IETF Logo Mail Archive

Re: [Spud] Interactions between SPUD and I2NSF

"Black, David" <david.black@emc.com> Wed, 11 February 2015 14:44 UTC

Return-Path: <david.black@emc.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D64821A893A for <spud@ietfa.amsl.com>; Wed, 11 Feb 2015 06:44:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DlWN4-ue3bz2 for <spud@ietfa.amsl.com>; Wed, 11 Feb 2015 06:44:35 -0800 (PST)
Received: from mailuogwdur.emc.com (mailuogwdur.emc.com [128.221.224.79]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FEEF1A8931 for <spud@ietf.org>; Wed, 11 Feb 2015 06:44:26 -0800 (PST)
Received: from maildlpprd55.lss.emc.com (maildlpprd55.lss.emc.com [10.106.48.159]) by mailuogwprd51.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id t1BEiN0V030082 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Feb 2015 09:44:24 -0500
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd51.lss.emc.com t1BEiN0V030082
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1423665864; bh=lxlZplmjDkp/TlT2L5K9vS/JuSA=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=icooWJBtKlfiDLq5P6l8xg0kyZ1w1LrCIHWyp77YE8ixawic0i1H8U6OlnKqjnrKA KcldyzbLk3eUWGPfaDFwQPVyBrm8W8c1GTngA6uv7MC1TzMeQ/7oTXOI4OEEIqEMfu uoL/IpuxD38clYRhY6mTgzAjgx0iUVfpItoLZKCk=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd51.lss.emc.com t1BEiN0V030082
Received: from mailusrhubprd51.lss.emc.com (mailusrhubprd51.lss.emc.com [10.106.48.24]) by maildlpprd55.lss.emc.com (RSA Interceptor); Wed, 11 Feb 2015 09:44:08 -0500
Received: from mxhub10.corp.emc.com (mxhub10.corp.emc.com [10.254.92.105]) by mailusrhubprd51.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id t1BEi1IL027081 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 11 Feb 2015 09:44:08 -0500
Received: from MXHUB102.corp.emc.com (10.253.58.15) by mxhub10.corp.emc.com (10.254.92.105) with Microsoft SMTP Server (TLS) id 8.3.327.1; Wed, 11 Feb 2015 09:44:05 -0500
Received: from MX104CL02.corp.emc.com ([169.254.8.236]) by MXHUB102.corp.emc.com ([::1]) with mapi id 14.03.0195.001; Wed, 11 Feb 2015 09:44:06 -0500
From: "Black, David" <david.black@emc.com>
To: "Philipp S. Schmidt" <phils@in-panik.de>
Thread-Topic: [Spud] Interactions between SPUD and I2NSF
Thread-Index: AQHQRU4CzEpRshcNjEO5dhukE9/BC5zqkn4AgADnAYCAAAPJEA==
Date: Wed, 11 Feb 2015 14:44:05 +0000
Message-ID: <CE03DB3D7B45C245BCA0D24327794936363553@MX104CL02.corp.emc.com>
References: <A8E35FF3-A4E6-43CE-BE3C-BD968967081A@in-panik.de> <CE03DB3D7B45C245BCA0D24327794936362C50@MX104CL02.corp.emc.com> <3086E826-08EC-47F5-9AF0-4AAAC99CB364@in-panik.de>
In-Reply-To: <3086E826-08EC-47F5-9AF0-4AAAC99CB364@in-panik.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.238.44.129]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd51.lss.emc.com
X-RSA-Classifications: public
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/cfjVu5bk2f2ldDcjzCpHL72Pz3g>
Cc: "Black, David" <david.black@emc.com>, "spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] Interactions between SPUD and I2NSF
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2015 14:44:38 -0000

Hi Philipp,

> > Obviously, I2NSF is concerned with firewalls, and punching pinholes in at least
> > firewalls and NATs are things that SPUD needs to be concerned about, but is
> > there more?
> >
> > At the other extreme, the design of SPUD should not touch the I2NSF service layer,
> > again quoting from the I2NSF draft charter:
> >
> > 	The Security Service and Policy Layer is for clients to express and monitor
> > 		security policies for their specific flows.
> 
> Which is - in my opinion - a clear distinction where the interfaces _could_ be.

+1!  SPUD may provide an opportunity to improve on what's currently done to punch
and maintain UDP pinholes.

> > We should leave that sort of security to the security experts, and hope that they
> > leave transport to the transport experts ;-).
> >
> > And if anyone from the IESG is lurking on this list, here's one more example of
> > why Areas matter to the structure of the IETF.
> 
> Sorry - I am quite new to the IETF - I just did not want to miss an opportunity
> to bring people together that work on closely related topics (and admittedly
> get a feeling how where to put I2NSF in my personal mental model).

No apology needed - getting to this sort of clear distinction is helpful in
enabling work to get done in parallel.  For those not following I2NSF, it's
likely to be a WG-forming BOF in Dallas next month.

Thanks,
--David

> -----Original Message-----
> From: Philipp S. Schmidt [mailto:phils@in-panik.de]
> Sent: Wednesday, February 11, 2015 3:53 AM
> To: Black, David
> Cc: spud@ietf.org
> Subject: Re: [Spud] Interactions between SPUD and I2NSF
> 
> Hi David,
> 
> > On 11.02.2015, at 01:13, Black, David <david.black@emc.com> wrote:
> >
> > Philipp,
> >
> >> as a response to our position paper at IAB SEMI workshop, I was asked to
> >> comment on the not-yet-chartered I2NSF WG (Interface to Network Security
> >> Functions).
> >>
> >> I see a lot of overlap between the "service layer" defined in [draft-dunbar-
> >> i2nsf-problem-statement], but I am a little shaken between have an “joint
> >> approach” the complexity the whole framing of I2NSF implies.
> >
> > What sort of "joint approach" is involved?
> 
> A "joint approach” would in my opinion mean making sure terminology and
> mental model of the network fit, and allow I2NSF to use SUPD as an
> example for a protocol implementing their Security Service and Policy Layer.
> 
> > My reason for asking is that the proposed I2NSF charter:
> > 	http://www.ietf.org/mail-archive/web/i2nsf/current/msg00245.html
> >
> > contains this clear sentence:
> >
> > 	It is a non-goal to create new protocols or data modeling languages for I2NSF interfaces.
> >
> > Obviously, I2NSF is concerned with firewalls, and punching pinholes in at least
> > firewalls and NATs are things that SPUD needs to be concerned about, but is
> > there more?
> >
> > At the other extreme, the design of SPUD should not touch the I2NSF service layer,
> > again quoting from the I2NSF draft charter:
> >
> > 	The Security Service and Policy Layer is for clients to express and monitor
> > 		security policies for their specific flows.
> 
> Which is - in my opinion - a clear distinction where the interfaces _could_ be.
> 
> > We should leave that sort of security to the security experts, and hope that they
> > leave transport to the transport experts ;-).
> >
> > And if anyone from the IESG is lurking on this list, here's one more example of
> > why Areas matter to the structure of the IETF.
> 
> Sorry - I am quite new to the IETF - I just did not want to miss an opportunity
> to bring people together that work on closely related topics (and admittingly
> get a feeling how where to put I2NSF in my personal mental model).
> 
> AVE!
>   Philipp S. Schmidt / phils…
> --
>    {phils}--->---(phils@in-panik.de)--->---(http://phils.in-panik.de)----,
>       wenn w eine   aube ist dn      man au dran dre en                   |
>            o     Schr        an muss     hc         h   (Kurt Schwitters) |
> :wq!  <---(phone: +49-179-6737439)---<---(jabber: phils@jabber.ccc.de)---'

v2.23.0 | Report a Bug | By Email