Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01
"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Fri, 21 October 2016 00:55 UTC
Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA8AF129451 for <i2nsf@ietfa.amsl.com>; Thu, 20 Oct 2016 17:55:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.689
X-Spam-Level:
X-Spam-Status: No, score=-2.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_HK_NAME_FM_MR_MRS=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u19ROEtu6n_V for <i2nsf@ietfa.amsl.com>; Thu, 20 Oct 2016 17:55:28 -0700 (PDT)
Received: from mail-yw0-x232.google.com (mail-yw0-x232.google.com [IPv6:2607:f8b0:4002:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40F3A127735 for <i2nsf@ietf.org>; Thu, 20 Oct 2016 17:55:28 -0700 (PDT)
Received: by mail-yw0-x232.google.com with SMTP id u124so77511476ywg.3 for <i2nsf@ietf.org>; Thu, 20 Oct 2016 17:55:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=atbqtt0gm1OFK7stNIaoBBVH2/PEBaHkQiHWwUBjqeo=; b=cIb+jSi7hxX73DcwLE0GFtvOzS2jx89L6zK7JJMy4XIoJ/m6MlzG+sy2O35A+Cx1QL 6Dnc5UlYPkczIBPR3LcAfG+Cz4dcM5YeuD85Fkq3dmupS0c6hJuRmKhy2QvwX5J4CJPU IAsFq8sVCW8TD4MthRQvQmPfZJcglvp/fgk7L5Sc9YLD59YRcT2GRVWMyCt4JrJqKCYr 9yvaEoGdFj0VEepz7SHmXGa/+x2W8aSLftCawY+l6eLTp6/J7Ust+AN8FG3agzyqwmPk Ec53hZu+wAwYLr9jsZIE/Nnk3W9Ttk/rkS94k6OevKsYYhQrpdjNua4wZ7wu3ic71pQv retg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=atbqtt0gm1OFK7stNIaoBBVH2/PEBaHkQiHWwUBjqeo=; b=UKnVljoavscCvloVJekLIIqSOl2dtlzB2cO7iLNioxd8RhPK8dlxYTYjBRF1RwB/9f faTxaH2uUPWgTbQdrOMqCUoGhAy0Rp79NsglEv5cmUMbb+ND9nJQ5BuVhkFlbkCQyPrs IrqGd3ZU/M43qDUlRHHan8j7oDj/bFirmh3U/vDEVJxYKJmigPr/xtnMFcSpRdbWxhDK 0dSw6dBxbFuMD2tKq393UisdbXXt+tUMjouUJoYGYzbiSLWZH+PyrkL609J/fH6XJZjD umpNXsfTITdqkBYRBIFUS8MXh7NUgTKHx9Dq1beo66sJyEBFaSf7718jF6RyfuzV+Teu h6bg==
X-Gm-Message-State: AA6/9RlISZCNbfblO8nNotTmD9o1q3Q0V4ChBqKfcqn6tSb5/k2ATVYPGHQaUKE+DMqBpfQ8TQZRjAEd4g1qxg==
X-Received: by 10.129.159.15 with SMTP id w15mr4870620ywg.240.1477011327347; Thu, 20 Oct 2016 17:55:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.165.18 with HTTP; Thu, 20 Oct 2016 17:54:56 -0700 (PDT)
In-Reply-To: <CAPK2Dezb0YMYwKwL6egygGwz8vMKC2iAxswrpgETM-YH9RowSA@mail.gmail.com>
References: <4A95BA014132FF49AE685FAB4B9F17F657F4EE78@dfweml501-mbb> <CAPK2Dezb0YMYwKwL6egygGwz8vMKC2iAxswrpgETM-YH9RowSA@mail.gmail.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Fri, 21 Oct 2016 09:54:56 +0900
Message-ID: <CAPK2Dey5_NTS+oum2u0E9bTAxYRFFbKCikogKYdbk4v1nUrAxg@mail.gmail.com>
To: Linda Dunbar <linda.dunbar@huawei.com>
Content-Type: multipart/related; boundary="94eb2c0bd9107f9ef0053f557fa1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/0WiGCChgL94o5KHTK9xSJsvCo6k>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>, "Prof. Hyoungshick Kim" <hyoung@skku.edu>, "Pauljeong@skku.edu" <Pauljeong@skku.edu>, skku_secu-brain_all@googlegroups.com
Subject: Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2016 00:55:31 -0000
Hi Linda, Are you agreeing at merging our draft (draft-kim-i2nsf-security-management-architecture-02) into draft-ietf-i2nsf-framework-03? Thanks. Best Regards, Paul On Fri, Oct 7, 2016 at 5:32 AM, Mr. Jaehoon Paul Jeong < jaehoon.paul@gmail.com> wrote: > Hi Linda, > As a coauthor of this draft, I will answer your questions inline below. > > On Wed, Oct 5, 2016 at 1:34 PM, Linda Dunbar <linda.dunbar@huawei.com> > wrote: > >> Hyoungshick, et al, >> >> >> >> How would you position your draft-kim-i2nsf-security-management-architecture-01 >> with regard to the I2NSF framework draft? I find there are a lot of >> duplicated content to the I2nsf framework draft. >> > > [Paul] We would like to merge our draft into the i2nsf framework draft > because our draft has one depth more detailed architecture. > This detailed architecture will be helpful to implement the i2nsf > framework. > > >> >> There are some differences, such as the following: Are you trying to >> define how “security policy” is structured? >> >> >> >> >> > [Paul] Our architecture allows an NSF to update a low-level policy and > apply it to the related high-level policy > via the control path of Security Controller and Policy Collector (renamed > Event Collector in version 02) in Figure 1 > of our version 02: > https://tools.ietf.org/html/draft-kim-i2nsf-security- > management-architecture-02 > > For example, if an NSF of firewall detects a new DoS-attack host, it > reports the updated blacklist having > the IP address of such a host to Application Logic in I2NSF Client via > Security Controller and Event Collector. > Application Logic asks Policy Updater to disseminate the updated > blacklist to the security controllers > under the administration of the same I2NSF Client. > > >> Will the “High Level security management” eventually lead to Client >> Facing Policy data models? >> > > [Paul] Yes, as explained above, the High-level security management leads > to update and handle Client facing policy > data models. > >> >> >> Do you plan to define interfaces between all those components depicted in >> Figure 1? The interfaces between some of those components are not really >> in the I2NSF WG current charter, such as “Security Policy Manager” <-> “NSF >> Capability Manager”, or the interface between “Application Logic” <-> >> “Policy Updater”. >> > > [Paul] Yes, we have a plan to define such interfaces. > > >> >> Are those components in your current implementation? Is it like an >> “example of one implementation”? >> > > [Paul] Though those components are not fully implemented yet in our > implementation, my team at SKKU > will make implement those components in a later version. > > Thanks for your clarification questions. > > Best Regards, > Paul > > >> >> >> >> >> Thanks, Linda >> >> _______________________________________________ >> I2nsf mailing list >> I2nsf@ietf.org >> https://www.ietf.org/mailman/listinfo/i2nsf >> >> > > > -- > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Assistant Professor > Department of Software > Sungkyunkwan University > Office: +82-31-299-4957 > Email: jaehoon.paul@gmail.com, pauljeong@skku.edu > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <http://cpslab.skku.edu/people-jaehoon-jeong.php> > -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Assistant Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: jaehoon.paul@gmail.com, pauljeong@skku.edu Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
- [I2nsf] questions about draft-kim-i2nsf-security-… Linda Dunbar
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Linda Dunbar
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Diego R. Lopez
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Rakesh Kumar
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Mr. Jaehoon Paul Jeong