Re: [Nsaas] Comparing NSIS and the work to be done by NSaaS

Melinda Shore <melinda.shore@gmail.com> Sat, 16 August 2014 03:43 UTC

Return-Path: <melinda.shore@gmail.com>
X-Original-To: nsaas@ietfa.amsl.com
Delivered-To: nsaas@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C315E1A6F0C for <nsaas@ietfa.amsl.com>; Fri, 15 Aug 2014 20:43:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yzCECf1jSILP for <nsaas@ietfa.amsl.com>; Fri, 15 Aug 2014 20:43:41 -0700 (PDT)
Received: from mail-pa0-x22e.google.com (mail-pa0-x22e.google.com [IPv6:2607:f8b0:400e:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8EF61A6EE0 for <nsaas@ietf.org>; Fri, 15 Aug 2014 20:43:41 -0700 (PDT)
Received: by mail-pa0-f46.google.com with SMTP id lj1so4506349pab.33 for <nsaas@ietf.org>; Fri, 15 Aug 2014 20:43:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=OSNDp5qu97C+q2/aZKlutpA171c2JVP5fWVM5tUdGO4=; b=uOWFvQYeIhhMcpMu/21sQk8cSrcQnbk+J8OPIDmY7cimeuQ5ths8l/nt5ZjdpTj5YO XmZUeKek7rQMn2P9vgyE7VMmSWwvVh3JrPO1lo+xgqH4ZAh09I0KofSWW6aYHRVqY0OC IxjIsEbjX2caGkghSO5eYM7E1tUeWWWWHXkBEUMmbWDabBRuavC10TK1kWM0q3Qb334+ +2FL7fl2wnIkjuYQHkiJ2fTbpIm60vkqI/u4HoPLZFjzGtrUUFnOt8xMjBnG+JI6W4g2 Yje8RwLXG2u1qjzZwSr+5j8qRy7eRrlWuJXS37FhnXCYL7fGxGoqTysZST32/de8ikMc wHSQ==
X-Received: by 10.66.141.109 with SMTP id rn13mr17752739pab.117.1408160619563; Fri, 15 Aug 2014 20:43:39 -0700 (PDT)
Received: from spandex.local (209-193-57-253-rb1.fai.dsl.dynamic.acsalaska.net. [209.193.57.253]) by mx.google.com with ESMTPSA id br1sm9397166pbc.6.2014.08.15.20.43.38 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 15 Aug 2014 20:43:38 -0700 (PDT)
Message-ID: <53EED368.20305@gmail.com>
Date: Fri, 15 Aug 2014 19:43:36 -0800
From: Melinda Shore <melinda.shore@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: Linda Dunbar <linda.dunbar@huawei.com>, "nsaas@ietf.org" <nsaas@ietf.org>
References: <53E97DB5.3040106@gmail.com> <B0D29E0424F2DE47A0B36779EC666779661978DE@nkgeml501-mbs.china.huawei.com> <53E98377.1030902@gmail.com> <4A95BA014132FF49AE685FAB4B9F17F645DB236D@dfweml701-chm.china.huawei.com> <53EA3EBE.50200@gmail.com> <4A95BA014132FF49AE685FAB4B9F17F645DB2420@dfweml701-chm.china.huawei.com> <53EA4704.2090401@gmail.com> <4A95BA014132FF49AE685FAB4B9F17F645DB5514@dfweml701-chm.china.huawei.com>
In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F645DB5514@dfweml701-chm.china.huawei.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/nsaas/Bi6MQvz6LGINh_ppijoP4bCOoMY
Subject: Re: [Nsaas] Comparing NSIS and the work to be done by NSaaS
X-BeenThere: nsaas@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*NSaaS: Network Security as a Service mailing list*" <nsaas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nsaas>, <mailto:nsaas-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nsaas/>
List-Post: <mailto:nsaas@ietf.org>
List-Help: <mailto:nsaas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nsaas>, <mailto:nsaas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Aug 2014 03:43:42 -0000

On 8/15/14 1:19 PM, Linda Dunbar wrote:
> - Differences between NSIS and NSaaS:

I think the most salient issue is that because NSIS is
path-coupled, it's possible to message every participating
device along a path without having to know its location, or
its location relative to other devices (this is particularly
a pressing issue when you've got one or more NATs present
in the network, or when trying to locate appropriate tunnel
endpoints).  NSIS provides a signaling *model* that
may or may not be useful.  I'd say that industry did not
find it useful except that other security device signaling models
haven't been implemented and deployed, either, so the issue
appears to be with the general class of solution rather than
with this individual, particular solution.


Getting these questions answered is not a hoop to jump through,
but rather, I think, a very serious issue with the work going
forward.

Melinda