Re: [I2nsf] Last Call: <draft-ietf-i2nsf-consumer-facing-interface-dm-26.txt> (I2NSF Consumer-Facing Interface YANG Data Model) to Proposed Standard
tom petch <daedulus@btconnect.com> Fri, 17 March 2023 15:53 UTC
Return-Path: <daedulus@btconnect.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86925C15152E; Fri, 17 Mar 2023 08:53:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xfVfSEsiOLqD; Fri, 17 Mar 2023 08:53:27 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on0710.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0d::710]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A2F9C14F747; Fri, 17 Mar 2023 08:53:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IyQawFRoqSeWY6Sw0zSSNAAWp/+/2/QXKHMGUf40RcsXNpOGh2AfekfHPTtO2heT36vrosdJRYUiyuyVygiVuOQpcdW4qQjKYCOEU2LSUPU4ChDrgf5ifdzdXJ0xXln2vO2NF7D6vbmAzHfvgjxsA0X+MgG+bHI3G38OHb8ASUj4Qdx/alFKsgiOIynTKj4bfsUFBdFbEji+1PsnbkkXSYLo/rQV6dwe9fmVaRr1mboSkbtoaU4oT2sPC+DopLdUsLH+jya8nOdyDBa68ZDBeXRaUwxCO7g5A6k9a5gpOBsli+Yc0hLlm+qlZDhO7zkWxpjE3bLZVVlD8z5JlghIxA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Vp5stTYpFHsyEHflfsRQi2rNtghjs9PqdF6rdWqOHdY=; b=M8obnNYgyYpli+JrdjUl5TyXJGCWqJKWPGW3tC2wtzBlYAIPT4Xxi6pUGBTsrEbiFNVEqxcT/qfcurI34m3DFnwOkaP4ZICtzawGvbmC3f++XHyZLTpxu5tg0k4NPLMPxkLV9FRKWdEVWBqbnQqhg+bRFnahXc2cR/sy058mnBUZG6BL89cL6Yuqf41WxmlTBvhUDFTNF7Y+r9tEisDrEdb+VH7Zh0N5obbzn2iOiu0n5WGsmUGFG/sIOiB93dQkUJNsr0manVdnnfBiedoESiUPEbDTibGZlE10kj2vLiBYNeYtXPm6tUUIUbFRdyKtTmo93hHd0vyNuZQLRKHdsQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Vp5stTYpFHsyEHflfsRQi2rNtghjs9PqdF6rdWqOHdY=; b=itnUev+dKuqOw3xAhZwqsXLheeX8tvhYuZmO5Hahd8tBpGDLlKq+FkiAd/fs9WGXoyZoqVJcGeAwhSdx9s6oO6OtQ0Pia7VICjkYQsleiAB1XlBAGXE5H96QfE498KDIHXcfrhnrveLXBrR6axc/j6aDLeqlQc+PGkOD5ZUkN+k=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8) by AS8PR07MB7544.eurprd07.prod.outlook.com (2603:10a6:20b:2a0::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.31; Fri, 17 Mar 2023 15:53:22 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::348f:6b54:d02b:73c8]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::348f:6b54:d02b:73c8%9]) with mapi id 15.20.6178.033; Fri, 17 Mar 2023 15:53:22 +0000
To: last-call@ietf.org
References: <167776657629.1288.3165560369520228066@ietfa.amsl.com> <6411ACDE.2030202@btconnect.com>
Cc: draft-ietf-i2nsf-consumer-facing-interface-dm@ietf.org, dunbar.ll@gmail.com, i2nsf-chairs@ietf.org, i2nsf@ietf.org, rdd@cert.org
From: tom petch <daedulus@btconnect.com>
Message-ID: <64148C8A.10505@btconnect.com>
Date: Fri, 17 Mar 2023 15:51:38 +0000
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <6411ACDE.2030202@btconnect.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: LO4P123CA0399.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:189::8) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: VI1PR07MB6704:EE_|AS8PR07MB7544:EE_
X-MS-Office365-Filtering-Correlation-Id: daab3785-5bab-4e52-bb27-08db26ffbc97
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: mIKUbr+5votSRN55vz5wxWBxDY7Z8GLpUrsxMGHvALbrD8xZkBZuHe1wJ7/va8zsyWt2U/QtYoO1cjD+XqTfkzVqm+5lZeY9dfeGORA3yBnXTQHkDwJbopGKeqH1/AOtuRYk1427y7SHTDJ8UC8+vsMf2Z89vbMCr6MdSpGJ9O9oRiruSu14sXKYvtnWNPX2F65nQfutNzcikIPYpoBMFpTzTSPHuaKE+kDHU1yS0+K2WuLb3cb0if4b6XqXPda0jLg75oqH5PEccpoCQa3p1IyFOVpKVjc4J3ziuGYg2p2ygrOSloyV5xIoppg17l/W7J1FvFODGa3bQhwTNRg/X9+qlTtUbNFTcfDImxctBJnbRuMEKr5ff/935JYgaXOb+fOqI4KNZ6eulCbtd4W0bVkjdXVfXVV+AQKdVYfvWk/U73gFnosL9AG8OrbFcfeCx7p6uk8bb/jxFTvppSl61SeVJkpCk2CwgNsqc7Lp5QVZtceoNqGNJ5tFr+U373URSVxdMiCMiw3sPQp6DDyxGTN7/8DYXl6lGIaDJKnWXgqRJdFU0oX9HZj5RHa8XTr37KHq0U3Nw0keC/X/6OyxZXUT/7N5wtUrOetV89QxAWtOX0OkYF8kVKULrPbM6WTj84/wNy4ARZ+DUb0a0DHNfVNSpYm2jirwdlpD7bYHvnIAsPlB+zttHk7makbv7zZiw3Zr12dYtbhLYJ23Aq3f+RWHMshb2S5gSIS01075tMa4UcVSmzXMZzRCreNZTJI2
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(39860400002)(346002)(396003)(366004)(136003)(376002)(451199018)(2616005)(66574015)(83380400001)(86362001)(316002)(26005)(966005)(478600001)(6512007)(52116002)(6666004)(186003)(6506007)(33656002)(6486002)(82960400001)(38350700002)(38100700002)(36756003)(5660300002)(66946007)(4326008)(2906002)(66556008)(8676002)(53546011)(66476007)(6916009)(41300700001)(8936002)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: Bb5rPHVWYZsyr/D3tHVACxzasKehIsU1Az+3QKjm9WeFdMnredJexVhnnup7e1a6p5nhSuMOJv7fyabGdNEqFBswGA1fv8uZtRdhKxkBxHf9jNJMiszR5wRYD/DjQo60daUvm5QWCsPUT2aBziI13KZ30pcDTve3+/0ur1I1PpcW4NVfdTOlQonhNuQLTXe4S2m00lgCil6FpxgBWoeNEJsp2oXGhpE8CHiE4l4B1xbUDiFN2Ec+NGAwOVXA2sjpGXzncnhJzWF69kjJa1a02otchleVHGm0wrrsPBCaUcf6I+0o7w0vDfZDTmH8RzjYR/oiJTMySsQhY0apCsx0RcnZCIsAbU+bx2AdJ54Xj8kZVmBVDNX00BBueDM+ZxdR3tj9yLn+KlWRtbHZi7ec9GZz5NWRzVJkkqCm8u/eSrXxeBHbxoCX/7FzR/QhxFdiInJtAwoXaIyQZ3T/yy0U7FoqBO0fmsFQ3fSzsbcYTvQ0B2xGJGHtVsWc/cfQl2WUmlP/c5Y7uv4CgXQBYDS87ifdsH0h81vjg8P+bdzKJBz/e5noxMvj7eYl1wQcD8GLjXp526Cs44+hzU/eozFvGeXpQN8xs0HsbUenXan9NfbaROCdw/0a7U4dcWH4s7u3+wghX8BDXUel5YyMUsAoE2U4KmVl1rzpMPH874xnTY2KsJ6pX6oEb8OuECpo1PXyZ17DmxaS0zUlNrwa0/x+V2gt7y0vPXJ7Jolqt1et1ky4A/IRvUS1glukCXZwKNSsZVP5U1o5/S4vAjB/DB1kd+E7gYeYBycMZ3GeezptaBhODw/mNf97ig65aip8jLnbD66s+YofdvL+8wRrojgrD1Ik/fuvBqLAPqzFVSzJqbjocDvS8WGpLUPhzv+cDYeoMssKw+xeKNgslZfaRfJ10Ze9ftkH00WPaSXc/ko/pOM/AAgmBROW/Uxj5JJEqJExGj7pWUlnlcr8ht7bAL4VY4w6uR89CTkXQI0bOlpHpe3UuODYcsO3Lu0TJrhQg76vk45mg3UIfAvlgtpyWGBTs0or/noz+dSP1BooDX2rXrhL1vN6jFP1GYqmUUD1xYyOiYrIfaT5gWYPBAwnhK8oPYTFl8aWBIe5GKxwhoIgK2cQBNmQYLM43GqIUcylbXBOFPqOGx33m1W2mUFdIO+AQdFVjn6gzTq4GgfXyCsa3Y4F1BuT5n/E7iiSomgiFgTeCcIu6nX2skh1L5VY3CRik09Q/OYJRJL3EZMVVnDHZPiNaHT/Oo+ZvdVTDYcAvLw5gelVUTyXg3z5xrBgvh5PJPKEa+lodhS5jc1fTuf3MB5cYzHOXuOTyh521KC5pVUBsN5wl/fK5AhwjATEk/80EPNYhJu44E1QoWfDTp6BiUUd2cqgOkrMjARKbv8VYFg6dmnuK1FbdnX/McOkGvnSktvzpRCqD9S1seSKoHXQNTtrXcVYgTYK/E3wHBfIGbl8p+wUoA7heUkj/lKidqcVesRdBU7yyHHQ8oIkzhp86wK+zhABsUsMabh0j2oKit8miiUDrcFKIC/T/bm5ak4BSlCjeLABcKLIQAonGOx5oPqIpO7SBfs571DDhGOahiEangOv3TQPIDueWWGeVaQqGA==
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: daab3785-5bab-4e52-bb27-08db26ffbc97
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Mar 2023 15:53:22.7507 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: y3lEwY/uWyA71tyOmfkLpTB1BU6lQJ5m3P+K5WuWNzxGyBt7GgeihbJ4QAoB7NMJpgPtDB8ebmQ0jW1cZCRryA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR07MB7544
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/dXRPE1avkmsk-go8leve32KnEhQ>
Subject: Re: [I2nsf] Last Call: <draft-ietf-i2nsf-consumer-facing-interface-dm-26.txt> (I2NSF Consumer-Facing Interface YANG Data Model) to Proposed Standard
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Mar 2023 15:53:29 -0000
On 15/03/2023 11:32, tom petch wrote:
> On 02/03/2023 14:16, The IESG wrote:
>>
>> The IESG has received a request from the Interface to Network Security
>> Functions WG (i2nsf) to consider the following document: - 'I2NSF
>> Consumer-Facing Interface YANG Data Model'
>> <draft-ietf-i2nsf-consumer-facing-interface-dm-26.txt> as Proposed
>> Standard
Belatedly I notice another area of divergence which makes the set of
documents incoherent and that is with threats.
This I-D uses 'ioc' as a basis' from which is derived
identity stix {
identity misp {
identity openioc {
identity iodef {
Earlier versions used threaat feed with
identity signature-yara {
identity signature-snort {
identity signature-suricata {
and the capability I-D, with the RFC Editor, has
identity content-security-control {
from which are derived
identity ips {
identity anti-virus {
which give rise to
identity signature-set {
identity exception-signature {
and
identity detect {
identity exception-files {
I am unclear how the capabilities which can be configured in this I-D
are specified with the YANG identity of the capability I-D. A sentence
or two in this I-D explaining the relationship might clarify.
Tom Petch
> This is one of a set of seven or so documents, one of which (framework)
> made RFC8329 six years ago, the others are waiting on MISSREF and then
> there is this one. It would be good to get these out as RFC.
>
> A problem I have seen with them is ideas changing with them, evolving,
> so that the I-D are out of step. As this is the last, this might be the
> place to address this.
>
> I have not had time, in the tsunami of I-D prior to IETF submission
> cut-off, to review this thoroughly but do see a divergence in the
> treatment of location. This used to be geo-ip, RFC8179, as is mentioned
> in RFC8329 and that is still referenced in e.g. nsf-facing. This I-D
> now uses country/region/city which is fine except for documents like
> 'capability' in the RFC-Editor Q which references RFC8179. The
> technically correct solution might be to update 'capability' etc but I
> think that the time for that is past. I put in some effort a few years
> ago to get them in line but no sooner had I done so than they diverged
> again after comments by other reviewers so I think that keeping them in
> line is a never ending task.
>
> What this I-D perhaps could do is to mention this divergence in
> treatment. I will look some more to see where else they have diverged
> but not before the end of thie Last Call.
>
> In passing, I note that the SIP example uses what might be genuine
> addresses.
>
> Tom Petch
>
>> The IESG plans to make a decision in the next few weeks, and solicits
>> final
>> comments on this action. Please send substantive comments to the
>> last-call@ietf.org mailing lists by 2023-03-16. Exceptionally,
>> comments may
>> be sent to iesg@ietf.org instead. In either case, please retain the
>> beginning
>> of the Subject line to allow automated sorting.
>>
>> Abstract
>>
>>
>> This document describes an information model and the corresponding
>> YANG data model for the Consumer-Facing Interface of the Security
>> Controller in an Interface to Network Security Functions (I2NSF)
>> system in a Network Functions Virtualization (NFV) environment. The
>> information model defines various types of managed objects and the
>> relationship among them needed to build the flow policies from users'
>> perspective. This information model is based on the "Event-
>> Condition-Action" (ECA) policy model defined by a capability
>> information model for I2NSF, and the YANG data model is defined for
>> enabling different users of a given I2NSF system to define, manage,
>> and monitor flow policies within an administrative domain (e.g., user
>> group).
>>
>>
>>
>>
>> The file can be obtained via
>> https://datatracker.ietf.org/doc/draft-ietf-i2nsf-consumer-facing-interface-dm/
>>
>>
>>
>> The following IPR Declarations may be related to this I-D:
>>
>> https://datatracker.ietf.org/ipr/3554/
>> https://datatracker.ietf.org/ipr/3604/
>> https://datatracker.ietf.org/ipr/5749/
>> https://datatracker.ietf.org/ipr/5694/
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> IETF-Announce mailing list
>> IETF-Announce@ietf.org
>> https://www.ietf.org/mailman/listinfo/ietf-announce
>> .
>>
- [I2nsf] Last Call: <draft-ietf-i2nsf-consumer-fac… The IESG
- Re: [I2nsf] Last Call: <draft-ietf-i2nsf-consumer… tom petch
- Re: [I2nsf] Last Call: <draft-ietf-i2nsf-consumer… tom petch
- Re: [I2nsf] Last Call: <draft-ietf-i2nsf-consumer… Mr. Jaehoon Paul Jeong