Re: [Spud] Interactions between SPUD and I2NSF
"Philipp S. Schmidt" <phils@in-panik.de> Wed, 11 February 2015 08:53 UTC
Return-Path: <phils@in-panik.de>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E7151A8547 for <spud@ietfa.amsl.com>; Wed, 11 Feb 2015 00:53:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.55
X-Spam-Level:
X-Spam-Status: No, score=-1.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hqthyvAMB1W1 for <spud@ietfa.amsl.com>; Wed, 11 Feb 2015 00:53:10 -0800 (PST)
Received: from einhorn.in-berlin.de (einhorn.in-berlin.de [IPv6:2001:bf0:c000::1:8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 932291A86FC for <spud@ietf.org>; Wed, 11 Feb 2015 00:53:09 -0800 (PST)
X-Envelope-From: phils@in-panik.de
Received: from x-berg.in-berlin.de (x-change.in-berlin.de [217.197.86.40]) by einhorn.in-berlin.de (8.14.4/8.14.4/Debian-4) with ESMTP id t1B8r49P022937 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Wed, 11 Feb 2015 09:53:05 +0100
Received: from hedwig.krautrouting.org ([217.197.86.49]) by x-berg.in-berlin.de with esmtpsa (TLS1.0:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.84) (envelope-from <phils@in-panik.de>) id 1YLT22-0003hz-Lh; Wed, 11 Feb 2015 09:52:26 +0100
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: "Philipp S. Schmidt" <phils@in-panik.de>
In-Reply-To: <CE03DB3D7B45C245BCA0D24327794936362C50@MX104CL02.corp.emc.com>
Date: Wed, 11 Feb 2015 09:53:03 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <3086E826-08EC-47F5-9AF0-4AAAC99CB364@in-panik.de>
References: <A8E35FF3-A4E6-43CE-BE3C-BD968967081A@in-panik.de> <CE03DB3D7B45C245BCA0D24327794936362C50@MX104CL02.corp.emc.com>
To: "Black, David" <david.black@emc.com>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/HwQl19rwdhml_2r9kPyT4vGgWn0>
Cc: "spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] Interactions between SPUD and I2NSF
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2015 08:53:12 -0000
Hi David, > On 11.02.2015, at 01:13, Black, David <david.black@emc.com> wrote: > > Philipp, > >> as a response to our position paper at IAB SEMI workshop, I was asked to >> comment on the not-yet-chartered I2NSF WG (Interface to Network Security >> Functions). >> >> I see a lot of overlap between the "service layer" defined in [draft-dunbar- >> i2nsf-problem-statement], but I am a little shaken between have an “joint >> approach” the complexity the whole framing of I2NSF implies. > > What sort of "joint approach" is involved? A "joint approach” would in my opinion mean making sure terminology and mental model of the network fit, and allow I2NSF to use SUPD as an example for a protocol implementing their Security Service and Policy Layer. > My reason for asking is that the proposed I2NSF charter: > http://www.ietf.org/mail-archive/web/i2nsf/current/msg00245.html > > contains this clear sentence: > > It is a non-goal to create new protocols or data modeling languages for I2NSF interfaces. > > Obviously, I2NSF is concerned with firewalls, and punching pinholes in at least > firewalls and NATs are things that SPUD needs to be concerned about, but is > there more? > > At the other extreme, the design of SPUD should not touch the I2NSF service layer, > again quoting from the I2NSF draft charter: > > The Security Service and Policy Layer is for clients to express and monitor > security policies for their specific flows. Which is - in my opinion - a clear distinction where the interfaces _could_ be. > We should leave that sort of security to the security experts, and hope that they > leave transport to the transport experts ;-). > > And if anyone from the IESG is lurking on this list, here's one more example of > why Areas matter to the structure of the IETF. Sorry - I am quite new to the IETF - I just did not want to miss an opportunity to bring people together that work on closely related topics (and admittingly get a feeling how where to put I2NSF in my personal mental model). AVE! Philipp S. Schmidt / phils… -- {phils}--->---(phils@in-panik.de)--->---(http://phils.in-panik.de)----, wenn w eine aube ist dn man au dran dre en | o Schr an muss hc h (Kurt Schwitters) | :wq! <---(phone: +49-179-6737439)---<---(jabber: phils@jabber.ccc.de)---'
- [Spud] Interactions between SPUD and I2NSF Philipp S. Schmidt
- Re: [Spud] Interactions between SPUD and I2NSF Black, David
- Re: [Spud] Interactions between SPUD and I2NSF Philipp S. Schmidt
- Re: [Spud] Interactions between SPUD and I2NSF Black, David