfq/i+vNPO5nMwZzFW3lSTTI+sQ2lMloCx+uQEOpYV8ZexaaZjcPK54fHHZ3QQNfjixbgNhmyEg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=X077w1oI19Z22/8W0RZ/kJ/3zULeOtmaPQCYrUZnA2E=; b=HCybfiMTXET0nH4sM2lxlHa8u/VMdo+GwAEtPjSLJcuKdqydvE1k+gcwm5Aq8RxB5pAITrDYdcOcjwQhauAMm5T7HXJ+j9wRt/krI1rHtr0onbBVCFAlr3ESe+broB3WS1oBHdqUsjLV66oFW0VMlHeLUTWCmZJ6NwJC7spXck0=
Received: from MN2PR15MB3103.namprd15.prod.outlook.com (2603:10b6:208:f9::10) by MN2PR15MB3327.namprd15.prod.outlook.com (2603:10b6:208:fd::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.20; Thu, 14 May 2020 17:42:18 +0000
Received: from MN2PR15MB3103.namprd15.prod.outlook.com ([fe80::38fe:2984:60e3:3ad]) by MN2PR15MB3103.namprd15.prod.outlook.com ([fe80::38fe:2984:60e3:3ad%5]) with mapi id 15.20.3000.022; Thu, 14 May 2020 17:42:18 +0000
From: Eric Gray <eric.gray@ericsson.com>
To: 'Jeff Tantsura' <jefftant.ietf@gmail.com>
CC: "teas-ns-dt@ietf.org" <teas-ns-dt@ietf.org>
Thread-Topic: Security, and especially encryption.
Thread-Index: AdYqCWpezdtTl7i5RPW/3KCwm2A3FA==
Date: Thu, 14 May 2020 17:42:18 +0000
Message-ID: <MN2PR15MB3103B30D3D80626371C241B497BC0@MN2PR15MB3103.namprd15.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [129.192.79.10]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d63e7dae-767b-4725-3a5e-08d7f82e2630
x-ms-traffictypediagnostic: MN2PR15MB3327:
x-microsoft-antispam-prvs: <MN2PR15MB3327FBAC91F66A264AB18D5F97BC0@MN2PR15MB3327.namprd15.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 040359335D
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /+Z2FO0KOtjadr0HIdo/7J35t8xEc3s91RaWa6g9xBYzbP+io9Z/Yh7EHXZJmoLFwrr2BmhDm+TwTVR38Aikv4Q5V4ftRWFtlzYOumPjDTehoxXH2u1ZEq+2NFibogJHCnd0dHu+44ttMeyTxnZ4+gBT8wNkgbUe1mC3XCcjtmNXgvEzbC4t7yktcvO0+eTgocVurl7TGPETmZaueiw5DefNYL05Sdwftl5OEEttMdGQYcQ99icEOqpKNWEwOQNeJvZunKanDVCISBcSedIAF3D05yYtqWSmXvIYkIjwDXCEml9WlH22qGcbRtzfYUA5hGkTXybIZ2ygXp/f0X9aphjxxbv+Fd/ct5+9My7AmRhbeTL+TlKFyuCRcJG1crcCS++m1f6yt+wu80v2FO+YuZIUs8w7xdoC2vFQ159cOQR4/dHB+60vk7G1vpFJb7tS
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR15MB3103.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(346002)(366004)(396003)(136003)(39860400002)(2906002)(186003)(76116006)(66446008)(6916009)(86362001)(316002)(66946007)(66476007)(8676002)(64756008)(5660300002)(15650500001)(66556008)(71200400001)(8936002)(478600001)(4326008)(55016002)(26005)(33656002)(6506007)(52536014)(44832011)(9686003)(7696005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 8W2eLFJELdzoSkwhfkd+17Od6erq/J8pTlYlfZqlOMB+9kEBYDNw2dRXbluSxcIBrwndfKYWlhGvh7t/n7STJpd9DtGF1/dd+Rqm8NEgjeF6FDNir75BARCk4c6FKBGDbQYkCPBkmBfJQKmSPVJ3T7EN4aWdUkUyz7B2b416U7D/8kMoVZL5o23MpKWKYY4ZmMzH3A8G+XEUMvjjTHjwqcU7rR9Fe+F25sUZcO/t9CmIzZiPnKgM7Jd3lDF9ZL+pLgOntG0dHieQNa6gaEPEdiiygRA0CpE17P8435waD0rTkkEmIdIIxVnys7MxN16tERJd3MdCsVH1vv8JExnS8Fs2em/+Hrfy5s2a6A6EuEf9F7pxcJjNguRz+K4ZMJ/ffH0ksvQiYpQutEIoZdYNlAGIqX23cAqIEAUxKqw04S+kNjyGnx2l3VTmLhREK2uoW9nfTOboUuJE3/6ztlH/789aiSO70e/UJ/8fC7/V2gA=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR15MB3103B30D3D80626371C241B497BC0MN2PR15MB3103namp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d63e7dae-767b-4725-3a5e-08d7f82e2630
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 May 2020 17:42:18.8273 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pfP/QFORdxlDqL3SmbtukULB3nTQL8bBafCiQiJTf0XqI/PLKAnq9847l+/P08DETLm4k3OTjBWYPIsjGdifag==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR15MB3327
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas-ns-dt/JvtOJ9V2_WIb5vSTWTlPdhoQTv0>
Subject: [Teas-ns-dt] Security, and especially encryption.
X-BeenThere: teas-ns-dt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TEAS Network Slicing Design Team <teas-ns-dt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas-ns-dt>, <mailto:teas-ns-dt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas-ns-dt/>
List-Post: <mailto:teas-ns-dt@ietf.org>
List-Help: <mailto:teas-ns-dt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas-ns-dt>, <mailto:teas-ns-dt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 May 2020 17:42:39 -0000

Jeff,

I agree that a user may ask (or, if they are big enough, insist) that a provider encrypts their data.

However, as I said during the meeting, either a user encrypts their own data, or they have no way to determine that it is not encrypted - other than through some failure scenario where their data appears (in unencrypted form, or "plain text") somewhere where it should not have.

If we allow that "detection" of non-performance on some service objective may occur in any failure scenario, then we cannot immediately distinguish the case where the provider intended to meet the criteria and the mechanism used (e.g. - encryption) failed, from a case where the provider did not take any steps to meet the criteria (again, encryption of the data) and this was only discoverable as a result of some other uncommon failure (e.g. - the unencrypted data was intercepted by some third party, or was stored in unencrypted format in some location which was subsequently accessed by an unauthorized entity).

If the data is "leaked" in unencrypted form in some extremely uncommon cases, it is not actually possible to determine if that was because it was never encrypted, or if it was only exceptionally unencrypted.

In this sense, a user requesting encryption is essentially saying "if the service can do so, I would like my data encrypted."  That is, while I agree that we may want to include this as a parameter in the NBI (I suggest that is a bad idea), it would be unenforceable (except via legal recourse, and auditing).

And it is not actually the best way to represent what the customer really wants.

It is far more useful for the consumer to indicate their preference that their data is protected (in some way), with some degree of confidence (up to and including 100%) from exposure to unauthorized parties.

As a separate, out of scope in this work, issue - legal documents (e.g. - an SLA) may explicitly stipulate remedies and recourses.  IETF does not specify these

Many providers may find it simply easier to allow customers to request their data is encrypted - especially if their network equipment includes the capability at a relatively low cost (e.g. - no perceptible impact on traffic handling).  But that does not mean this is the only (or even necessarily the best) way to provide the data protection that a user requested.

Encryption, by the way, does not (by itself) ensure that a customer's data is completely protected (which is another reason for the customers to ask for what they really want), because - if the provider is doing the encryption and decryption themselves, there are two (or more) points at which the data exists in the provider's network equipment in an unencrypted form.

Note that - if a provider really wants to use encryption to meet the data protection requirement - there is actually no reason why a "higher layer" controller cannot translate a request for data protection at some (possibly variable) level of confidence into an explicit request to an NBI.

Another reason to list this as distinct "protection" and "confidence" factors (as opposed to a simple "encrypt my data" factor) is that additional degrees of confidence are achievable.  For instance, a provider  might choose to deploy a more expensive device on a customer's premises that does whatever it is that the provider chooses to use for protecting the customer's data (e.g. - encryption) using a platform that is explicitly hardened against unauthorized access and/or hacking (possibly using more sophisticated algorithms).

As it is, the current "Security" objective conflates multiple security aspects - of which data protection is but one.

--
Eric

v2.23.0 | Report a Bug | By Email