IETF Logo Mail Archive

Re: [I2nsf] comments about I2NSF framework draft://答复: Progress with draft-ietf-i2nsf-framework-05

Rakesh Kumar <rkkumar@juniper.net> Thu, 25 May 2017 20:15 UTC

Return-Path: <rkkumar@juniper.net>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 041C2129B36 for <i2nsf@ietfa.amsl.com>; Thu, 25 May 2017 13:15:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2RACGpsLMMQw for <i2nsf@ietfa.amsl.com>; Thu, 25 May 2017 13:15:03 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0090.outbound.protection.outlook.com [104.47.40.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBD9F12940C for <i2nsf@ietf.org>; Thu, 25 May 2017 13:15:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=reou0TYiW/4V1eX81j1Xa1Xe9zL4O/RE3cIty6JyvJc=; b=eOyeC3hQsjf87qRFSebsgAI6izhWU0R63GgKIuKSUJHrQjThlgimI/NSNbjLb74f+8NXaL9n5PTb/pp6pVVZmT/XL5gbouLV1qsu2NUX5nmzqG0aGME+pB6OAuli+kKeancd8TjRdaCxmqXyi8kDXNknS2s8ui2JTsvQ8Yhfxxc=
Received: from BN3PR0501MB1505.namprd05.prod.outlook.com (10.160.117.25) by BN3PR0501MB1508.namprd05.prod.outlook.com (10.160.117.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1124.5; Thu, 25 May 2017 20:15:01 +0000
Received: from BN3PR0501MB1505.namprd05.prod.outlook.com ([10.160.117.25]) by BN3PR0501MB1505.namprd05.prod.outlook.com ([10.160.117.25]) with mapi id 15.01.1124.009; Thu, 25 May 2017 20:15:00 +0000
From: Rakesh Kumar <rkkumar@juniper.net>
To: "Xialiang (Frank)" <frank.xialiang@huawei.com>, "adrian@olddog.co.uk" <adrian@olddog.co.uk>
CC: "i2nsf@ietf.org" <i2nsf@ietf.org>
Thread-Topic: [I2nsf] comments about I2NSF framework draft://答复: Progress with draft-ietf-i2nsf-framework-05
Thread-Index: AdLP/WamAcSDp/aTTOC4ZpmfUkZ9+ACqeaUQAKxmpIA=
Date: Thu, 25 May 2017 20:15:00 +0000
Message-ID: <71215B2E-2705-4CC4-B6DD-1A39C57ED54A@juniper.net>
References: <083101d2cfff$158a7010$409f5030$@olddog.co.uk> <C02846B1344F344EB4FAA6FA7AF481F12BAE3433@DGGEML502-MBS.china.huawei.com>
In-Reply-To: <C02846B1344F344EB4FAA6FA7AF481F12BAE3433@DGGEML502-MBS.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.17.0.160611
authentication-results: huawei.com; dkim=none (message not signed) header.d=none;huawei.com; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [66.129.239.12]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN3PR0501MB1508; 7:LcVdPcpblZnW12wJ2FfuCazNcRSytXF7zini1QtU5F61V/rEnqHWGam6/7MN+4Ncf9JQxrQiR6ImNajLjBfC5DfiLT43CCoXOVnuJI3YwKI/ZzDWutMqbDCSpVlJZeh44/9ziPi2IyVkFfYsPj3O+Cgoya0pF0GdbH6jEejMsLXyndXmsh59pV04CSMUgfWGJFH3ZlVHFCS1MbaBaOARKSk4b/CxArJWC9TYHd0EPD2sdwwjFKzkH37IaHgFz7jwCjzgnevID/tHgp8QKadQh6OdYo5gl6iBEBMjhJPHqjJg6nJLO8Qs6P17/qXSUVSg6pUsQJSiDAnuUPI/Q09vyw==
x-ms-traffictypediagnostic: BN3PR0501MB1508:
x-ms-office365-filtering-correlation-id: 65031630-439c-4a1a-deee-08d4a3aab900
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:BN3PR0501MB1508;
x-microsoft-antispam-prvs: <BN3PR0501MB15083A812C904181452E487EADFF0@BN3PR0501MB1508.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(50582790962513);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123555025)(20161123558100)(20161123560025)(20161123562025)(6072148); SRVR:BN3PR0501MB1508; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0501MB1508;
x-forefront-prvs: 0318501FAE
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39400400002)(39410400002)(39450400003)(39850400002)(39860400002)(39840400002)(377454003)(24454002)(6512007)(3846002)(6246003)(102836003)(2900100001)(224303003)(66066001)(36756003)(2950100002)(54356999)(83716003)(99286003)(53936002)(81166006)(6486002)(4326008)(53546009)(38730400002)(25786009)(77096006)(83506001)(50986999)(6506006)(966005)(6306002)(76176999)(82746002)(33656002)(230783001)(86362001)(189998001)(3660700001)(3280700002)(2906002)(7736002)(122556002)(478600001)(5660300001)(2501003)(8936002)(305945005); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1508; H:BN3PR0501MB1505.namprd05.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <CEF4092A21D0E145B79D994653684BA0@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 May 2017 20:15:00.7931 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1508
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/93zUYlApSo7tA8WpAHJ504ELlcc>
Subject: Re: [I2nsf] comments about I2NSF framework draft://答复: Progress with draft-ietf-i2nsf-framework-05
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 May 2017 20:15:05 -0000

Hi Frank,

Thanks for your review and support. We will make changes to the draft based on your comments and any other comments we receive in next few days.
Please see my take on your comments below.

Thanks
Rakesh

On 5/21/17, 8:32 PM, "I2nsf on behalf of Xialiang (Frank)" <i2nsf-bounces@ietf.org on behalf of frank.xialiang@huawei.com> wrote:

Hi Adrian, I2NSFers,
I reviewed the latest draft again and thinks it's in a very good shape now. So, it can be a foundation for all the other drafts.

Of course, I also have some comments about it as below:
1. nits: P18 " Table 1: Subject Capability Index " should change to " Table 1: Packet Content Matching Capability Index ",  P19, " Table 2: Object Capability Index " should change to " Table 2: context matching Capability Index ";
[Rakesh]  Makes sense to me. We should take this.

2. Section 11 of Security Considerations: this section is a little bit simple without considering the possible threats like: unauthenticated connections between users and controller, and between controller and NSFs, DoS attacks from malicious users or NSFs, etc;
[Rakesh] In my opinion, this is just a framework document. Any specific of security considerations (such as you pointed out) should go into each individual drafts covering client, regigttration and NSF interfaces.  If you think it would help, we could add something like this to the section 11.

3. question: should section 7.3 move to the I2NSF gap analysis draft?
[Rakesh] I don’t have very strong opinion one way or other but it gives some context to other sections. It is good to have.

4. I think remote attestation function should be described as a part into the whole I2NSF framework;
[Rakesh] I agree with you.

5. Section 3.2, by my understanding, notification is just part of the monitor functions, such as: syslog, netconf. Is it necessary to divide them into two interfaces?
[Rakesh] In larger scheme of things, everything can be combined into one but it is good to show differentiation since each set serve different purpose and may require different operational characterstics.


B.R.
Frank

-----邮件原件-----
发件人: I2nsf [mailto:i2nsf-bounces@ietf.org] 代表 Adrian Farrel
发送时间: 2017年5月19日 1:49
收件人: i2nsf@ietf.org
主题: [I2nsf] Progress with draft-ietf-i2nsf-framework-05

Hi WG,

I am about to do a document shepherd review prior to starting a WG last call. In conversation with Linda just now I think I spotted a few areas where I am going to make chunky suggestions for additional text, but overall the document looks sound.

If you care deeply about this work and haven't looked at the framework for a while, now would be a good time. Don't wait for WG last call.

Thanks,
Adrian



_______________________________________________
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf
_______________________________________________
I2nsf mailing list
I2nsf@ietf.org
https://www.ietf.org/mailman/listinfo/i2nsf

v2.23.0 | Report a Bug | By Email