Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01
"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Mon, 24 October 2016 05:44 UTC
Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2F27129478 for <i2nsf@ietfa.amsl.com>; Sun, 23 Oct 2016 22:44:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.989
X-Spam-Level:
X-Spam-Status: No, score=-1.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_HK_NAME_FM_MR_MRS=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hPT_YAphvB0y for <i2nsf@ietfa.amsl.com>; Sun, 23 Oct 2016 22:44:20 -0700 (PDT)
Received: from mail-yw0-x229.google.com (mail-yw0-x229.google.com [IPv6:2607:f8b0:4002:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43B06129412 for <i2nsf@ietf.org>; Sun, 23 Oct 2016 22:44:20 -0700 (PDT)
Received: by mail-yw0-x229.google.com with SMTP id t193so170739480ywc.2 for <i2nsf@ietf.org>; Sun, 23 Oct 2016 22:44:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=v1LAfc66w8EbWUi16z8UEOyuRPE/4g0Bk1spUFjJLtI=; b=W9wY4IO8ITAIkmXc6XmUh/GVlItZC9Dip/g99JjWbCmVGteuvnVfCoFaCQ7aRhG8At aF/MEo6PDn6AoykdVOK7+yfCftagyzVXnenpu0exZ/NqxxaBiqWXS9xLwvyNrchjtxj2 wgiOeGECG/lnqqXrAZ/4KbHq7OSHUf/cGhKq2arTYOHEpnq269an76Zi5fvhe4nnUynb W71lMTKVybcDNPRCUhIjL3Ew7A1NCe4g+F3QNfZ7r8PJR5wlnq3scubvTLH+9WWDdKu1 rl8DbizFKS7iYqjzPm5L9mr9G3ar4YlbP/OgA/mROL2p6Flu2BPUin75cSY67mKwvyk7 zHtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=v1LAfc66w8EbWUi16z8UEOyuRPE/4g0Bk1spUFjJLtI=; b=ASHcuQeQV6QPAD90EA+eM6sPWAaje7QuCo1Z3gZ/cWHUMsbmLajRA5geOBXTCiuBLW 0Po8jLOlzWFGuMbduiYe2NpReuaadm1NJpWIizt/RUKbQjEHa7ME/2U2RHSLW4ancltd AxXBwyUC5F7RCCn4BSJO7o4jd3g5x8EHv3joj8wb5AnKudi7He4tGNsCqI+ZOJv+tmgS JZg36wkXRTwWQhFzmbBHAX54JZzOEkxy95O3M821KV1uYeECIFsJjV/TjhyWDQrfCXNd ddS/Rar7htLWXmQbWKAxegkB9Qz8Xx5LaP+HnhDV2sGEFVS4HGlae9m7MW25rdlechgl Q/8g==
X-Gm-Message-State: ABUngvc0nyLWyzKN5vTHjS078Yg8ILraVIYoP31rIPUq9XNyXnupbvkLJB5P3mkE/97Dsd60rpXH8/JiLTqqEQ==
X-Received: by 10.129.53.206 with SMTP id c197mr13554942ywa.205.1477287859392; Sun, 23 Oct 2016 22:44:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.165.18 with HTTP; Sun, 23 Oct 2016 22:43:48 -0700 (PDT)
In-Reply-To: <E4CF99C1-EDBE-46A5-95F0-DDF6729E7961@telefonica.com>
References: <4A95BA014132FF49AE685FAB4B9F17F657F4EE78@dfweml501-mbb> <CAPK2Dezb0YMYwKwL6egygGwz8vMKC2iAxswrpgETM-YH9RowSA@mail.gmail.com> <CAPK2Dey5_NTS+oum2u0E9bTAxYRFFbKCikogKYdbk4v1nUrAxg@mail.gmail.com> <E4CF99C1-EDBE-46A5-95F0-DDF6729E7961@telefonica.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Mon, 24 Oct 2016 14:43:48 +0900
Message-ID: <CAPK2Dez=3Mm3H6312AsaZqtLT5oa8+27sf8+e_KgQBn0JjzZjg@mail.gmail.com>
To: "Diego R. Lopez" <diego.r.lopez@telefonica.com>
Content-Type: multipart/alternative; boundary="001a11421a26171503053f95e2a1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/BV-760bK3I4kX2Qw57SI1VWYzv4>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>, "Prof. Hyoungshick Kim" <hyoung@skku.edu>, "Pauljeong@skku.edu" <Pauljeong@skku.edu>, "skku_secu-brain_all@googlegroups.com" <skku_secu-brain_all@googlegroups.com>, Linda Dunbar <linda.dunbar@huawei.com>
Subject: Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2016 05:44:23 -0000
Hi Diego, Thanks for your comments. Our draft can be aligned with draft-kumar-i2nsf-client-facing-interface-req-01 in that ours deals with the interface between I2NSF Client and Security Controller. However, draft-kumar-i2nsf-client-facing-interface-req-01 does not clarify the structure of I2NSF Client in a detailed level, but our draft proposes such a detailed structure for I2NSF Client. In addition, our draft considers the policy update in I2NSF through the report from an NSF for a security attack (e.g., DDoS attack) or an event (e.g., the detection of a new malware) toward I2NSF Client. This updated policy is disseminated to the whole I2NSF systems for spontaneous reaction to the new security attack or event. Like this, our draft is closely related to the the I2NSF framework. Let us prepare for the text for the I2NSF framework draft, and then discuss whether our text can fit the I2NSF framework. Thanks. Best Regards, Paul On Sat, Oct 22, 2016 at 7:49 PM, Diego R. Lopez < diego.r.lopez@telefonica.com> wrote: > Hi Paul, > > While I find agreeable that your draft could be merged with another one > (or other ones) in order to consolidate the documents to be produced by > I2NSF, I am not 100% sure it should be the framework draft. Looking at the > proposals you make in your draft I see it more aligned with what the drafts > dealing with the client-facing interface are considering than with the > general framework. In particular, draft-kumar-i2nsf- > client-facing-interface-req-01 > <https://datatracker.ietf.org/doc/draft-kumar-i2nsf-client-facing-interface-req/> has > a section(3.3) that discusses management deployment models, and I am under > the impression this architecture you propose could be seen as a refinement > of those models. > > Be goode, > > On 21 Oct 2016, at 02:54 , Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com> > wrote: > > Hi Linda, > Are you agreeing at merging our draft (draft-kim-i2nsf-security- > management-architecture-02) > into draft-ietf-i2nsf-framework-03? > > Thanks. > > Best Regards, > Paul > > On Fri, Oct 7, 2016 at 5:32 AM, Mr. Jaehoon Paul Jeong < > jaehoon.paul@gmail.com> wrote: > >> Hi Linda, >> As a coauthor of this draft, I will answer your questions inline below. >> >> On Wed, Oct 5, 2016 at 1:34 PM, Linda Dunbar <linda.dunbar@huawei.com> >> wrote: >> >>> Hyoungshick, et al, >>> >>> >>> >>> How would you position your draft-kim-i2nsf-security-management-architecture-01 >>> with regard to the I2NSF framework draft? I find there are a lot of >>> duplicated content to the I2nsf framework draft. >>> >> >> [Paul] We would like to merge our draft into the i2nsf framework draft >> because our draft has one depth more detailed architecture. >> This detailed architecture will be helpful to implement the i2nsf >> framework. >> >> >>> >>> There are some differences, such as the following: Are you trying to >>> define how “security policy” is structured? >>> >>> >>> >>> <image002.png> >>> >>> >>> >> [Paul] Our architecture allows an NSF to update a low-level policy and >> apply it to the related high-level policy >> via the control path of Security Controller and Policy Collector >> (renamed Event Collector in version 02) in Figure 1 >> of our version 02: >> https://tools.ietf.org/html/draft-kim-i2nsf-security-manage >> ment-architecture-02 >> >> For example, if an NSF of firewall detects a new DoS-attack host, it >> reports the updated blacklist having >> the IP address of such a host to Application Logic in I2NSF Client via >> Security Controller and Event Collector. >> Application Logic asks Policy Updater to disseminate the updated >> blacklist to the security controllers >> under the administration of the same I2NSF Client. >> >> >>> Will the “High Level security management” eventually lead to Client >>> Facing Policy data models? >>> >> >> [Paul] Yes, as explained above, the High-level security management leads >> to update and handle Client facing policy >> data models. >> >>> >>> >>> Do you plan to define interfaces between all those components depicted >>> in Figure 1? The interfaces between some of those components are not >>> really in the I2NSF WG current charter, such as “Security Policy Manager” >>> <-> “NSF Capability Manager”, or the interface between “Application Logic” >>> <-> “Policy Updater”. >>> >> >> [Paul] Yes, we have a plan to define such interfaces. >> >> >>> >>> Are those components in your current implementation? Is it like an >>> “example of one implementation”? >>> >> >> [Paul] Though those components are not fully implemented yet in our >> implementation, my team at SKKU >> will make implement those components in a later version. >> >> Thanks for your clarification questions. >> >> Best Regards, >> Paul >> >> >>> >>> >>> >>> >>> Thanks, Linda >>> >>> _______________________________________________ >>> I2nsf mailing list >>> I2nsf@ietf.org >>> https://www.ietf.org/mailman/listinfo/i2nsf >>> >>> >> >> >> -- >> =========================== >> Mr. Jaehoon (Paul) Jeong, Ph.D. >> Assistant Professor >> Department of Software >> Sungkyunkwan University >> Office: +82-31-299-4957 >> Email: jaehoon.paul@gmail.com, pauljeong@skku.edu >> Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php >> <http://cpslab.skku.edu/people-jaehoon-jeong.php> >> > > > > -- > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Assistant Professor > Department of Software > Sungkyunkwan University > Office: +82-31-299-4957 > Email: jaehoon.paul@gmail.com, pauljeong@skku.edu > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <http://cpslab.skku.edu/people-jaehoon-jeong.php> > _______________________________________________ > I2nsf mailing list > I2nsf@ietf.org > https://www.ietf.org/mailman/listinfo/i2nsf > > > -- > "Esta vez no fallaremos, Doctor Infierno" > > Dr Diego R. Lopez > Telefonica I+D > http://people.tid.es/diego.lopez/ > > e-mail: diego.r.lopez@telefonica.com > Tel: +34 913 129 041 > Mobile: +34 682 051 091 > ---------------------------------- > > -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Assistant Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: jaehoon.paul@gmail.com, pauljeong@skku.edu Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
- [I2nsf] questions about draft-kim-i2nsf-security-… Linda Dunbar
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Linda Dunbar
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Diego R. Lopez
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Rakesh Kumar
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Mr. Jaehoon Paul Jeong