[I2nsf] Definitions in draft-merged-i2nsf-problem-statement-use-cases-00
Robert Moskowitz <rgm-ietf@htt-consult.com> Fri, 11 December 2015 18:04 UTC
Return-Path: <rgm-ietf@htt-consult.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C39DD1B2DD2 for <i2nsf@ietfa.amsl.com>; Fri, 11 Dec 2015 10:04:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.511
X-Spam-Level:
X-Spam-Status: No, score=-1.511 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ODaTQN-fRJ3b for <i2nsf@ietfa.amsl.com>; Fri, 11 Dec 2015 10:04:29 -0800 (PST)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [50.253.254.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5543B1B2DDA for <i2nsf@ietf.org>; Fri, 11 Dec 2015 10:04:28 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 5FAB1607CA for <i2nsf@ietf.org>; Fri, 11 Dec 2015 13:04:26 -0500 (EST)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ysNtHEBN2KUW for <i2nsf@ietf.org>; Fri, 11 Dec 2015 13:04:22 -0500 (EST)
Received: from lx120e.htt-consult.com (148.sub-70-208-146.myvzw.com [70.208.146.148]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 77E72607C9 for <i2nsf@ietf.org>; Fri, 11 Dec 2015 13:04:21 -0500 (EST)
To: "i2nsf@ietf.org" <i2nsf@ietf.org>
From: Robert Moskowitz <rgm-ietf@htt-consult.com>
Message-ID: <566B1018.2090904@htt-consult.com>
Date: Fri, 11 Dec 2015 13:04:08 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2nsf/Vr5CYUsmIFjVEdHfDirOJBCzQGU>
Subject: [I2nsf] Definitions in draft-merged-i2nsf-problem-statement-use-cases-00
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2015 18:04:31 -0000
I have been working with Sue and Linda on reviewing and cleaning up this ID. I looked at; Network Security Function (NSF): A function which ensures integrity, confidentiality and availability of network communications; detects unwanted activity, blocks or mitigates the effect of such unwanted activity on the network. And I took exception with at least 'ensures'. This is too strong of a statement. Nothing we do with this technology will 'ensure' CIA. First what is 'CIA': Confidentiality by restricting access to the internal assets. Integrity by, (well gee, what IS Integrity)? Integrity by enabling users to trust using their assets. Availablity by blocking attacks that make assets unusable. So first, do we agree what CIA means and that it is important? If so, we might get something like: A function that detects unwanted activity and blocks/mitigates the effect of such unwanted activity in order to support availability of a network. In addition, the NSF helps support communication stream “integrity and confidentiality”. Even this is too self-assured. An NSF detects unwanted activity? Really? It detects what we have so far have classified as unwanted activity. I know that IPS NSF devices are marketed to 'learn' and adapt, but without sophisticated AI, even here there are limits. Perhaps I am too pedantic, but this document includes 'user expectations', and I don't want an expectation of '6 sigmas of detection'. My sixpence worth.
- [I2nsf] Definitions in draft-merged-i2nsf-problem… Robert Moskowitz
- [I2nsf] 答复: Definitions in draft-merged-i2nsf-pro… Xialiang (Frank)
- Re: [I2nsf] Definitions in draft-merged-i2nsf-pro… DIEGO LOPEZ GARCIA