IETF Logo Mail Archive

Re: [I2nsf] AD Review of draft-ietf-i2nsf-capability-data-model-05

"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Wed, 13 May 2020 01:14 UTC

Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 741523A0AE0 for <i2nsf@ietfa.amsl.com>; Tue, 12 May 2020 18:14:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HK_NAME_FM_MR_MRS=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oTJBLkhEzftb for <i2nsf@ietfa.amsl.com>; Tue, 12 May 2020 18:14:46 -0700 (PDT)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 173763A0ADD for <i2nsf@ietf.org>; Tue, 12 May 2020 18:14:46 -0700 (PDT)
Received: by mail-lj1-x22c.google.com with SMTP id g1so9923419ljk.7 for <i2nsf@ietf.org>; Tue, 12 May 2020 18:14:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=oUB9GjVPRE+JuIEZY6cLDQaxVKrZSh1X+72z1D0BwMk=; b=g/DJJ+XRrsaEwH5YPzWzucHjcVd3Afj3ReyyLDPDU6jQC5tul/FcXb+CEerlGOpXoS djqmMbZFWJW1lUOL9rn49D+WgMaVYpvXIGPhLTUBG5UHHpkdGnD1amnufzhn6+NLjY9e qxvf1nW7l46E+m0UFZXF5iBOpp3UAKOPWvdvX/p85SL441VNXSWPfiDBZvDhH+28Hu9R a/IMz+6LbYth/hLRqlZjmjkuOTlOdIwvmsiR458MS4IBWPkvju8vtIDG8oWOb2SlnqHD pAb7Vq9C5Ki5NDjfW/xt+NTNmqgEwx6g9Q1ix5XajXDJy4itQK3Te3hO3PrzN9Vfd1mh QWOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=oUB9GjVPRE+JuIEZY6cLDQaxVKrZSh1X+72z1D0BwMk=; b=lhYT65Dn7GPOeVBa0ucaq2ZN3d5xHzUkkacHJ1j0lxsNcveRZcd2f3pywd0lU0LJhi c8aG9jvDe2zx617dEhTsLEg9M6G+rkLPPJJdVtgjQy/3n9sCoBK8S+8GLUMseFtak+8v S2AsGQOwBai0kuSl1paWClicvwb4fP3oxHCMhbGyxFuV/9tWSJF7MWIA+8ySS6zJUh4r mHEbHtnoAqlknfW5ep5EfsV9eEWdyd5RlGKLq/H1Y7cThV+YckH8mFITaQ/R3KJTjlrA XBsOAWApau4qvrALDdIxgneIxg3mucNWuJC9i9FVqBjJuDcsYDWz2mo8mzD8IfPkIO2v QRaw==
X-Gm-Message-State: AOAM531VhcAst/VQn92K4sl6lRSmPRb5ek1CbqoZJ0pNSG5sD6Dl8rQu Qamly7D6KxYdxjREbt3F85q6GZRN7r34Wkxb/hc=
X-Google-Smtp-Source: ABdhPJwY1ufLcbdktxsxTslUdcRktNsZjYRZgrc7DnGDxW9CeCu5nv62S4DUQ9oYnLPbcnBKtf6QnpP2CmyK9YBQ2cs=
X-Received: by 2002:a2e:8017:: with SMTP id j23mr14484328ljg.22.1589332484091; Tue, 12 May 2020 18:14:44 -0700 (PDT)
MIME-Version: 1.0
References: <475d6c2be4a7447dba48a4529451b72f@cert.org>
In-Reply-To: <475d6c2be4a7447dba48a4529451b72f@cert.org>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Wed, 13 May 2020 10:14:23 +0900
Message-ID: <CAPK2DezGsNg3PWwLdJ97uKNFie7ri=_CncmY7Y2yVtFxgPKSZQ@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Content-Type: multipart/alternative; boundary="00000000000024f45105a57d4e9f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/8-LhHJ1XiWFEmrQZTDpbacL7JgI>
Subject: Re: [I2nsf] AD Review of draft-ietf-i2nsf-capability-data-model-05
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2020 01:14:50 -0000

Hi Roman,
I will reflect your comments on the revision.

Thanks.

Best Regards,
Paul

On Wed, May 13, 2020 at 7:11 AM Roman Danyliw <rdd@cert.org> wrote:

> Hi!
>
> I conducted an AD review of draft-ietf-i2nsf-capability-data-model-05.
> Thanks for the work in getting this document written.  My most significant
> items are around aligning of the text in Section 4 with RFC8329 and the
> dependency on draft-dong-i2nsf-asf-config-01.  My detailed feedback is
> below.
>
> (1)     IDNits returned the following valid comment about references (many
> of the issue is noted were in the YANG module)
>   == Missing Reference: 'RFC3688' is mentioned on line 1764, but not
> defined
>
> (2)     Section 1.  Typo. s/[draft-ietf-i2nsf-capability]../
> [draft-ietf-i2nsf-capability]./
>
> (3)     Section 3.  Is there a reason to rely on two expired drafts for
> terminology -- [draft-ietf-i2nsf-terminology] and
> [draft-ietf-supa-generic-policy-info-model]?  In particular, couldn't
> RFC3444 provide the needed definitions of data and information models?
>
> (4)     Section 4.  I would have expected somewhere in this overview
> section an explicit enumeration of which I2NSF interfaces use this YANG
> module.
>
> (5)     Section 4.  Per "Figure 1 shows the capabilities of NSFs in I2NSF
> Framework."
> -- Thanks for reusing the diagram from RFC8329 and annotating it with more
> detail.  It helps connect the documents
> -- It wasn't clear to me where the "capabilities" are on the diagram
> -- Is all of the detail under the NSFs (i.e., E, C and A) needed in the
> diagram?  Text doesn't explain it or reference it.  If kept, it should be
> explained and E, C and A should be defined (i.e., saying these correspond
> to Event, Condition and Action)
>
> (6)     Global.  Editorial. Is there a reason to abbreviate "Mgmt" in
> "Developer's Mgmt System in the text?  Recommend s/Developer's Mgmt
> System/Developer's Management System/g
>
> (7)     Section 4.  Per "To register NSFs in this way, the Developer's
> Mgmt System utilizes this standardized capabilities YANG data model through
> its registration interface.", this confused me a bit.  Doesn't the
> Developer Management System use the model described in
> draft-ietf-i2nsf-registration-interface-dm for registration?
>
> (8)     Section 4.  Editorial. Per "... those security devices can be
> easily managed, ...", I might have used "more easily managed".
>
> (9)     Section 4.  Per "The use cases are described below.", where are
> those use cases described?  Is this text a reference to the "Configuration
> Examples" in Appendix A?
>
> (10)     Section 4.  Per "Note that the NSF-Facing Interface ... and the
> NSF Monitoring Interface is used to ...", does this text need additional
> precision based on the definitions in RFC8329.  Per RFC8329, the
> "NSF-Facing Interfaces" consists of the "NSF Operational and Administrative
> Interface" and a "Monitoring Interface". If draft-dong-i2nsf-asf-config is
> on the "Monitoring Interface", on which "sub-interface" of the "NSF-Facing
> Interface" does draft-ietf-i2nsf-nsf-facing-interface-dm belong?
>
> (11)     Figure 1.  Editorial Nit.  Is there are reason that the
> Registration interface has a bidirectional arrow between the network
> operator management system and the developer management system, but the
> there is no directionality on the consumer or NSF facing interface?
>
> (12)     Section 4.  The bulleted list under Figure 1 is helpful in
> describing Figure 1.  However, I'd recommend explicitly saying this is an
> example.  Explain the use case up front and then narrate the flow clearly
> delineating what is in and out of scope of I2NSF.  IMO, the text describes
> a number of internal processing functions which are in scope for
> standardization - please let me know if I'm reading it wrong.
>
> (13)    Section 4.  Per "If network manager wants to block malicious users
> with IPv6, the network manager sends the security policy rules to block the
> users to the Network Operator Mgmt System using I2NSF user ....", can you
> please clarify "malicious users with IPv6"; is the intent that the network
> manager is concerned about malicious IPv6 traffic?
>
> (14)    Section 4.  Bullet 1 under Figure 1.  Per "a web browser or a
> software", what's the difference between a browser and software?
>
> (15)    Section 4.  Editorial.  Per the second bullet under Figure 1, "If
> NSFs encounter the malicious packets, it is a tremendous burden for the
> network manager to apply the rule to block the malicious packets to NSFs
> one-by-one.  This problem can be resolved by managing the capabilities of
> NSFs.", delete this text.  It is a duplicate of what was stated in the
> first bullet.
>
> (16)    Section 4.  Per the paragraph, "If NSFs encounter the suspicious
> IPv4 packets, they can ask the Network Operator Mgmt System for information
> about the suspicious IPv4 packets in order to alter specific rules and/or
> configurations.  When the Network ...", how much of that signaling is in
> scope for I2NSF?
>
> (17)    Section 4.  Typo. s/suspiciou/suspicious/
>
> (18)    Section 5.1. Editorial.  s/The model includes NSF capabilities/The
> model describes NSF capabilities/
>
> (19)    Section 5.1. Editorial. "specify" is used twice in the sentence.
> OLD
> Time capabilities are used to specify the capabilities to specify when to
> execute the I2NSF policy rule.
> NEW
> Time capabilities are used to specify the capabilities which describe when
> to execute the I2NSF policy rule.
>
> (20)    Section 5.1. Editorial.  This sentence didn't parse for me.  The
> second contains duplicate text.
> OLD
> Event capabilities are used to specify capabilities how to trigger the
> evaluation of the condition clause of the I2NSF Policy Rule.  The defined
> event capabilities are defined as system event and system alarm.
> NEW
> Event capabilities are used to specify the capabilities that describe the
> event that would trigger the evaluation of the condition clause of the
> I2NSF Policy Rule.  The defined event capabilities are system event and
> system alarm.
>
> (21)    Section 5.1.  A number of capabilities note that they can be
> extended which is a helpful feature.  For example, "The condition
> capability can be extended according to specific vendor condition
> features."  However, where is the guidance on doing that?  Likewise, it
> might not be necessary to repeat this statement five times if the extension
> mechanism is the same.
>
> (22)    Section 5.1.  A number of the described capability types state
> that they are described in detail in draft-ietf-i2nsf-capability.  For
> example, "The condition capability is described in detail in
> [draft-ietf-i2nsf-capability]."  I had difficulty locating which specific
> section to review.  Also, for the default action capabilities, no described
> of "pass, drop .. mirror" was found in draft-ietf-i2nsf-capability.  Please
> provide a specific section number for the event, condition, action,
> resolution strategy and default action in draft-ietf-i2nsf-capability.
>
> (23)    Section 5.1.  Editorial.  These sentences didn't parse for me.
> OLD
> Action capabilities are used to specify capabilities of how to control and
> monitor aspects of flow-based NSFs when the event and condition clauses are
> satisfied.
> NEW
> Action capabilities are used to specify the capabilities that describe the
> control and monitoring aspects of flow-based NSFs when the event and
> condition clauses are satisfied.
>
> OLD
> Resolution strategy capabilities are used to specify capabilities of how
> to resolve conflicts that occur between the actions of the same or
> different policy rules that are matched and contained in this particular
> NSF.
> NEW
> Resolution strategy capabilities are used to specify the capabilities that
> describe conflicts that occur between the actions of the same or different
> policy rules that are matched and contained in this particular NSF.
>
> OLD
> Default action capabilities are used to specify capabilities of how to
> execute I2NSF policy rules when no rule matches a packet.
> NEW
> Default action capabilities are used to specify the capabilities that
> describe how to execute I2NSF policy rules when no rule matches a packet.
>
>
> (24)    Section 6.1.  Update the copyright date and revision date to be in
> 2020.
>
> (25)    Section 6.1.  Given that draft-ietf-i2nf-monitoring-data-model is
> referenced in the YANG model for event and system alarm, please make it a
> normative reference.
>
> (26)    Section 6.1. identity ingress/egress-action-capability.  I found
> draft-ietf-i2nsf-capability-04 to be an unexpected reference.  There is no
> mention of ingress or egress in that document.
>
> (27)    Section 6.1. identity pass, drop, reject, alert, mirror.  I found
> draft-ietf-i2nsf-capability-04 to be an unexpected reference.  There is no
> mention of pass, drop, reject, alert or mirror in that document.
>
> (28)    Section 6.1.  In the advanced-nsf-capability section, there are
> multiple normative references to draft-dong-i2nsf-asf-config-01, an
> expired, individual draft.  Additionally, Section 4 notes how it supports
> the advanced capabilities. This draft is a substantial portion of the YANG
> module added in -03.  What's the plan on resolving this dependency?
>
> (29)    Section 6.1. Typo. s/Funtion/Function/
>
> (30)    Section 6.1.  The list of references in generic-nsf-capabilities
> don't line up with those in the child leaflist(s).  For example, RFC 792 is
> mentioned in the top level reference list but not in any of the child
> leaflist (specifically not in leaf-list icmp-capability)
>
> (31)    Section 6.1. Typo. s/smae/same/
>
> (32)    Section 8.  A few clarifying updates to the template:
> OLD
> These data nodes may be considered sensitive or vulnerable in some network
> environments.  Write operations (e.g., edit-config) to these data nodes
> without proper protection can have a negative effect on network operations.
> ietf-i2nsf-capability: The attacker may provide incorrect information of
> the security capability of any target NSF by illegally modifying this.
>
> NEW
> These data nodes may be considered sensitive or vulnerable in some network
> environments.  Write operations to these data nodes could have a negative
> effect on network and security operations.
> ietf-i2nsf-capability: An attacker could alter the security capabilities
> associated with an NSF whereby disabling or enabling the evasion of
> security mitigations.
>
> OLD
> ietf-i2nsf-capability: The attacker may gather the security capability
> information of any target NSF and misuse the information for subsequent
> attacks.
> NEW
> ietf-i2nsf-capability: An attacker could gather the security capability
> information of any NSF and use this information to evade detection or
> filtering.
>
> Regards,
> Roman
>
> _______________________________________________
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
>


-- 
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Associate Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.paul@gmail.com, pauljeong@skku.edu
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php
<http://cpslab.skku.edu/people-jaehoon-jeong.php>

v2.23.0 | Report a Bug | By Email