Re: [savi] SAVI FCFS & Logging
Jean-Michel Combes <jeanmichel.combes@gmail.com> Tue, 05 April 2011 15:42 UTC
Return-Path: <jeanmichel.combes@gmail.com>
X-Original-To: savi@core3.amsl.com
Delivered-To: savi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 785A83A6959 for <savi@core3.amsl.com>; Tue, 5 Apr 2011 08:42:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.305
X-Spam-Level:
X-Spam-Status: No, score=-103.305 tagged_above=-999 required=5 tests=[AWL=0.294, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bvhj+eGxAADI for <savi@core3.amsl.com>; Tue, 5 Apr 2011 08:42:00 -0700 (PDT)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by core3.amsl.com (Postfix) with ESMTP id B7CEE3A694C for <savi@ietf.org>; Tue, 5 Apr 2011 08:41:59 -0700 (PDT)
Received: by wwa36 with SMTP id 36so428664wwa.13 for <savi@ietf.org>; Tue, 05 Apr 2011 08:43:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=0HreFhaoVPtwOWUDlwHtGwpR87yRT/hmGNU68AnKico=; b=Z1BlYaB3QMNJFD68lBrYJt02Rs/6402NQs97Zx0PdNyv6y0cvTpn5yyeNEk/EIBfex AmmtAX0y5bTHnOM3HjkTS4F6muacpJgan+ONkYWzxkqtuq34759GD7FoO4kZzhvv1cax 9nrI/ic/bENc5NC8F/pUVzvid6nuf5aIrewv0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=hOVQ7TRiv/cUo4TChpJfm5a0VZawSYbUkPzUXFvU2aw+2y1sql7oQIMDUa0ZVpP0pm EcwJW0+ZKaPIzfy2uySNTUvy6TwMC3StQafJ7CTIppp5CswtuevXZF0CKXA+a26JEz+8 L22D1w78GYfB2Id7T6d8Wx+p1BuoNX5bCG9cQ=
MIME-Version: 1.0
Received: by 10.216.191.208 with SMTP id g58mr5697204wen.85.1302018222371; Tue, 05 Apr 2011 08:43:42 -0700 (PDT)
Received: by 10.216.122.69 with HTTP; Tue, 5 Apr 2011 08:43:42 -0700 (PDT)
In-Reply-To: <4D942CB7.4030508@cisco.com>
References: <4D71CDE6.1000707@joelhalpern.com> <4D71FF5A.8040800@it.uc3m.es> <4D7268E9.8000202@joelhalpern.com> <AANLkTi=79g_vshPChSQaQ=AEfY=tjtsLK4qWc8UKv-kQ@mail.gmail.com> <4D942CB7.4030508@cisco.com>
Date: Tue, 05 Apr 2011 17:43:42 +0200
Message-ID: <BANLkTimimiC8f14-R1Ga7EJt44vv3yH21A@mail.gmail.com>
From: Jean-Michel Combes <jeanmichel.combes@gmail.com>
To: Eric Levy-Abegnoli <elevyabe@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: draft-ietf-savi-fcfs@tools.ietf.org, SAVI Mailing List <savi@ietf.org>
Subject: Re: [savi] SAVI FCFS & Logging
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2011 15:42:01 -0000
Hi, To move forward the document ASAP, any additional comments about this topic must be sent before next Tuesday. Thanks in advance. Best regards. JMC. 2011/3/31 Eric Levy-Abegnoli <elevyabe@cisco.com>: > Le 31/03/2011 02:18, Jean-Michel Combes a écrit : >> >> Hi, >> >> I am in favor of the addition of such a text: logging could clearly help. >> Now, I would like to have feedback from the WG and especially from >> people implementing SAVI to know if logging could be easily >> implementing (i.e. with no expensive extra-cost): that would determine >> whether make that normative or not. > > I support the addition. That has been #1 requirement from many organizations > I dealt with deploying SAVI or IPSG solutions. > Not particular issue implementation-wise. > Eric >> >> Best regards. >> >> JMC. >> >> 2011/3/5 Joel M. Halpern<jmh@joelhalpern.com>: >>> >>> I asked the SAVI FCFS the question below. In response they quite >>> reasonably >>> asked that I provide text. Following the note excerpt is the suggestion >>> on >>> placement and text. THe text could include a reference to the savi >>> threats >>> document. I was not sure if that would be helpful, so I left it out. >>> Also, >>> as logging is basically an internal activity, I have written this >>> suggestion >>> as non-normative text. >>> >>>> El 05/03/11 6:45, Joel M. Halpern escribió: >>>>> >>>>> Looking at the traceability issues we raise in the threats document, >>>>> and looking at the uses I see people wanting to make of SAVI for >>>>> SLAAC, should we put some descriptive (not normative) text into SAVI >>>>> FCFS that talks about loggin? >>>>> >>>>> I wanted to check with you folks directly before raising this on the >>>>> list. >>>>> >>>>> Thank you, >>>>> Joel >>> >>> I would suggest adding a section between 2.4 and 2.5 (i.e., it would be >>> 2.5, >>> and the current 2.5 SAVI enforcement perimeter would become 2.6.) >>> --------- >>> 2.x SAVI Logging >>> >>> While the primary goal of SAVI is simply to prevent improper use of IP >>> addresses, a secondary goal is to assist in traceability for determining >>> who >>> an imp-roper actor is. For example, if a remote site reports that a DoS >>> (or >>> component of a DDoS) is coming from the SAVI site, SAVI enforcement can >>> be a >>> useful component in a response. >>> >>> In order to support these and other similar activities, it is a good idea >>> if >>> SAVI devices perform logging of the creation, modification, or removal of >>> address bindings. Any protocol support, such as SYSLOG support for >>> sending >>> those logs to a common server, would be a topic for a future separate >>> document. >>> ----- >>> If instead we want to make that normative, we could put a SHOULD in and >>> put >>> this in section 3.2.6 instead. >>> >>> In addition, it would seem useful to add a short paragraph in the >>> security >>> considerations section. (If Denial of service attacks and Residual >>> threats >>> were 4.1 and 4.2, then I would would att this as 4.3 Security Logging) >>> ------------- >>> In order to improve the integration of SAVI into an overall security >>> environment, and enable response to additional indirect security issues >>> which SAVI can help ameliorate, it is helpful if SAVI systems log the >>> creation, modification, and deletion of binding entries. >>> --------- >>> I realize this basically duplicates the 2.x text. I think it deserves >>> mention in the security considerations, because it is a security >>> consideration. But I don't think that should be the first occurrence. >>> If the duplication is bothersome, then just use the 2.x text. >>> >>> Thank you, >>> Joel >>> _______________________________________________ >>> savi mailing list >>> savi@ietf.org >>> https://www.ietf.org/mailman/listinfo/savi >>> >> _______________________________________________ >> savi mailing list >> savi@ietf.org >> https://www.ietf.org/mailman/listinfo/savi >> > >
- Re: [savi] SAVI FCFS & Logging Joel M. Halpern
- Re: [savi] SAVI FCFS & Logging Jean-Michel Combes
- Re: [savi] SAVI FCFS & Logging Eric Levy-Abegnoli
- Re: [savi] SAVI FCFS & Logging Jean-Michel Combes