Re: [I2nsf] Questions about draft-baspez-i2nsf-capabilities-00
Aldo Basile <cataldo.basile@polito.it> Wed, 05 October 2016 18:56 UTC
Return-Path: <cataldo.basile@polito.it>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83B1F129405 for <i2nsf@ietfa.amsl.com>; Wed, 5 Oct 2016 11:56:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.197
X-Spam-Level:
X-Spam-Status: No, score=-7.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hPwAnw31gXZM for <i2nsf@ietfa.amsl.com>; Wed, 5 Oct 2016 11:56:17 -0700 (PDT)
Received: from antispam.polito.it (fm1nodo1.polito.it [130.192.180.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D082129408 for <i2nsf@ietf.org>; Wed, 5 Oct 2016 11:56:15 -0700 (PDT)
Received: from polito.it (frontmail1.polito.it [130.192.180.41]) by antispam.polito.it with ESMTP id u95Iu6Yi023992-u95Iu6Yk023992 (version=TLSv1.0 cipher=DHE-RSA-AES256-SHA bits=256 verify=CAFAIL); Wed, 5 Oct 2016 20:56:06 +0200
Received: from [151.32.124.111] (account d011649@polito.it HELO [192.168.0.4]) by polito.it (CommuniGate Pro SMTP 6.1.9) with ESMTPSA id 111137515; Wed, 05 Oct 2016 20:56:05 +0200
To: Linda Dunbar <linda.dunbar@huawei.com>, "i2nsf@ietf.org" <i2nsf@ietf.org>
References: <4A95BA014132FF49AE685FAB4B9F17F657F4EE19@dfweml501-mbb>
From: Aldo Basile <cataldo.basile@polito.it>
Message-ID: <70161564-cea3-3081-63db-72eecd71a21c@polito.it>
Date: Wed, 05 Oct 2016 20:56:04 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F657F4EE19@dfweml501-mbb>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms040702040801020105030506"
X-FEAS-SYSTEM-WL: 130.192.180.41
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/IDArhnVoG-9E2ndsdwe7f74beN8>
Subject: Re: [I2nsf] Questions about draft-baspez-i2nsf-capabilities-00
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2016 18:56:19 -0000
Dear Linda, this ambiguity is a consequence of my bad relation with the textual syntax of I-D, while I usually work with LaTeX and I conceive formulas in LaTeX format (and, honestly, I still don't understand why it is not also adopted by IETF). I'm sorry for this, I'll work to improve formulas readability for the version 01 or for the merged version (the one we are working on with John Strassner and Frank Xialiang). 1) AC (both capital letters) is the set of all the existing actions, thus AC will include “permit”, “deny”, “redirect”, “log”, “alert”, and all the actions that may describe any of the enforcement activities performed by whatever security function. 2) Ac is a subset of AC that represents the actions actually available at the security function we want to describe. Therefore, for a basic packet filter it will most likely include only “permit”, “deny”, and “redirect”, while more sophisticated functions will have their own set of actions (that, to make the model coherent, should nevertheless be also replicated in the AC that will contain all of them). "[" graphically depicts the LaTeX symbol \subseteq (look at the relation symbols here http://web.ift.uib.no/Teori/KURS/WRK/TeX/symALL.html) which I used to depict the subset relation (a [ b means that the left one contains a subset of the elements in b but it may possibly contain the same elements as b). I added a sentence in the draft explaining this use, but it was probably very vague. Hope this clarifies the and hope I can solve editing issues in the next versions. Regards, Aldo On 05/10/2016 19:12, Linda Dunbar wrote: > > > Aldo and Diego, > > > > > > The section 4.1 of your draft has this expression: > > > > Our capabilities are defined by a 4-tuple: > > (Ac; Cc; RSc; Dc) [ (AC; CC; RSC; DC)= K > > > > Is it intentional to have “[“ without the matching one “]”? > > > > What is the relationship between “Ac” and “AC”? are they the same? > > > > If a NSF supports more actions than the simple “permit” or “deny” (e.g. > “redirect”, “log”, “alert”, etc), will then be listed in “AC” or “Ac”? > > > > Thanks, Linda >
- [I2nsf] Questions about draft-baspez-i2nsf-capabi… Linda Dunbar
- Re: [I2nsf] Questions about draft-baspez-i2nsf-ca… Aldo Basile
- [I2nsf] relationship between draft-baspez-i2nsf-c… Linda Dunbar
- Re: [I2nsf] relationship between draft-baspez-i2n… Aldo Basile