Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01
"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Thu, 27 October 2016 04:31 UTC
Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EE8C1294A5 for <i2nsf@ietfa.amsl.com>; Wed, 26 Oct 2016 21:31:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.689
X-Spam-Level:
X-Spam-Status: No, score=-2.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_HK_NAME_FM_MR_MRS=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OJJaqbTlpQQs for <i2nsf@ietfa.amsl.com>; Wed, 26 Oct 2016 21:31:20 -0700 (PDT)
Received: from mail-yw0-x231.google.com (mail-yw0-x231.google.com [IPv6:2607:f8b0:4002:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7942812949A for <i2nsf@ietf.org>; Wed, 26 Oct 2016 21:31:20 -0700 (PDT)
Received: by mail-yw0-x231.google.com with SMTP id u124so30331837ywg.3 for <i2nsf@ietf.org>; Wed, 26 Oct 2016 21:31:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=KM7hXESx7JZz5aOlftIYp1NbyAy85dWQJfCYSrBqH/Q=; b=vPdp7b6evwb5DMk7vDEDsql+lY6J2pChiNj2WTEVxE275NehMeYC5u7x3onzK3KGBj JXeGpV/Tkpi+tiibCDjPim42tu0UKEWFzbcnLks/aZKAhhcCjTRN99nJO5mrPrljneF/ 9mMtxf9ZNFLmtVDHe1I9M4SlMk3wOm5hZjrNZ4s29sdI83N1SpGnsZXREYOzs0Tv47EG 2pSW8/x7UoxLYFZ4XsOebGwF+5b9AbWAZFjm2wM9g2SBQIN4XehrkEJ5CIkbiMj/hnww O1gDADLN01c1RodT0WOXTz5+Njnlerc9ToDM9LOXL1eCaCyF1pVULDDnWj3UgK1DE3Mn 2s2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=KM7hXESx7JZz5aOlftIYp1NbyAy85dWQJfCYSrBqH/Q=; b=YsBuFfKk0+5z7Ythzh8+RdkBNSiV8xKH8loGkK03WN7lvegTF/8aUruPfM8RGQDWtj +WoqjAU/3xtyAt7QLbl5Z/Os2f9crz4feQse02bPQkDM2oB5ev3f93d81fy7Z0g5HdcD Ac+2g137oSuTenQAS9K45/gt9mMMhwxJlvkWXT0R7BxHfJlTU0VBeAYKrf6UNjV8MM+r AKJ9Yk3LgyUFaDOS0cakPF/KTmjN35jiLVZfxCLqPk8Ea14clPsnVjbhhvU7irrR2Lep lTaq8MjDfOkARt4Rq91HLOfwo2pbidTQcfMK373wLTPuHrSS1qY6k+WZEtF9AMymvMIC rk5Q==
X-Gm-Message-State: ABUngvfQ90X3vBrv6MXVajV9Qq7KRZPgEO9oxY3CqXnz94umGUAqxEcafix9/Gi95EUeSYVX+69sB8cVr8qVnw==
X-Received: by 10.13.205.198 with SMTP id p189mr4901844ywd.337.1477542679617; Wed, 26 Oct 2016 21:31:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.165.18 with HTTP; Wed, 26 Oct 2016 21:30:49 -0700 (PDT)
In-Reply-To: <AE3FF8A3-F25C-4D3F-8595-92A2A8BCD692@juniper.net>
References: <4A95BA014132FF49AE685FAB4B9F17F657F4EE78@dfweml501-mbb> <CAPK2Dezb0YMYwKwL6egygGwz8vMKC2iAxswrpgETM-YH9RowSA@mail.gmail.com> <CAPK2Dey5_NTS+oum2u0E9bTAxYRFFbKCikogKYdbk4v1nUrAxg@mail.gmail.com> <E4CF99C1-EDBE-46A5-95F0-DDF6729E7961@telefonica.com> <CAPK2Dez=3Mm3H6312AsaZqtLT5oa8+27sf8+e_KgQBn0JjzZjg@mail.gmail.com> <AE3FF8A3-F25C-4D3F-8595-92A2A8BCD692@juniper.net>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Thu, 27 Oct 2016 13:30:49 +0900
Message-ID: <CAPK2DewYMzy0EJh6PZiVVpxwiL1_e2BOFr9wPav3qd6GE1Zvbg@mail.gmail.com>
To: Rakesh Kumar <rkkumar@juniper.net>
Content-Type: multipart/alternative; boundary="001a114da6568f294c053fd13628"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/Ph0DlFQQnReRdtI12Hc_pFB0RYI>
Cc: "Diego R. Lopez" <diego.r.lopez@telefonica.com>, "i2nsf@ietf.org" <i2nsf@ietf.org>, "skku_secu-brain_all@googlegroups.com" <skku_secu-brain_all@googlegroups.com>, Linda Dunbar <linda.dunbar@huawei.com>, "Prof. Hyoungshick Kim" <hyoung@skku.edu>, "Pauljeong@skku.edu" <Pauljeong@skku.edu>
Subject: Re: [I2nsf] questions about draft-kim-i2nsf-security-management-architecture-01
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2016 04:31:24 -0000
Hi Rakesh, After I discuss with my coauthors which draft is fitting well with our draft, I will let you know. Thanks for your kind suggestion. Best Regards, Paul On Thu, Oct 27, 2016 at 6:56 AM, Rakesh Kumar <rkkumar@juniper.net> wrote: > Hi Paul, > > > > Based on suggestion from Diego to see if we could merge > draft-kim-i2nsf-security-management-architecture-01 with > draft-kumar-i2nsf-client-facing-interface-req-01. > > Our draft deals with interfaces client would use to interact with the > security controller/management system. We are discussing only the client > interfaces and not the client structure itself. > > > > We should have a discussion to see what can be merged. I look forward to > working with you. > > > > Thanks & Regards, > > Rakesh > > *From: *I2nsf <i2nsf-bounces@ietf.org> on behalf of "Mr. Jaehoon Paul > Jeong" <jaehoon.paul@gmail.com> > *Date: *Sunday, October 23, 2016 at 10:43 PM > *To: *"Diego R. Lopez" <diego.r.lopez@telefonica.com> > *Cc: *"i2nsf@ietf.org" <i2nsf@ietf.org>, "Prof. Hyoungshick Kim" < > hyoung@skku.edu>, "Pauljeong@skku.edu" <Pauljeong@skku.edu>, " > skku_secu-brain_all@googlegroups.com" <skku_secu-brain_all@ > googlegroups.com>, Linda Dunbar <linda.dunbar@huawei.com> > *Subject: *Re: [I2nsf] questions about draft-kim-i2nsf-security- > management-architecture-01 > > > > Hi Diego, > > Thanks for your comments. > > > > Our draft can be aligned with draft-kumar-i2nsf-client-facing-interface-req-01 > in that > > ours deals with the interface between I2NSF Client and Security Controller. > > However, draft-kumar-i2nsf-client-facing-interface-req-01 does not > clarify the structure of > > I2NSF Client in a detailed level, but our draft proposes such a detailed > structure for I2NSF Client. > > > > In addition, our draft considers the policy update in I2NSF through the > report from an NSF > > for a security attack (e.g., DDoS attack) or an event (e.g., the detection > of a new malware) > > toward I2NSF Client. This updated policy is disseminated to the whole > I2NSF systems > > for spontaneous reaction to the new security attack or event. > > > > Like this, our draft is closely related to the the I2NSF framework. > > Let us prepare for the text for the I2NSF framework draft, and then discuss > > whether our text can fit the I2NSF framework. > > > > Thanks. > > > > Best Regards, > > Paul > > > > > > > > > > On Sat, Oct 22, 2016 at 7:49 PM, Diego R. Lopez < > diego.r.lopez@telefonica.com> wrote: > > Hi Paul, > > > > While I find agreeable that your draft could be merged with another one > (or other ones) in order to consolidate the documents to be produced by > I2NSF, I am not 100% sure it should be the framework draft. Looking at the > proposals you make in your draft I see it more aligned with what the drafts > dealing with the client-facing interface are considering than with the > general framework. In particular, draft-kumar-i2nsf- > client-facing-interface-req-01 > <https://datatracker.ietf.org/doc/draft-kumar-i2nsf-client-facing-interface-req/> has > a section(3.3) that discusses management deployment models, and I am under > the impression this architecture you propose could be seen as a refinement > of those models. > > > > Be goode, > > > > On 21 Oct 2016, at 02:54 , Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com> > wrote: > > > > Hi Linda, > > Are you agreeing at merging our draft (draft-kim-i2nsf-security- > management-architecture-02) > > into draft-ietf-i2nsf-framework-03? > > > > Thanks. > > > > Best Regards, > > Paul > > > > On Fri, Oct 7, 2016 at 5:32 AM, Mr. Jaehoon Paul Jeong < > jaehoon.paul@gmail.com> wrote: > > Hi Linda, > > As a coauthor of this draft, I will answer your questions inline below. > > > > On Wed, Oct 5, 2016 at 1:34 PM, Linda Dunbar <linda.dunbar@huawei.com> > wrote: > > Hyoungshick, et al, > > > > How would you position your draft-kim-i2nsf-security-management-architecture-01 > with regard to the I2NSF framework draft? I find there are a lot of > duplicated content to the I2nsf framework draft. > > > > [Paul] We would like to merge our draft into the i2nsf framework draft > > because our draft has one depth more detailed architecture. > > This detailed architecture will be helpful to implement the i2nsf > framework. > > > > > > There are some differences, such as the following: Are you trying to > define how “security policy” is structured? > > > > <image002.png> > > > > [Paul] Our architecture allows an NSF to update a low-level policy and > apply it to the related high-level policy > > via the control path of Security Controller and Policy Collector (renamed > Event Collector in version 02) in Figure 1 > > of our version 02: > > https://tools.ietf.org/html/draft-kim-i2nsf-security- > management-architecture-02 > > > > For example, if an NSF of firewall detects a new DoS-attack host, it > reports the updated blacklist having > > the IP address of such a host to Application Logic in I2NSF Client via > Security Controller and Event Collector. > > Application Logic asks Policy Updater to disseminate the updated > blacklist to the security controllers > > under the administration of the same I2NSF Client. > > > > Will the “High Level security management” eventually lead to Client Facing > Policy data models? > > > > [Paul] Yes, as explained above, the High-level security management leads > to update and handle Client facing policy > > data models. > > > > Do you plan to define interfaces between all those components depicted in > Figure 1? The interfaces between some of those components are not really > in the I2NSF WG current charter, such as “Security Policy Manager” <-> “NSF > Capability Manager”, or the interface between “Application Logic” <-> > “Policy Updater”. > > > > [Paul] Yes, we have a plan to define such interfaces. > > > > > > Are those components in your current implementation? Is it like an > “example of one implementation”? > > > > [Paul] Though those components are not fully implemented yet in our > implementation, my team at SKKU > > will make implement those components in a later version. > > > > Thanks for your clarification questions. > > > > Best Regards, > > Paul > > > > > > > > Thanks, Linda > > > _______________________________________________ > I2nsf mailing list > I2nsf@ietf.org > https://www.ietf.org/mailman/listinfo/i2nsf > > > > > > -- > > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Assistant Professor > Department of Software > Sungkyunkwan University > Office: +82-31-299-4957 > Email: jaehoon.paul@gmail.com, pauljeong@skku.edu > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <http://cpslab.skku.edu/people-jaehoon-jeong.php> > > > > > > -- > > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Assistant Professor > Department of Software > Sungkyunkwan University > Office: +82-31-299-4957 > Email: jaehoon.paul@gmail.com, pauljeong@skku.edu > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <http://cpslab.skku.edu/people-jaehoon-jeong.php> > > _______________________________________________ > I2nsf mailing list > I2nsf@ietf.org > https://www.ietf.org/mailman/listinfo/i2nsf > > > > -- > "Esta vez no fallaremos, Doctor Infierno" > > Dr Diego R. Lopez > Telefonica I+D > http://people.tid.es/diego.lopez/ > > e-mail: diego.r.lopez@telefonica.com > Tel: +34 913 129 041 > Mobile: +34 682 051 091 > ---------------------------------- > > > > > > > > -- > > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Assistant Professor > Department of Software > Sungkyunkwan University > Office: +82-31-299-4957 > Email: jaehoon.paul@gmail.com, pauljeong@skku.edu > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <http://cpslab.skku.edu/people-jaehoon-jeong.php> > -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Assistant Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: jaehoon.paul@gmail.com, pauljeong@skku.edu Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
- [I2nsf] questions about draft-kim-i2nsf-security-… Linda Dunbar
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Linda Dunbar
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Diego R. Lopez
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Rakesh Kumar
- Re: [I2nsf] questions about draft-kim-i2nsf-secur… Mr. Jaehoon Paul Jeong