Re: [I2nsf] AD Review of draft-ietf-i2nsf-capability-data-model-05

"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Mon, 13 July 2020 13:04 UTC

Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3455B3A1187 for <i2nsf@ietfa.amsl.com>; Mon, 13 Jul 2020 06:04:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HK_NAME_FM_MR_MRS=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FREEMAIL_DOC_PDF=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Q2ibvUUnX3a for <i2nsf@ietfa.amsl.com>; Mon, 13 Jul 2020 06:04:43 -0700 (PDT)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E6833A0C88 for <i2nsf@ietf.org>; Mon, 13 Jul 2020 06:04:39 -0700 (PDT)
Received: by mail-lj1-x235.google.com with SMTP id d17so17708513ljl.3 for <i2nsf@ietf.org>; Mon, 13 Jul 2020 06:04:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vmWR7fGQl3SJo3s2wSD6xGzdLeh/gUx6t62qA1arwpo=; b=RC4txjH7cz96aHD2GtL8DN8cDYxVd37OEHKkILrdIfqv0wjb8gKd16WbR6yoCQE7UE 9Ua2UjRxMaXTxCuNXR6AuuN+K+zhm9T8jAc4s1/mD0sNttYCGG+OIBYxUBYazX/mFBbf 919FI3vcJ1o/8lDnSC9i+D2XepzzBe4E+yHYOfEuKmFKJyken7UQ5P3dXGbrsSLChU0C 5JtAqD8d7DJkMq6WLF2XeDKMQorwFBFeEmwzVgJP98bh89iFeqPN6AHWhsLh2UuxH3kx IHomJY2teGPFrnPX4zrm90AiTHfas3b5AEVgdscEJlyPq6n82aYzn8Iw+4Ur7Gp9UqWk 7Eag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vmWR7fGQl3SJo3s2wSD6xGzdLeh/gUx6t62qA1arwpo=; b=n82/UdPrtCTSCVlcPkuCa77AN0S8GA4sz8H7HMExByY5wJCXtM4VnBn/1eYXgrqL7v sjF6AmAOSRxJfkiglTI0TOLz6Bqr56e/EbvAdFM8lJHhtDyjfmQf/oo4miSVMRhMvTAA SjgaxjBfvkMiyC0U/T38FqS5LZPaqzb+VXSjEpwM+PfpDamMRuLuGVuHND5GPuZCg6in HctXgoTadK6UXHTJJhkbCQU1AuuI/CuU+jfwVkZJQL868drwgFAqeuaRQ08WVrjybzIc WO6SzRADXxsn08Eo99wr+imgCsntySwIzIajGdWT6W0xieUKHcKYbOS4kwzCjvcjiUEB bXKA==
X-Gm-Message-State: AOAM532nUB+YQTilV93A2TQiOCX3ZJkl7hCtvzuLhdrFg+Nk53ov7Deo gvCHWE6wWjhOhfhg2RYSoD+ocnYhlqTbrWyVxQk=
X-Google-Smtp-Source: ABdhPJxs1267gaac4omtuT/r+SAqOo4t+u1yLmXSkGLTNwR/w+OipBJiVMrvjJjsh9agDbFXkRDtnziyrMI9eEiUA2g=
X-Received: by 2002:a2e:8992:: with SMTP id c18mr40671321lji.388.1594645476351; Mon, 13 Jul 2020 06:04:36 -0700 (PDT)
MIME-Version: 1.0
References: <475d6c2be4a7447dba48a4529451b72f@cert.org>
In-Reply-To: <475d6c2be4a7447dba48a4529451b72f@cert.org>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Mon, 13 Jul 2020 22:03:59 +0900
Message-ID: <CAPK2DezkJL3tVnT=3TVwWbjaqAbRDK_vs5SY3ueX=VKf3x0zFw@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>, Susan Hares <shares@ndzh.com>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Content-Type: multipart/mixed; boundary="00000000000029481105aa5255d9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/s-hR_RFBo8X4FVaN60wMxX36F28>
Subject: Re: [I2nsf] AD Review of draft-ietf-i2nsf-capability-data-model-05
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2020 13:04:47 -0000

Hi Roman,
I (as an editor) have revised the I2NSF Capability Data Model Draft and
posted it into the IETF repository:
https://tools.ietf.org/html/draft-ietf-i2nsf-capability-data-model-06

Here is the revision letter to explain how to address your comments.
If you are satisfied with this revision, could you move this draft to the
IESG evaluation?

Thanks for your valuable comments and help.

Best Regards,
Paul
  --
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Associate Professor
Department of Computer Science and Engineering
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.paul@gmail.com, pauljeong@skku.edu
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php
<http://cpslab.skku.edu/people-jaehoon-jeong.php>

On Wed, May 13, 2020 at 7:11 AM Roman Danyliw <rdd@cert.org> wrote:

> Hi!
>
> I conducted an AD review of draft-ietf-i2nsf-capability-data-model-05.
> Thanks for the work in getting this document written.  My most significant
> items are around aligning of the text in Section 4 with RFC8329 and the
> dependency on draft-dong-i2nsf-asf-config-01.  My detailed feedback is
> below.
>
> (1)     IDNits returned the following valid comment about references (many
> of the issue is noted were in the YANG module)
>   == Missing Reference: 'RFC3688' is mentioned on line 1764, but not
> defined
>
> (2)     Section 1.  Typo. s/[draft-ietf-i2nsf-capability]../
> [draft-ietf-i2nsf-capability]./
>
> (3)     Section 3.  Is there a reason to rely on two expired drafts for
> terminology -- [draft-ietf-i2nsf-terminology] and
> [draft-ietf-supa-generic-policy-info-model]?  In particular, couldn't
> RFC3444 provide the needed definitions of data and information models?
>
> (4)     Section 4.  I would have expected somewhere in this overview
> section an explicit enumeration of which I2NSF interfaces use this YANG
> module.
>
> (5)     Section 4.  Per "Figure 1 shows the capabilities of NSFs in I2NSF
> Framework."
> -- Thanks for reusing the diagram from RFC8329 and annotating it with more
> detail.  It helps connect the documents
> -- It wasn't clear to me where the "capabilities" are on the diagram
> -- Is all of the detail under the NSFs (i.e., E, C and A) needed in the
> diagram?  Text doesn't explain it or reference it.  If kept, it should be
> explained and E, C and A should be defined (i.e., saying these correspond
> to Event, Condition and Action)
>
> (6)     Global.  Editorial. Is there a reason to abbreviate "Mgmt" in
> "Developer's Mgmt System in the text?  Recommend s/Developer's Mgmt
> System/Developer's Management System/g
>
> (7)     Section 4.  Per "To register NSFs in this way, the Developer's
> Mgmt System utilizes this standardized capabilities YANG data model through
> its registration interface.", this confused me a bit.  Doesn't the
> Developer Management System use the model described in
> draft-ietf-i2nsf-registration-interface-dm for registration?
>
> (8)     Section 4.  Editorial. Per "... those security devices can be
> easily managed, ...", I might have used "more easily managed".
>
> (9)     Section 4.  Per "The use cases are described below.", where are
> those use cases described?  Is this text a reference to the "Configuration
> Examples" in Appendix A?
>
> (10)     Section 4.  Per "Note that the NSF-Facing Interface ... and the
> NSF Monitoring Interface is used to ...", does this text need additional
> precision based on the definitions in RFC8329.  Per RFC8329, the
> "NSF-Facing Interfaces" consists of the "NSF Operational and Administrative
> Interface" and a "Monitoring Interface". If draft-dong-i2nsf-asf-config is
> on the "Monitoring Interface", on which "sub-interface" of the "NSF-Facing
> Interface" does draft-ietf-i2nsf-nsf-facing-interface-dm belong?
>
> (11)     Figure 1.  Editorial Nit.  Is there are reason that the
> Registration interface has a bidirectional arrow between the network
> operator management system and the developer management system, but the
> there is no directionality on the consumer or NSF facing interface?
>
> (12)     Section 4.  The bulleted list under Figure 1 is helpful in
> describing Figure 1.  However, I'd recommend explicitly saying this is an
> example.  Explain the use case up front and then narrate the flow clearly
> delineating what is in and out of scope of I2NSF.  IMO, the text describes
> a number of internal processing functions which are in scope for
> standardization - please let me know if I'm reading it wrong.
>
> (13)    Section 4.  Per "If network manager wants to block malicious users
> with IPv6, the network manager sends the security policy rules to block the
> users to the Network Operator Mgmt System using I2NSF user ....", can you
> please clarify "malicious users with IPv6"; is the intent that the network
> manager is concerned about malicious IPv6 traffic?
>
> (14)    Section 4.  Bullet 1 under Figure 1.  Per "a web browser or a
> software", what's the difference between a browser and software?
>
> (15)    Section 4.  Editorial.  Per the second bullet under Figure 1, "If
> NSFs encounter the malicious packets, it is a tremendous burden for the
> network manager to apply the rule to block the malicious packets to NSFs
> one-by-one.  This problem can be resolved by managing the capabilities of
> NSFs.", delete this text.  It is a duplicate of what was stated in the
> first bullet.
>
> (16)    Section 4.  Per the paragraph, "If NSFs encounter the suspicious
> IPv4 packets, they can ask the Network Operator Mgmt System for information
> about the suspicious IPv4 packets in order to alter specific rules and/or
> configurations.  When the Network ...", how much of that signaling is in
> scope for I2NSF?
>
> (17)    Section 4.  Typo. s/suspiciou/suspicious/
>
> (18)    Section 5.1. Editorial.  s/The model includes NSF capabilities/The
> model describes NSF capabilities/
>
> (19)    Section 5.1. Editorial. "specify" is used twice in the sentence.
> OLD
> Time capabilities are used to specify the capabilities to specify when to
> execute the I2NSF policy rule.
> NEW
> Time capabilities are used to specify the capabilities which describe when
> to execute the I2NSF policy rule.
>
> (20)    Section 5.1. Editorial.  This sentence didn't parse for me.  The
> second contains duplicate text.
> OLD
> Event capabilities are used to specify capabilities how to trigger the
> evaluation of the condition clause of the I2NSF Policy Rule.  The defined
> event capabilities are defined as system event and system alarm.
> NEW
> Event capabilities are used to specify the capabilities that describe the
> event that would trigger the evaluation of the condition clause of the
> I2NSF Policy Rule.  The defined event capabilities are system event and
> system alarm.
>
> (21)    Section 5.1.  A number of capabilities note that they can be
> extended which is a helpful feature.  For example, "The condition
> capability can be extended according to specific vendor condition
> features."  However, where is the guidance on doing that?  Likewise, it
> might not be necessary to repeat this statement five times if the extension
> mechanism is the same.
>
> (22)    Section 5.1.  A number of the described capability types state
> that they are described in detail in draft-ietf-i2nsf-capability.  For
> example, "The condition capability is described in detail in
> [draft-ietf-i2nsf-capability]."  I had difficulty locating which specific
> section to review.  Also, for the default action capabilities, no described
> of "pass, drop .. mirror" was found in draft-ietf-i2nsf-capability.  Please
> provide a specific section number for the event, condition, action,
> resolution strategy and default action in draft-ietf-i2nsf-capability.
>
> (23)    Section 5.1.  Editorial.  These sentences didn't parse for me.
> OLD
> Action capabilities are used to specify capabilities of how to control and
> monitor aspects of flow-based NSFs when the event and condition clauses are
> satisfied.
> NEW
> Action capabilities are used to specify the capabilities that describe the
> control and monitoring aspects of flow-based NSFs when the event and
> condition clauses are satisfied.
>
> OLD
> Resolution strategy capabilities are used to specify capabilities of how
> to resolve conflicts that occur between the actions of the same or
> different policy rules that are matched and contained in this particular
> NSF.
> NEW
> Resolution strategy capabilities are used to specify the capabilities that
> describe conflicts that occur between the actions of the same or different
> policy rules that are matched and contained in this particular NSF.
>
> OLD
> Default action capabilities are used to specify capabilities of how to
> execute I2NSF policy rules when no rule matches a packet.
> NEW
> Default action capabilities are used to specify the capabilities that
> describe how to execute I2NSF policy rules when no rule matches a packet.
>
>
> (24)    Section 6.1.  Update the copyright date and revision date to be in
> 2020.
>
> (25)    Section 6.1.  Given that draft-ietf-i2nf-monitoring-data-model is
> referenced in the YANG model for event and system alarm, please make it a
> normative reference.
>
> (26)    Section 6.1. identity ingress/egress-action-capability.  I found
> draft-ietf-i2nsf-capability-04 to be an unexpected reference.  There is no
> mention of ingress or egress in that document.
>
> (27)    Section 6.1. identity pass, drop, reject, alert, mirror.  I found
> draft-ietf-i2nsf-capability-04 to be an unexpected reference.  There is no
> mention of pass, drop, reject, alert or mirror in that document.
>
> (28)    Section 6.1.  In the advanced-nsf-capability section, there are
> multiple normative references to draft-dong-i2nsf-asf-config-01, an
> expired, individual draft.  Additionally, Section 4 notes how it supports
> the advanced capabilities. This draft is a substantial portion of the YANG
> module added in -03.  What's the plan on resolving this dependency?
>
> (29)    Section 6.1. Typo. s/Funtion/Function/
>
> (30)    Section 6.1.  The list of references in generic-nsf-capabilities
> don't line up with those in the child leaflist(s).  For example, RFC 792 is
> mentioned in the top level reference list but not in any of the child
> leaflist (specifically not in leaf-list icmp-capability)
>
> (31)    Section 6.1. Typo. s/smae/same/
>
> (32)    Section 8.  A few clarifying updates to the template:
> OLD
> These data nodes may be considered sensitive or vulnerable in some network
> environments.  Write operations (e.g., edit-config) to these data nodes
> without proper protection can have a negative effect on network operations.
> ietf-i2nsf-capability: The attacker may provide incorrect information of
> the security capability of any target NSF by illegally modifying this.
>
> NEW
> These data nodes may be considered sensitive or vulnerable in some network
> environments.  Write operations to these data nodes could have a negative
> effect on network and security operations.
> ietf-i2nsf-capability: An attacker could alter the security capabilities
> associated with an NSF whereby disabling or enabling the evasion of
> security mitigations.
>
> OLD
> ietf-i2nsf-capability: The attacker may gather the security capability
> information of any target NSF and misuse the information for subsequent
> attacks.
> NEW
> ietf-i2nsf-capability: An attacker could gather the security capability
> information of any NSF and use this information to evade detection or
> filtering.
>
> Regards,
> Roman
>
> _______________________________________________
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
>