Re: [I2nsf] Definitions in draft-merged-i2nsf-problem-statement-use-cases-00
DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com> Tue, 15 December 2015 21:50 UTC
Return-Path: <diego.r.lopez@telefonica.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4D291AD357 for <i2nsf@ietfa.amsl.com>; Tue, 15 Dec 2015 13:50:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R9Lk3ooLec77 for <i2nsf@ietfa.amsl.com>; Tue, 15 Dec 2015 13:50:05 -0800 (PST)
Received: from smtptc.telefonica.com (smtptc.telefonica.com [195.76.34.108]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF6241B29FA for <i2nsf@ietf.org>; Tue, 15 Dec 2015 13:50:03 -0800 (PST)
Received: from smtptc.telefonica.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1D34B3A013E; Tue, 15 Dec 2015 22:50:01 +0100 (CET)
Received: from ESTGVMSP113.EUROPE.telefonica.corp (unknown [10.92.4.9]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtptc.telefonica.com (Postfix) with ESMTPS id F29733A0109; Tue, 15 Dec 2015 22:50:00 +0100 (CET)
Received: from emea01-am1-obe.outbound.protection.outlook.com (10.92.5.139) by tls.telefonica.com (10.92.6.55) with Microsoft SMTP Server (TLS) id 14.3.235.1; Tue, 15 Dec 2015 22:50:00 +0100
Received: from DB4PR06MB0624.eurprd06.prod.outlook.com (10.161.13.142) by DB4PR06MB0621.eurprd06.prod.outlook.com (10.161.13.139) with Microsoft SMTP Server (TLS) id 15.1.355.16; Tue, 15 Dec 2015 21:48:58 +0000
Received: from DB4PR06MB0624.eurprd06.prod.outlook.com ([10.161.13.142]) by DB4PR06MB0624.eurprd06.prod.outlook.com ([10.161.13.142]) with mapi id 15.01.0355.012; Tue, 15 Dec 2015 21:48:58 +0000
From: DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com>
To: Robert Moskowitz <rgm-ietf@htt-consult.com>
Thread-Topic: [I2nsf] Definitions in draft-merged-i2nsf-problem-statement-use-cases-00
Thread-Index: AQHRND5q8E+3VxB8cUiaaAVkz50xxJ7MnE+A
Date: Tue, 15 Dec 2015 21:48:57 +0000
Message-ID: <100442EB-9F96-4CDD-B31F-D248BFFFD832@telefonica.com>
References: <566B1018.2090904@htt-consult.com>
In-Reply-To: <566B1018.2090904@htt-consult.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=diego.r.lopez@telefonica.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [70.191.149.15]
x-microsoft-exchange-diagnostics: 1; DB4PR06MB0621; 5:55qPve8kRzpA2zitNvkC2PxiBN/uOrYzuP1deZHX4VQqZMvvvvZkKis3gOzj/jnD9SeJ6EAEHAYoEjRqOtgKLyjC/ZTOpLIhuGncvOol7QXmZS1ligEfHoW/nh9T4D0GZVoDfn/6pEJA7wT+lI6X/g==; 24:NrAuhaHkYAYbxXTG1m2GkSOzkb5iNKwfOx/fHAMYviMmC1w1prNXb4pxUXRZiz5j83EZNrjbRwboIzYk0HZmLIFwXVF51QOIsIevRq4AcC0=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB4PR06MB0621;
x-microsoft-antispam-prvs: <DB4PR06MB06218334F7751A680BEF6C33DFEE0@DB4PR06MB0621.eurprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(8121501046)(5005006)(3002001)(10201501046); SRVR:DB4PR06MB0621; BCL:0; PCL:0; RULEID:; SRVR:DB4PR06MB0621;
x-forefront-prvs: 07915F544A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(24454002)(189002)(252514010)(199003)(105586002)(36756003)(10400500002)(97736004)(5008740100001)(1096002)(106356001)(5001960100002)(2950100001)(2900100001)(19617315012)(86362001)(106116001)(76176999)(230783001)(92566002)(101416001)(102836003)(40100003)(54356999)(6116002)(1220700001)(81156007)(586003)(110136002)(5004730100002)(87936001)(50986999)(82746002)(66066001)(189998001)(15975445007)(11100500001)(83716003)(3846002)(33656002)(122556002)(19580395003)(19580405001)(561944003)(16236675004)(5002640100001)(77096005)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:DB4PR06MB0621; H:DB4PR06MB0624.eurprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: telefonica.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_100442EB9F964CDDB31FD248BFFFD832telefonicacom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Dec 2015 21:48:57.8526 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR06MB0621
X-OriginatorOrg: telefonica.com
X-TM-AS-MML: No
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2nsf/GPAMUXuAlTUo6xtrCrb-HAyuTAY>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>
Subject: Re: [I2nsf] Definitions in draft-merged-i2nsf-problem-statement-use-cases-00
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2015 21:50:11 -0000
Hi Bob, I would support your proposal without the quotes and a “can” before what the NSF can help to achieve. Thus: A function that detects unwanted activity and blocks/mitigates the effect of such unwanted activity in order to support availability of a network. In addition, the NSF can help in supporting communication stream integrity and confidentiality I don’t think detecting unwanted activity is too self-assured: unwanted activity is what the user and/or provider of the NSF has defined they do not want. Whatever the activity that matches with this definition is unwanted and the NSF will do whatever they can to stop it. Be goode, On 11 Dec 2015, at 13:04 , Robert Moskowitz <rgm-ietf@htt-consult.com<mailto:rgm-ietf@htt-consult.com>> wrote: I have been working with Sue and Linda on reviewing and cleaning up this ID. I looked at; Network Security Function (NSF): A function which ensures integrity, confidentiality and availability of network communications; detects unwanted activity, blocks or mitigates the effect of such unwanted activity on the network. And I took exception with at least 'ensures'. This is too strong of a statement. Nothing we do with this technology will 'ensure' CIA. First what is 'CIA': Confidentiality by restricting access to the internal assets. Integrity by, (well gee, what IS Integrity)? Integrity by enabling users to trust using their assets. Availablity by blocking attacks that make assets unusable. So first, do we agree what CIA means and that it is important? If so, we might get something like: A function that detects unwanted activity and blocks/mitigates the effect of such unwanted activity in order to support availability of a network. In addition, the NSF helps support communication stream “integrity and confidentiality”. Even this is too self-assured. An NSF detects unwanted activity? Really? It detects what we have so far have classified as unwanted activity. I know that IPS NSF devices are marketed to 'learn' and adapt, but without sophisticated AI, even here there are limits. Perhaps I am too pedantic, but this document includes 'user expectations', and I don't want an expectation of '6 sigmas of detection'. My sixpence worth. _______________________________________________ I2nsf mailing list I2nsf@ietf.org<mailto:I2nsf@ietf.org> https://www.ietf.org/mailman/listinfo/i2nsf -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D http://people.tid.es/diego.lopez/ e-mail: diego.r.lopez@telefonica.com Tel: +34 913 129 041 Mobile: +34 682 051 091 ---------------------------------- ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
- [I2nsf] Definitions in draft-merged-i2nsf-problem… Robert Moskowitz
- [I2nsf] 答复: Definitions in draft-merged-i2nsf-pro… Xialiang (Frank)
- Re: [I2nsf] Definitions in draft-merged-i2nsf-pro… DIEGO LOPEZ GARCIA