Re: [Teas-ns-dt] Security, and especially encryption.
Jeff Tantsura <jefftant.ietf@gmail.com> Thu, 14 May 2020 20:42 UTC
Return-Path: <jefftant.ietf@gmail.com>
X-Original-To: teas-ns-dt@ietfa.amsl.com
Delivered-To: teas-ns-dt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B16173A08BB for <teas-ns-dt@ietfa.amsl.com>; Thu, 14 May 2020 13:42:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vI18OW1gNJcN for <teas-ns-dt@ietfa.amsl.com>; Thu, 14 May 2020 13:42:27 -0700 (PDT)
Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49FCA3A08BA for <teas-ns-dt@ietf.org>; Thu, 14 May 2020 13:42:27 -0700 (PDT)
Received: by mail-pl1-x634.google.com with SMTP id b8so1655417plm.11 for <teas-ns-dt@ietf.org>; Thu, 14 May 2020 13:42:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:message-id:in-reply-to:references:subject :mime-version; bh=X4+7vj+ndv4Y/4q1in5SSm+jOqbrmE75x4HWOoNdcME=; b=EOrPeNswhoITDZKlcLDPzehqKF9yy6yM6Rwy5LHKjj1uocjjA9v+qeJZLOWhur87HC 8MqQ8/2kPSztk4UhcknqmfmgComPyWGZk5nQsk8gIvmmRRh9kxLajLHYeB2ggLuitBu9 cGsCCWDSv7NSOAMoHDoA78rWWxHn/m/FOglstPn0Y893Lu3rCJbgpKVfjPyDikED3Cpg okQ2yn/KnBWpbRaAj+fCiJCRJOFSwJ9WAu2XNmHGH3dZIlZCS5V37t6vOuv0XKVq6yND IbAjfggBMsp/odL40phnMbdbOEt5NyxdGndAkuew4DykzpIa1i0HTk9Vz5YmvJzaT0pp vpow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:message-id:in-reply-to :references:subject:mime-version; bh=X4+7vj+ndv4Y/4q1in5SSm+jOqbrmE75x4HWOoNdcME=; b=FHkvbtKY0EV92M/kQWlhwnyY/f+pUmDqrLsDWyVdCNpjYWXUaJKarhFoDnD9SJMpxO 1QOifXJW4jvS4o9/SfMT/z2Om5Vbc6XMTytFAdEWgQfUoWjvvgv1OkhRrj+Y2BJxy5vC kfj1uIIiDB37gJhJCse069tXG0P1mUWYvoSe3zYJ5kmjdf+anUNmJcJpeEpg8OtIiBvZ 3wdu9Lx8F870hpy+04SC9+TGFnz3XfIn49GR1JOlOa6tnTMPfOFMsKIC0BppVDKiUf2i EsrBRg440nTPt1ZxHnIwr932rvSiqjw61H3Lfh10kYVojMdSBZm0IR+cAOE61ezxEagR sM2g==
X-Gm-Message-State: AOAM531/hpTocSkhb4uaAPjRtmw/G0J/S1Am5Vh+ljpgoABi/v3Pe9Dq lynKYcSYt7+9xhl6dCe1dU0=
X-Google-Smtp-Source: ABdhPJzh2KAkur5bGziyFm7EeB7C9toVIjqwDy9x2oOWZi3gEYeDIocr2JKAP5DDjZsBNgoXE1euHQ==
X-Received: by 2002:a17:90a:c795:: with SMTP id gn21mr4713266pjb.226.1589488946557; Thu, 14 May 2020 13:42:26 -0700 (PDT)
Received: from [192.168.1.4] (c-73-63-232-212.hsd1.ca.comcast.net. [73.63.232.212]) by smtp.gmail.com with ESMTPSA id y186sm78979pfy.66.2020.05.14.13.42.25 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 14 May 2020 13:42:25 -0700 (PDT)
Date: Thu, 14 May 2020 13:42:19 -0700
From: Jeff Tantsura <jefftant.ietf@gmail.com>
To: Eric Gray <eric.gray@ericsson.com>
Cc: "teas-ns-dt@ietf.org" <teas-ns-dt@ietf.org>
Message-ID: <f2c245ce-a455-4348-a722-84471b0534fa@Spark>
In-Reply-To: <MN2PR15MB3103B30D3D80626371C241B497BC0@MN2PR15MB3103.namprd15.prod.outlook.com>
References: <MN2PR15MB3103B30D3D80626371C241B497BC0@MN2PR15MB3103.namprd15.prod.outlook.com>
X-Readdle-Message-ID: f2c245ce-a455-4348-a722-84471b0534fa@Spark
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="5ebdad30_dcdf8f6_658"
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas-ns-dt/flHCPR3DJ2hhtwImymTwGHaalPQ>
Subject: Re: [Teas-ns-dt] Security, and especially encryption.
X-BeenThere: teas-ns-dt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TEAS Network Slicing Design Team <teas-ns-dt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas-ns-dt>, <mailto:teas-ns-dt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas-ns-dt/>
List-Post: <mailto:teas-ns-dt@ietf.org>
List-Help: <mailto:teas-ns-dt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas-ns-dt>, <mailto:teas-ns-dt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 May 2020 20:42:31 -0000
Eric, Users are not just asking “random stuff”, end2end encryption is a basic feature of a SSLA (secure SLA). This is not about user observability (user can’t observe disjoined paths or similar features either) but a capability of expressing particular logic in an NBI and ability of the provider to deliver it, there’s also no “confidence factor” it is binary, the service is either provided or it is not. The service (TS in our case) as defined by a provider and as consumed by a consumer is a combination (logical AND) of a set of features, all of which has to be true is order for the service fulfillment to be successful. Provider “doesn’t just want” to provide encryption as a service (it costs in OPEX and CAPEX) it is a value add service that could be delivered to a consumer as a distinct advantage ( in a competitive market) or against additional payment. Note - end2end encryption for compliance reasons (e.g PCI, HIPAA, similar) if required is not optional Cheers, Jeff On May 14, 2020, 10:42 AM -0700, Eric Gray <eric.gray@ericsson.com>, wrote: > Jeff, > > I agree that a user may ask (or, if they are big enough, insist) that a provider encrypts their data. > > However, as I said during the meeting, either a user encrypts their own data, or they have no way to determine that it is not encrypted – other than through some failure scenario where their data appears (in unencrypted form, or “plain text”) somewhere where it should not have. > > If we allow that “detection” of non-performance on some service objective may occur in any failure scenario, then we cannot immediately distinguish the case where the provider intended to meet the criteria and the mechanism used (e.g. – encryption) failed, from a case where the provider did not take any steps to meet the criteria (again, encryption of the data) and this was only discoverable as a result of some other uncommon failure (e.g. - the unencrypted data was intercepted by some third party, or was stored in unencrypted format in some location which was subsequently accessed by an unauthorized entity). > > If the data is “leaked” in unencrypted form in some extremely uncommon cases, it is not actually possible to determine if that was because it was never encrypted, or if it was only exceptionally unencrypted. > > In this sense, a user requesting encryption is essentially saying “if the service can do so, I would like my data encrypted.” That is, while I agree that we may want to include this as a parameter in the NBI (I suggest that is a bad idea), it would be unenforceable (except via legal recourse, and auditing). > > And it is not actually the best way to represent what the customer really wants. > > It is far more useful for the consumer to indicate their preference that their data is protected (in some way), with some degree of confidence (up to and including 100%) from exposure to unauthorized parties. > > As a separate, out of scope in this work, issue – legal documents (e.g. – an SLA) may explicitly stipulate remedies and recourses. IETF does not specify these > > Many providers may find it simply easier to allow customers to request their data is encrypted – especially if their network equipment includes the capability at a relatively low cost (e.g. – no perceptible impact on traffic handling). But that does not mean this is the only (or even necessarily the best) way to provide the data protection that a user requested. > > Encryption, by the way, does not (by itself) ensure that a customer’s data is completely protected (which is another reason for the customers to ask for what they really want), because – if the provider is doing the encryption and decryption themselves, there are two (or more) points at which the data exists in the provider’s network equipment in an unencrypted form. > > Note that – if a provider really wants to use encryption to meet the data protection requirement – there is actually no reason why a “higher layer” controller cannot translate a request for data protection at some (possibly variable) level of confidence into an explicit request to an NBI. > > Another reason to list this as distinct “protection” and “confidence” factors (as opposed to a simple “encrypt my data” factor) is that additional degrees of confidence are achievable. For instance, a provider might choose to deploy a more expensive device on a customer’s premises that does whatever it is that the provider chooses to use for protecting the customer’s data (e.g. – encryption) using a platform that is explicitly hardened against unauthorized access and/or hacking (possibly using more sophisticated algorithms). > > As it is, the current “Security” objective conflates multiple security aspects – of which data protection is but one. > > -- > Eric
- [Teas-ns-dt] Security, and especially encryption. Eric Gray
- Re: [Teas-ns-dt] Security, and especially encrypt… Jeff Tantsura
- Re: [Teas-ns-dt] Security, and especially encrypt… Eric Gray
- Re: [Teas-ns-dt] Security, and especially encrypt… Jeff Tantsura