Re: [I2nsf] questions about draft-hares-i2nsf-ssls
Robert Moskowitz <rgm-ietf@htt-consult.com> Fri, 14 July 2017 05:18 UTC
Return-Path: <rgm-ietf@htt-consult.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCB86126D05 for <i2nsf@ietfa.amsl.com>; Thu, 13 Jul 2017 22:18:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JRxksxldneFD for <i2nsf@ietfa.amsl.com>; Thu, 13 Jul 2017 22:18:35 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C976127337 for <i2nsf@ietf.org>; Thu, 13 Jul 2017 22:18:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 99837622A9; Fri, 14 Jul 2017 01:18:34 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id BlBXq4xnY-SI; Fri, 14 Jul 2017 01:18:24 -0400 (EDT)
Received: from lx120e.htt-consult.com (unknown [178.15.151.241]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 15AC5622A2; Fri, 14 Jul 2017 01:18:20 -0400 (EDT)
To: Linda Dunbar <linda.dunbar@huawei.com>, "shares@ndzh.com" <shares@ndzh.com>, "rgm@htt-consult.com" <rgm@htt-consult.com>, "i2nsf@ietf.org" <i2nsf@ietf.org>
References: <4A95BA014132FF49AE685FAB4B9F17F6593FC563@SJCEML702-CHM.china.huawei.com>
From: Robert Moskowitz <rgm-ietf@htt-consult.com>
Message-ID: <0238a1e5-e6ad-00c4-70df-d5be07709230@htt-consult.com>
Date: Fri, 14 Jul 2017 07:18:14 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F6593FC563@SJCEML702-CHM.china.huawei.com>
Content-Type: multipart/alternative; boundary="------------B728073A961E686EC7D5CDD5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/-1JU5n_hLgH-9UbPdo-EpFdrnro>
Subject: Re: [I2nsf] questions about draft-hares-i2nsf-ssls
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jul 2017 05:18:39 -0000
Linda, One of the drafts did not make it to the ID pub deadline. Sue will push that out when things open again. We split the actual SSLS spec separate from its I2NSF usage. See draft hares-ssls for the actual API. The new draft-hares-i2nsf-ssls calls out using SSLS between an I2NSF client and server. The I2NSF app calls the API to first use the SSLS control channel to establish the session parameters between C&S, then calls to the API just uses these established parameters to control how the session acts. So far, only HIP has been defined as a control channel. Others are possible. The SSLS works with whatever transport service (TCP, UDP, SMS, CAN FD, etc.) available. The transport decision is made by the session service based on what it determines is available and workable. Bob On 07/14/2017 12:23 AM, Linda Dunbar wrote: > > Sue and Robert, > > When you say “..DDoS attack to I2NSF agent”, do you mean the entity > (such as the Admin) that issues policies to the Controller is under > DDoS attack? > > Each I2NSF agent and I2NSF client needs to provide application level > > support for management traffic during periods of DDoS and network > > security attacks to deal with congestion (burst and/or continuous), > > high error rates and packet loss due to the attacks, and the > > inability to utilize a transport protocol (E.g. TCP) due to a > > specific protocol attack. > > Are the SSLs in your draft refer to the SSL between I2NSF client and > agent? > > When you say APIs to application, who is issuing the APIs and who is > receiving the APIs? > > Thank you very much. > > Linda Dunbar > > > > _______________________________________________ > I2nsf mailing list > I2nsf@ietf.org > https://www.ietf.org/mailman/listinfo/i2nsf
- [I2nsf] questions about draft-hares-i2nsf-ssls Linda Dunbar
- Re: [I2nsf] questions about draft-hares-i2nsf-ssls Robert Moskowitz