IETF Logo Mail Archive

Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01

Linda Dunbar <linda.dunbar@huawei.com> Fri, 21 October 2016 16:24 UTC

Return-Path: <linda.dunbar@huawei.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8ED71297CC for <i2nsf@ietfa.amsl.com>; Fri, 21 Oct 2016 09:24:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.65
X-Spam-Level:
X-Spam-Status: No, score=-4.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FdmHoOop9hXU for <i2nsf@ietfa.amsl.com>; Fri, 21 Oct 2016 09:24:27 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABA89129664 for <i2nsf@ietf.org>; Fri, 21 Oct 2016 09:24:13 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml703-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CYT01149; Fri, 21 Oct 2016 16:24:11 +0000 (GMT)
Received: from DFWEML703-CAH.china.huawei.com (10.193.5.177) by lhreml703-cah.china.huawei.com (10.201.5.104) with Microsoft SMTP Server (TLS) id 14.3.235.1; Fri, 21 Oct 2016 17:24:09 +0100
Received: from DFWEML501-MBB.china.huawei.com ([10.193.5.179]) by DFWEML703-CAH.china.huawei.com ([10.193.5.177]) with mapi id 14.03.0235.001; Fri, 21 Oct 2016 09:24:03 -0700
From: Linda Dunbar <linda.dunbar@huawei.com>
To: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Thread-Topic: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01
Thread-Index: AdIfLr34lp0f6oZyTDaMYfxR84GDzgBHLKSAAsk+VgAAEbtdkA==
Date: Fri, 21 Oct 2016 16:24:02 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F657F5F8F7@dfweml501-mbb>
References: <4A95BA014132FF49AE685FAB4B9F17F657F4EE78@dfweml501-mbb> <CAPK2Dezb0YMYwKwL6egygGwz8vMKC2iAxswrpgETM-YH9RowSA@mail.gmail.com> <CAPK2Dey5_NTS+oum2u0E9bTAxYRFFbKCikogKYdbk4v1nUrAxg@mail.gmail.com>
In-Reply-To: <CAPK2Dey5_NTS+oum2u0E9bTAxYRFFbKCikogKYdbk4v1nUrAxg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.192.11.128]
Content-Type: multipart/mixed; boundary="_006_4A95BA014132FF49AE685FAB4B9F17F657F5F8F7dfweml501mbb_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020205.580A412C.006B, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: d87c774a632a6ab181336e282dbfa1fd
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/FY2C2PK94TcbqLeAu_QKLCxe9fM>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>, "Prof. Hyoungshick Kim" <hyoung@skku.edu>, "Pauljeong@skku.edu" <Pauljeong@skku.edu>, "skku_secu-brain_all@googlegroups.com" <skku_secu-brain_all@googlegroups.com>
Subject: Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2016 16:24:32 -0000

Paul,

Can your team look at the attached i2NSF framework draft and suggest text to merge in?

Thanks, Linda

From: Mr. Jaehoon Paul Jeong [mailto:jaehoon.paul@gmail.com]
Sent: Thursday, October 20, 2016 7:55 PM
To: Linda Dunbar <linda.dunbar@huawei.com>
Cc: Prof. Hyoungshick Kim <hyoung@skku.edu>; Pauljeong@skku.edu; i2nsf@ietf.org; skku_secu-brain_all@googlegroups.com
Subject: Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01

Hi Linda,
Are you agreeing at merging our draft (draft-kim-i2nsf-security-management-architecture-02)
into draft-ietf-i2nsf-framework-03?

Thanks.

Best Regards,
Paul

On Fri, Oct 7, 2016 at 5:32 AM, Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>> wrote:
Hi Linda,
As a coauthor of this draft, I will answer your questions inline below.

On Wed, Oct 5, 2016 at 1:34 PM, Linda Dunbar <linda.dunbar@huawei.com<mailto:linda.dunbar@huawei.com>> wrote:
Hyoungshick, et al,

How would you position your draft-kim-i2nsf-security-management-architecture-01 with regard to the I2NSF framework draft? I find there are  a lot of duplicated content to the I2nsf framework draft.

 [Paul] We would like to merge our draft into the i2nsf framework draft
 because our draft has one depth more detailed architecture.
 This detailed architecture will be helpful to implement the i2nsf framework.


There are some differences,  such as the following: Are you trying to define how “security policy” is structured?

[cid:image001.png@01D22B8D.9F9438C0]

 [Paul] Our architecture allows an NSF to update a low-level policy and apply it to the related high-level policy
 via the control path of Security Controller and Policy Collector (renamed Event Collector in version 02) in Figure 1
 of our version 02:
 https://tools.ietf.org/html/draft-kim-i2nsf-security-management-architecture-02

 For example, if an NSF of firewall detects a new DoS-attack host, it reports the updated blacklist having
 the IP address of such a host to Application Logic in I2NSF Client via Security Controller and Event Collector.
 Application Logic asks Policy Updater to disseminate the updated blacklist to the security controllers
 under the administration of the same I2NSF Client.

Will the “High Level security management” eventually lead to Client Facing Policy data models?

 [Paul] Yes, as explained above, the High-level security management leads to update and handle Client facing policy
 data models.

Do you plan to define interfaces between all those components depicted in Figure 1?  The interfaces between some of those components are not really in the I2NSF WG current charter, such as “Security Policy Manager” <-> “NSF Capability Manager”,  or the interface between “Application Logic” <-> “Policy Updater”.

 [Paul]  Yes, we have a plan to define such interfaces.


Are those components in your current implementation? Is it like an “example of one implementation”?

 [Paul] Though those components are not fully implemented yet in our implementation, my team at SKKU
 will make implement those components in a later version.

 Thanks for your clarification questions.

 Best Regards,
 Paul



Thanks, Linda

_______________________________________________
I2nsf mailing list
I2nsf@ietf.org<mailto:I2nsf@ietf.org>
https://www.ietf.org/mailman/listinfo/i2nsf



--
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Assistant Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>, pauljeong@skku.edu<mailto:pauljeong@skku.edu>
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<http://cpslab.skku.edu/people-jaehoon-jeong.php>



--
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Assistant Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>, pauljeong@skku.edu<mailto:pauljeong@skku.edu>
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<http://cpslab.skku.edu/people-jaehoon-jeong.php>

v2.23.0 | Report a Bug | By Email