IETF Logo Mail Archive

Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01

"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Fri, 21 October 2016 00:55 UTC

Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA8AF129451 for <i2nsf@ietfa.amsl.com>; Thu, 20 Oct 2016 17:55:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.689
X-Spam-Level:
X-Spam-Status: No, score=-2.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_HK_NAME_FM_MR_MRS=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u19ROEtu6n_V for <i2nsf@ietfa.amsl.com>; Thu, 20 Oct 2016 17:55:28 -0700 (PDT)
Received: from mail-yw0-x232.google.com (mail-yw0-x232.google.com [IPv6:2607:f8b0:4002:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40F3A127735 for <i2nsf@ietf.org>; Thu, 20 Oct 2016 17:55:28 -0700 (PDT)
Received: by mail-yw0-x232.google.com with SMTP id u124so77511476ywg.3 for <i2nsf@ietf.org>; Thu, 20 Oct 2016 17:55:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=atbqtt0gm1OFK7stNIaoBBVH2/PEBaHkQiHWwUBjqeo=; b=cIb+jSi7hxX73DcwLE0GFtvOzS2jx89L6zK7JJMy4XIoJ/m6MlzG+sy2O35A+Cx1QL 6Dnc5UlYPkczIBPR3LcAfG+Cz4dcM5YeuD85Fkq3dmupS0c6hJuRmKhy2QvwX5J4CJPU IAsFq8sVCW8TD4MthRQvQmPfZJcglvp/fgk7L5Sc9YLD59YRcT2GRVWMyCt4JrJqKCYr 9yvaEoGdFj0VEepz7SHmXGa/+x2W8aSLftCawY+l6eLTp6/J7Ust+AN8FG3agzyqwmPk Ec53hZu+wAwYLr9jsZIE/Nnk3W9Ttk/rkS94k6OevKsYYhQrpdjNua4wZ7wu3ic71pQv retg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=atbqtt0gm1OFK7stNIaoBBVH2/PEBaHkQiHWwUBjqeo=; b=UKnVljoavscCvloVJekLIIqSOl2dtlzB2cO7iLNioxd8RhPK8dlxYTYjBRF1RwB/9f faTxaH2uUPWgTbQdrOMqCUoGhAy0Rp79NsglEv5cmUMbb+ND9nJQ5BuVhkFlbkCQyPrs IrqGd3ZU/M43qDUlRHHan8j7oDj/bFirmh3U/vDEVJxYKJmigPr/xtnMFcSpRdbWxhDK 0dSw6dBxbFuMD2tKq393UisdbXXt+tUMjouUJoYGYzbiSLWZH+PyrkL609J/fH6XJZjD umpNXsfTITdqkBYRBIFUS8MXh7NUgTKHx9Dq1beo66sJyEBFaSf7718jF6RyfuzV+Teu h6bg==
X-Gm-Message-State: AA6/9RlISZCNbfblO8nNotTmD9o1q3Q0V4ChBqKfcqn6tSb5/k2ATVYPGHQaUKE+DMqBpfQ8TQZRjAEd4g1qxg==
X-Received: by 10.129.159.15 with SMTP id w15mr4870620ywg.240.1477011327347; Thu, 20 Oct 2016 17:55:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.165.18 with HTTP; Thu, 20 Oct 2016 17:54:56 -0700 (PDT)
In-Reply-To: <CAPK2Dezb0YMYwKwL6egygGwz8vMKC2iAxswrpgETM-YH9RowSA@mail.gmail.com>
References: <4A95BA014132FF49AE685FAB4B9F17F657F4EE78@dfweml501-mbb> <CAPK2Dezb0YMYwKwL6egygGwz8vMKC2iAxswrpgETM-YH9RowSA@mail.gmail.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Fri, 21 Oct 2016 09:54:56 +0900
Message-ID: <CAPK2Dey5_NTS+oum2u0E9bTAxYRFFbKCikogKYdbk4v1nUrAxg@mail.gmail.com>
To: Linda Dunbar <linda.dunbar@huawei.com>
Content-Type: multipart/related; boundary="94eb2c0bd9107f9ef0053f557fa1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/0WiGCChgL94o5KHTK9xSJsvCo6k>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>, "Prof. Hyoungshick Kim" <hyoung@skku.edu>, "Pauljeong@skku.edu" <Pauljeong@skku.edu>, skku_secu-brain_all@googlegroups.com
Subject: Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2016 00:55:31 -0000

Hi Linda,
Are you agreeing at merging our draft
(draft-kim-i2nsf-security-management-architecture-02)
into draft-ietf-i2nsf-framework-03?

Thanks.

Best Regards,
Paul

On Fri, Oct 7, 2016 at 5:32 AM, Mr. Jaehoon Paul Jeong <
jaehoon.paul@gmail.com> wrote:

> Hi Linda,
> As a coauthor of this draft, I will answer your questions inline below.
>
> On Wed, Oct 5, 2016 at 1:34 PM, Linda Dunbar <linda.dunbar@huawei.com>
> wrote:
>
>> Hyoungshick, et al,
>>
>>
>>
>> How would you position your draft-kim-i2nsf-security-management-architecture-01
>> with regard to the I2NSF framework draft? I find there are  a lot of
>> duplicated content to the I2nsf framework draft.
>>
>
>  [Paul] We would like to merge our draft into the i2nsf framework draft
>  because our draft has one depth more detailed architecture.
>  This detailed architecture will be helpful to implement the i2nsf
> framework.
>
>
>>
>> There are some differences,  such as the following: Are you trying to
>> define how “security policy” is structured?
>>
>>
>>
>>
>>
>  [Paul] Our architecture allows an NSF to update a low-level policy and
> apply it to the related high-level policy
>  via the control path of Security Controller and Policy Collector (renamed
> Event Collector in version 02) in Figure 1
>  of our version 02:
>  https://tools.ietf.org/html/draft-kim-i2nsf-security-
> management-architecture-02
>
>  For example, if an NSF of firewall detects a new DoS-attack host, it
> reports the updated blacklist having
>  the IP address of such a host to Application Logic in I2NSF Client via
> Security Controller and Event Collector.
>  Application Logic asks Policy Updater to disseminate the updated
> blacklist to the security controllers
>  under the administration of the same I2NSF Client.
>
>
>> Will the “High Level security management” eventually lead to Client
>> Facing Policy data models?
>>
>
>  [Paul] Yes, as explained above, the High-level security management leads
> to update and handle Client facing policy
>  data models.
>
>>
>>
>> Do you plan to define interfaces between all those components depicted in
>> Figure 1?  The interfaces between some of those components are not really
>> in the I2NSF WG current charter, such as “Security Policy Manager” <-> “NSF
>> Capability Manager”,  or the interface between “Application Logic” <->
>> “Policy Updater”.
>>
>
>  [Paul]  Yes, we have a plan to define such interfaces.
>
>
>>
>> Are those components in your current implementation? Is it like an
>> “example of one implementation”?
>>
>
>  [Paul] Though those components are not fully implemented yet in our
> implementation, my team at SKKU
>  will make implement those components in a later version.
>
>  Thanks for your clarification questions.
>
>  Best Regards,
>  Paul
>
>
>>
>>
>>
>>
>> Thanks, Linda
>>
>> _______________________________________________
>> I2nsf mailing list
>> I2nsf@ietf.org
>> https://www.ietf.org/mailman/listinfo/i2nsf
>>
>>
>
>
> --
> ===========================
> Mr. Jaehoon (Paul) Jeong, Ph.D.
> Assistant Professor
> Department of Software
> Sungkyunkwan University
> Office: +82-31-299-4957
> Email: jaehoon.paul@gmail.com, pauljeong@skku.edu
> Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php
> <http://cpslab.skku.edu/people-jaehoon-jeong.php>
>



-- 
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Assistant Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.paul@gmail.com, pauljeong@skku.edu
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php
<http://cpslab.skku.edu/people-jaehoon-jeong.php>

v2.23.0 | Report a Bug | By Email