Re: [Nsaas] Comparing NSIS and the work to be done by NSaaS

Melinda Shore <> Sat, 16 August 2014 03:43 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C315E1A6F0C for <>; Fri, 15 Aug 2014 20:43:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yzCECf1jSILP for <>; Fri, 15 Aug 2014 20:43:41 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A8EF61A6EE0 for <>; Fri, 15 Aug 2014 20:43:41 -0700 (PDT)
Received: by with SMTP id lj1so4506349pab.33 for <>; Fri, 15 Aug 2014 20:43:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=OSNDp5qu97C+q2/aZKlutpA171c2JVP5fWVM5tUdGO4=; b=uOWFvQYeIhhMcpMu/21sQk8cSrcQnbk+J8OPIDmY7cimeuQ5ths8l/nt5ZjdpTj5YO XmZUeKek7rQMn2P9vgyE7VMmSWwvVh3JrPO1lo+xgqH4ZAh09I0KofSWW6aYHRVqY0OC IxjIsEbjX2caGkghSO5eYM7E1tUeWWWWHXkBEUMmbWDabBRuavC10TK1kWM0q3Qb334+ +2FL7fl2wnIkjuYQHkiJ2fTbpIm60vkqI/u4HoPLZFjzGtrUUFnOt8xMjBnG+JI6W4g2 Yje8RwLXG2u1qjzZwSr+5j8qRy7eRrlWuJXS37FhnXCYL7fGxGoqTysZST32/de8ikMc wHSQ==
X-Received: by with SMTP id rn13mr17752739pab.117.1408160619563; Fri, 15 Aug 2014 20:43:39 -0700 (PDT)
Received: from spandex.local ( []) by with ESMTPSA id br1sm9397166pbc.6.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 15 Aug 2014 20:43:38 -0700 (PDT)
Message-ID: <>
Date: Fri, 15 Aug 2014 19:43:36 -0800
From: Melinda Shore <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Linda Dunbar <>, "" <>
References: <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Nsaas] Comparing NSIS and the work to be done by NSaaS
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*NSaaS: Network Security as a Service mailing list*" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 16 Aug 2014 03:43:42 -0000

On 8/15/14 1:19 PM, Linda Dunbar wrote:
> - Differences between NSIS and NSaaS:

I think the most salient issue is that because NSIS is
path-coupled, it's possible to message every participating
device along a path without having to know its location, or
its location relative to other devices (this is particularly
a pressing issue when you've got one or more NATs present
in the network, or when trying to locate appropriate tunnel
endpoints).  NSIS provides a signaling *model* that
may or may not be useful.  I'd say that industry did not
find it useful except that other security device signaling models
haven't been implemented and deployed, either, so the issue
appears to be with the general class of solution rather than
with this individual, particular solution.

Getting these questions answered is not a hoop to jump through,
but rather, I think, a very serious issue with the work going