Re: [lamps] Call for adoption of draft-housley-lamps-3g-nftypes

Russ Housley <housley@vigilsec.com> Fri, 05 August 2022 13:05 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53BF0C13CCFE for <spasm@ietfa.amsl.com>; Fri, 5 Aug 2022 06:05:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4rnRfkJTp8he for <spasm@ietfa.amsl.com>; Fri, 5 Aug 2022 06:05:40 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE137C14F724 for <spasm@ietf.org>; Fri, 5 Aug 2022 06:05:39 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 7131413FAB8; Fri, 5 Aug 2022 09:05:38 -0400 (EDT)
Received: from [10.0.1.2] (pfs.iad.rg.net [198.180.150.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id F1D4A13F971; Fri, 5 Aug 2022 09:05:37 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <E1C193C7-F876-4F18-8AD8-8548F4BFA983@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_1AC43DA0-7C7C-4CBE-BEBB-25FF87DF209B"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Fri, 05 Aug 2022 09:05:36 -0400
In-Reply-To: <CAFpG3gciz2h+wTCnWy0Uazn+CLSKhWaCRnk6tNtptZriVtvseA@mail.gmail.com>
Cc: LAMPS <spasm@ietf.org>
To: tirumal reddy <kondtir@gmail.com>
References: <DM8PR14MB52376D8E7F6F414563238A18839F9@DM8PR14MB5237.namprd14.prod.outlook.com> <CAFpG3gciz2h+wTCnWy0Uazn+CLSKhWaCRnk6tNtptZriVtvseA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-Scanned-By: mailmunge 3.09 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/PvRETen6BhpRTpFBIfT95ovsMK4>
Subject: Re: [lamps] Call for adoption of draft-housley-lamps-3g-nftypes
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2022 13:05:44 -0000

Tiru:

Thanks for the review.

1. Yes, this is a good topic to expand the Security Considerations.

2. This seems pretty obvious to me, but I will think about a sentence or two for a more complete explanation.

3. The goal is to meet the needs of 5G Network Functions.  I am not sure that it would apply to other environments without adding complexity.  I would not want to add that complexity without someone offering a use case.

Russ


> On Aug 5, 2022, at 3:31 AM, tirumal reddy <kondtir@gmail.com> wrote:
> 
> It looks like a straight-forward proposal but I have the following comments on the draft: 
> 
> 1. It seems any NF can claim any NFType. If NFType is used for role based access control, the threat model needs to be discussed to identify potential misuse.  
> 2. You may want to elaborate on how the NFType is used for role-based access control. 
> 3. Network Functions are possibly applicable in other deployments as well and not specific to 3GPP. Any specific reason to restrict the scope to 5G ?
> 
> Cheers,
> -Tiru
> 
> On Thu, 4 Aug 2022 at 21:22, Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org <mailto:40digicert.com@dmarc.ietf.org>> wrote:
> At the LAMPS meeting at IETF 114, Sean and Russ presented the following draft: https://datatracker.ietf.org/doc/draft-housley-lamps-3g-nftypes/ <https://datatracker.ietf.org/doc/draft-housley-lamps-3g-nftypes/>
>  
> 
> Should the LAMPS WG adopt “X.509 Certificate Extension for 5G Network Function Types” in draft-housley-lamps-3g-nftypes?
> 
>  
> 
> Please reply to this message by Monday, 22 August 2022 to voice your support or opposition to adoption.
> 
>  
> 
> On behalf of the LAMPS WG Chairs,
> 
>  
> 
> -Tim
> 
>  
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org <mailto:Spasm@ietf.org>
> https://www.ietf.org/mailman/listinfo/spasm <https://www.ietf.org/mailman/listinfo/spasm>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm