Re: [I2nsf] Security for security :-)
Rakesh Kumar <rkkumar@juniper.net> Wed, 02 November 2016 19:06 UTC
Return-Path: <rkkumar@juniper.net>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F62F129B38; Wed, 2 Nov 2016 12:06:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.922
X-Spam-Level:
X-Spam-Status: No, score=-1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e-EuQrBhw4Eb; Wed, 2 Nov 2016 12:06:35 -0700 (PDT)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0138.outbound.protection.outlook.com [104.47.33.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E898212965F; Wed, 2 Nov 2016 12:06:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=SQgBmmOEbrP1pygagfZI4uIodwE7BewSpWsIDZUXzwc=; b=eWO6gyiQLQdP0LdrH7sL0Vy+8Y+aM6uV8NWDvzTKCFnQJ1rz6JAcifYgSh2wj+6vRmZ1CXcCfDI3nUvsU8lbfWJD1VwwUTeQSiTeT3aCAoyZf3f9FLFubzQtjtPWxWX2tKdMNtzfmTjdOFSWaI8xSvy+OHg/gFP+bv7ex6M6CiU=
Received: from BN6PR05MB2993.namprd05.prod.outlook.com (10.173.19.11) by BN6PR05MB2994.namprd05.prod.outlook.com (10.173.19.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.707.1; Wed, 2 Nov 2016 19:06:33 +0000
Received: from BN6PR05MB2993.namprd05.prod.outlook.com ([10.173.19.11]) by BN6PR05MB2993.namprd05.prod.outlook.com ([10.173.19.11]) with mapi id 15.01.0707.004; Wed, 2 Nov 2016 19:06:33 +0000
From: Rakesh Kumar <rkkumar@juniper.net>
To: "adrian@olddog.co.uk" <adrian@olddog.co.uk>, "draft-ietf-i2nsf-client-facing-interface-req@ietf.org" <draft-ietf-i2nsf-client-facing-interface-req@ietf.org>
Thread-Topic: Security for security :-)
Thread-Index: AdI1N2i4NdJUSmpiRyWyIkeloKXESv//lEgA
Date: Wed, 02 Nov 2016 19:06:33 +0000
Message-ID: <9428040C-A137-4B44-BDFA-B84BCFCA104A@juniper.net>
References: <047701d23537$983f89e0$c8be9da0$@olddog.co.uk>
In-Reply-To: <047701d23537$983f89e0$c8be9da0$@olddog.co.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.18.0.160709
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rkkumar@juniper.net;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [73.241.94.21]
x-ms-office365-filtering-correlation-id: 885ec919-ed25-46b3-05de-08d403535c4f
x-microsoft-exchange-diagnostics: 1; BN6PR05MB2994; 7:KYKUhx6REyheO6hPQ913CaHLKLlqZQPcRsZZkMMpo9FqPtC+fsX7PzoNIduw6AlxTsTvJs3VW08rYrAWHEycmhPsc7j6+4AJounTOARYRt6JM4Klnq3eiaJ1NtV12d/Ml+jGPoIw66gG9bFRi68NgkgFOy0Eih419/inn65U6xjvHkNTogcyjAO6jbHePKn6KV25RhUQIinSZijAiVHInTQcDIvwPJvQIoQ+Lc3xF765B0jvx+nRTwUtbTDBGUDisgoAdZGz3sQMyiNa6bx2VRn4XfBaPv1Dy5yqWmJdYkyzJ41Nyeuj8wPiRd9CRsoePRMd51i3wBy72dMqlgLSX8iumbmaF3Fv/G0sikLETGY=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN6PR05MB2994;
x-microsoft-antispam-prvs: <BN6PR05MB299419C36BA12A61D34AE084ADA00@BN6PR05MB2994.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(185440541693429)(146755900322472);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:BN6PR05MB2994; BCL:0; PCL:0; RULEID:; SRVR:BN6PR05MB2994;
x-forefront-prvs: 0114FF88F6
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(24454002)(377454003)(199003)(189002)(3660700001)(3280700002)(81166006)(122556002)(15650500001)(2900100001)(81156014)(105586002)(99286002)(83506001)(77096005)(106356001)(15975445007)(92566002)(7110500001)(189998001)(5001770100001)(8676002)(87936001)(2420400007)(11100500001)(97736004)(68736007)(4001350100001)(1720100001)(3846002)(6116002)(83716003)(4326007)(2501003)(8936002)(5002640100001)(2906002)(2950100002)(5660300001)(86362001)(36756003)(102836003)(7846002)(7116003)(586003)(305945005)(82746002)(3480700004)(33656002)(76176999)(54356999)(10400500002)(50986999)(101416001)(66066001)(7736002)(19580405001)(19580395003)(10710500007)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR05MB2994; H:BN6PR05MB2993.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <BAAE161C01E1D2408752C3DA3009109F@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Nov 2016 19:06:33.0613 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR05MB2994
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/2IL2MqBQtppzRoDIimVed9ls930>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>
Subject: Re: [I2nsf] Security for security :-)
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2016 19:06:37 -0000
Hi Adrian, Thanks for pointing this out. We will look into this and make changes. Regards, Rakesh On 11/2/16, 11:33 AM, "Adrian Farrel" <adrian@olddog.co.uk> wrote: Hi, Looking at draft-ietf-i2nsf-client-facing-interface-req I think it may be lacking some discussion of security for the interface itself. I think sections 4.2 through 4.5 cover some of this. But maybe there should also be something in section 5? A really good prompt for things you might need to cover is RFC 3552. Have a look and see whether it causes any ideas. Additionally, you will require a "Security Considerations" section. *if* you have everything covered elsewhere this section can be a summary of issues and resolutions complete with pointers to the relevant sections. Thanks! Adrian -- Support an author and your imagination. Tales from the Wood - Eighteen new fairy tales. More Tales from the Wood - Eighteen MORE new fairy tales. https://www.feedaread.com/profiles/8604/ http://www.amazon.co.uk/Tales-Wood-Adrian-Farrel/dp/1786100924 Or buy from me direct.
- [I2nsf] Security for security :-) Adrian Farrel
- Re: [I2nsf] Security for security :-) Rakesh Kumar