Re: [I2nsf] FW: Merged I2NSF problem statement and Use Case - draft-hares
"Zarny, Myo" <Myo.Zarny@gs.com> Mon, 21 December 2015 16:00 UTC
Return-Path: <Myo.Zarny@gs.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 882981A90A1 for <i2nsf@ietfa.amsl.com>; Mon, 21 Dec 2015 08:00:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.112
X-Spam-Level:
X-Spam-Status: No, score=-5.112 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ly61EWT-D0XH for <i2nsf@ietfa.amsl.com>; Mon, 21 Dec 2015 08:00:06 -0800 (PST)
Received: from mxe02.gs.com (mxe02.gs.com [199.99.47.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48F1A1A9097 for <i2nsf@ietf.org>; Mon, 21 Dec 2015 08:00:06 -0800 (PST)
Received: from pps.filterd (gsppabdp01sd.idz.gs.com [127.0.0.1]) by gsppabdp01sd.idz.gs.com (8.15.0.59/8.15.0.59) with SMTP id tBLFthUx027419; Mon, 21 Dec 2015 10:59:57 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gs.com; h=from : to : cc : date : subject : message-id : references : in-reply-to : content-type : mime-version; s=gs201505; bh=YvR1QoLO8GE5g7OEEJGq1TCqcEJbx2EZt1z5k4ylOhg=; b=N2fUJel5t85iPQrqHTkJXLmKzi1mVqVvu6KXVM0DAfjp7+VEb6tfTPEraPPyrxd/8RLX FcwX+wWmEAdVhYS5hwhM9a2KC50ESYOf8lKe2NCS0z/aEuJt2t1mAJ5pUvL7avBnAXf+ FTuHe4gGILo426bas0TOb1Iicn9GDYrRi5mSBB3gWdoh1nguv7damoxAbe0+rPPw4ULy eHRFszOsXEL75uwiypKS1kBCyniRcCPVBqVjXqkCEXoq10yO9UTAaO6nhKtRZVfeZWGE bmUwU2DUoxvYEArVykrQXQQ2rcfCren419/9FSy2dg74pdWttB8BtMo/gzTi9LjCTasf Eg==
Received: from gsppabdp04nd.inz.gs.com ([10.204.43.243]) by gsppabdp01sd.idz.gs.com with ESMTP id 1yw1uq53cs-1; Mon, 21 Dec 2015 10:59:57 -0500
Received: from pps.filterd (gsppabdp04nd.inz.gs.com [127.0.0.1]) by gsppabdp04nd.inz.gs.com (8.15.0.59/8.15.0.59) with SMTP id tBLF1Hmd031974; Mon, 21 Dec 2015 10:59:57 -0500
Received: from gshcbdp01ex.firmwide.corp.gs.com (gshcbdp01ex.firmwide.corp.gs.com [10.135.172.4]) by gsppabdp04nd.inz.gs.com with ESMTP id 1yw443tvqp-1; Mon, 21 Dec 2015 10:59:56 -0500
Received: from GSCMAMP19EX.firmwide.corp.gs.com ([139.172.38.36]) by gshcbdp01ex.firmwide.corp.gs.com ([10.135.172.4]) with mapi; Mon, 21 Dec 2015 10:59:56 -0500
From: "Zarny, Myo" <Myo.Zarny@gs.com>
To: 'Susan Hares' <shares@ndzh.com>, "'i2nsf@ietf.org'" <i2nsf@ietf.org>
Date: Mon, 21 Dec 2015 10:59:55 -0500
Thread-Topic: [I2nsf] FW: Merged I2NSF problem statement and Use Case - draft-hares
Thread-Index: AQEc9B0JocM47P/VL6/qCq5CXtnSCKA7nwxQgAJ/wrA=
Message-ID: <A3233753A4B65F43BCA1B64DA99A9C230809569C2F@GSCMAMP19EX.firmwide.corp.gs.com>
References: <002701d13ac4$24025a30$6c070e90$@ndzh.com>
In-Reply-To: <002701d13ac4$24025a30$6c070e90$@ndzh.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-retentionstamp: Firmwide
Content-Type: multipart/alternative; boundary="_000_A3233753A4B65F43BCA1B64DA99A9C230809569C2FGSCMAMP19EXfi_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2015-12-21_10:, , signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2015-12-21_10:, , signatures=0
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2nsf/LGdNrvJq1A1bdagr12MhZZpOLfI>
Cc: "'adrian@olddog.co.uk'" <adrian@olddog.co.uk>, 'Linda Dunbar' <linda.dunbar@huawei.com>
Subject: Re: [I2nsf] FW: Merged I2NSF problem statement and Use Case - draft-hares
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2015 16:00:10 -0000
Hi Sue, Thanks very much for putting this together. It's quite challenging to put various threads together in a sensible order, which you've successfully done. And far easier to nitpick, which I'll do here. A few comments: · Section 3.1.9 can be better worded. o Right now, it's describing not just the requirements for DOTS controller interfaces but also what to do about them. The text should describe why we need standard interfaces for: § DOTS controllers to which external entities (such as NSFs or users) can signal the need for DDOS mitigation, revoke mitigation policies, etc. § Network entities that will execute (implement/withdraw/get stats, etc.) DDOS mitigation functions o It describes the mysterious "I2NSF Controller" which I think the original author meant some network security controller. IMHO, I2NSF covers the interfaces for DOTS controllers and NSFs (and anything in between.) This draft shouldn't prescribe how mitigation policies may be carried out. (Policies may be executed through an intermediary like a "network security controller" or by calling the NSFs themselves.) · A similar issue with Section 3.1.10. It speaks of a controller distributing keys in the very first sentence. The need, as it does describe later in the paragraph, is a standard interface to provision and distribute the keys. Let's not muddy waters by declaring who may invoke the said interfaces. We should at least add "for example, a controller" or something like that. · Section 3.3 describes the general need for standard interfaces that could interpret [security] policies. Now, my understanding is that the current I2NSF charter doesn't really deal with policy interpretation beyond the most basic. But it can probably stand as is now since it's describing the requirements. · Overall, we need to do a sweep of copy-editing (for typos, grammar, etc.) My two cents... From: I2nsf [mailto:i2nsf-bounces@ietf.org] On Behalf Of Susan Hares Sent: 19 December 2015 8:17 PM To: i2nsf@ietf.org Cc: adrian@olddog.co.uk; 'Linda Dunbar' Subject: [I2nsf] FW: Merged I2NSF problem statement and Use Case - draft-hares Sending this just to list. Sue From: Susan Hares [mailto:shares@ndzh.com] Sent: Saturday, December 19, 2015 8:11 PM To: 'i2nsf@ietf.org' Cc: 'antonio.pastorperales@telefonica.com'; 'ldunbar@huawei.com'; 'diego.r.lopez@telefonica.com'; 'myo.zarny@gs.com'; 'N.Leymann@telekom.de'; 'michaelq@prime-tel.com'; 'mohamed.boucadair@orange.com'; 'Christian.jacquenet@orange.com'; 'shaibalc@us-ignite.org'; 'adrian@olddog.co.uk'; 'Kathleen Moriarty' Subject: Merged I2NSF problem statement and Use Case - draft-hares I2NSF folks and my co-authors: I have merged all the changes you suggested into Linda's problem statement and combined this with the use cases. Please let me know if you have any concerns or changes to the resulting document. If anyone was left off the Contributors section, would you please let me know. This document is the combination of lots of people's hard work. I will upload it as draft-hares-merged-i2nsf-problem-use-cases-00.txt along with the XML on Sunday evening (12/20/2015) and then ask for WG adoption. I'll watch for comments in the next few weeks and revise the text. Does I2NSF have a github repository? If so, we can put the XML there to change it. Sue Hares
- [I2nsf] FW: Merged I2NSF problem statement and Us… Susan Hares
- [I2nsf] Merged I2NSF problem statement and Use Ca… Susan Hares
- Re: [I2nsf] FW: Merged I2NSF problem statement an… Zarny, Myo
- Re: [I2nsf] FW: Merged I2NSF problem statement an… Susan Hares