[LOOPS] Charter github issue #1: security, management, operations
Carsten Bormann <cabo@tzi.org> Tue, 07 July 2020 06:34 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: loops@ietfa.amsl.com
Delivered-To: loops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E57363A0796 for <loops@ietfa.amsl.com>; Mon, 6 Jul 2020 23:34:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KGnVZ42vN_ms for <loops@ietfa.amsl.com>; Mon, 6 Jul 2020 23:34:21 -0700 (PDT)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E61B3A0798 for <loops@ietf.org>; Mon, 6 Jul 2020 23:34:21 -0700 (PDT)
Received: from [192.168.217.116] (p5089ae91.dip0.t-ipconnect.de [80.137.174.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4B1CMV4Zl6zyhc; Tue, 7 Jul 2020 08:34:14 +0200 (CEST)
From: Carsten Bormann <cabo@tzi.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mao-Original-Outgoing-Id: 615796453.940527-9173ecfecc3558ef88100bdb0ebd5dff
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Tue, 07 Jul 2020 08:34:14 +0200
Message-Id: <94A53546-8D02-419B-9EE5-98CF5E716E73@tzi.org>
To: loops <loops@ietf.org>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/loops/SFJRmNwn5ZqUwyOCC8LAhE2a32g>
Subject: [LOOPS] Charter github issue #1: security, management, operations
X-BeenThere: loops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Local Optimizations on Path Segments <loops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/loops>, <mailto:loops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/loops/>
List-Post: <mailto:loops@ietf.org>
List-Help: <mailto:loops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/loops>, <mailto:loops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2020 06:34:24 -0000
In charter github issue #1 <https://github.com/loops-wg/charter/issues/1>, cabo writes: » Either in the charter proposal itself or in the discussion below, we should say more about security, management, and operations of a LOOPS tunnel (comment from Colin Perkins). draft-ietf-tsvwg-transport-encrypt-05 might inform us here with some of the issues to be addressed. A separate deliverable could expand on this, but we wouldn’t want to ship the initial one (information model/protocol) without some thinking about this, so I'm not sure such a deliverable should be called out separately. We would like to keep the “orchestrator” that sets up LOOPS segments as out of scope, though; this would likely be some form of SDN controller for the overlay that we don’t have to standardize to make LOOPS work. (Or maybe we want to standardize some form of it later [as a YANG model?].) « Liyizhou writes: » ACL can be used to direct traffic to LOOPS-enalbed tunnel. I think it is very reasonable to keep the “orchestrator” stuff out of scope. The “orchestrator” usually does more work besides LOOPS enablement. It is also responsible for path selection in our demo system. Hard to peel LOOPS alone from the whole orchestrator. So it is not necessary to standardize the LOOPS setup part. I do not think YANG model needs to be included right now. It looks the LOOPS setup now can be a simple KV configuration file, for example, initial PSN, recovery mode (rtx/fec), no complex structure is required. « I added a sentence about such a K/V configuration data set in: https://github.com/loops-wg/charter/pull/10 Does the charter need any more details on this? (E.g., do we need to explain how such a configuration protocol could be secure?) Grüße, Carsten
- [LOOPS] Charter github issue #1: security, manage… Carsten Bormann
- Re: [LOOPS] Charter github issue #1: security, ma… mohamed.boucadair
- [LOOPS] Remaining issues (Re: Charter github issu… Carsten Bormann
- Re: [LOOPS] Remaining issues (Re: Charter github … mohamed.boucadair