Paul, IESG doesn't like fancy acronyms, mentioning Block chain without describing the additional features won't go very far.
Suggest to have a narrower scoped work proposal, so that it is more likely to get IESG approval. Comments to your suggested work items for I2NSF Rechartering are inserted below: From: Mr. Jaehoon Paul Jeong <[email protected]> Sent: Friday, April 1, 2022 2:51 AM To: Linda Dunbar <[email protected]> Cc: [email protected]; Roman Danyliw <[email protected]>; Yoav Nir <[email protected]>; tom petch <[email protected]>; Susan Hares <[email protected]>; DIEGO LOPEZ GARCIA <[email protected]>; JungSoo Park <[email protected]>; Yunchul Choi <[email protected]>; Patrick Lingga <[email protected]>; Jeong Hyeon Kim <[email protected]>; Younghan Kim <[email protected]>; Panwei (William) <[email protected]>; Henk Birkholz <[email protected]>; yangpenglin <[email protected]>; Kyoungjae Sun <[email protected]>; Hyunsik Yang <[email protected]>; skku-iotlab-members <[email protected]>; Mr. Jaehoon Paul Jeong <[email protected]> Subject: Re: Narrowing down the scope of work for the I2NSF Re-Chartering Hi Linda and Yoav, I would say that the theme of this I2NSF Re-Chartering is "Security Management Automation". This theme is based on 7-year I2NSF standardization and hackathon projects with our I2NSF WG colleagues. May I suggest three more work items in addition to your proposed work items? The following three work items can be handled with focus along with the CCed I2NSF WG colleagues as coauthors and contributors: --------------------------------------------------------------------------------------------------------------------------------------------------------------- 1. Security Service Management through Leveraging I2NSF Framework and Interfaces - Main Contents . An Extension of I2NSF Framework for Intelligent Security Management Automation . Distributed Auditing Services for Supply Chain Attacks and Insider Attacks by Distributed Ledger Technology (DLT) and Remote Attestation . Support of Containers for I2NSF in Cloud Native Systems . Support of Other Contemporary Technologies for I2NSF such as Quantum Key Distribution (QKD) and Post Quantum Cryptography (PQC) [Linda] The above items should be already covered by the existing I2NSF Charter, except I don't know what additional features required by QKD and PQC to NSF or Consumer facing interfaces. 2. I2NSF Application Interface YANG Data Model - Main Contents . A New I2NSF Interface for Feedback-control-loop-based Security Management Automation . Support of Feedback Information Delivery from I2NSF (Data) Analyzer to Security Controller for Security Policy Augmentation and Generation [Linda] Can Application interface YANG Data model be covered by "Consumer facing" interface? If not why? 3. Guidelines to Security Policy Translation for I2NSF-Based Security Enforcement - Main Contents . A Relation between I2NSF Consumer-Facing Interface and NSF Facing-Interface . Handling of Default Actions for a High-level Security Policy to be translated to a Low-level Security Policy . Population of Information for Security Policy Translation (e.g., mapping of IP addresses for users and devices) . Implementation Guidelines for Security Policy Translator (will be put as Appendix rather than main text) [Linda] I can see this being the potential work item for the rechartering. Linda --------------------------------------------------------------------------------------------------------------------------------------------------------------- As you know, my SKKU team with ETRI demonstrated the feasibility of those three work items through the past I2NSF Projects. For the 1st work item, this provides autonomous security management services to minimize human engagement for security services. The I2NSF extension for this autonomous security management is explained by my new I2NSF I-D: https://datatracker.ietf.org/doc/html/draft-jeong-i2nsf-security-management-automation-03<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-jeong-i2nsf-security-management-automation-03&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=2Ok0aDHdpx%2Ft36oaWiOfeIntayLaTd8cfEDtc0kqQc0%3D&reserved=0> As a use case, a new outside (or inside) security attack is detected and blocked by an I2NSF system. For this, an NSF reports monitoring data of a suspicious activity to an I2NSF Analyzer (as a new component which is a data collector and a data analyzer with machine learning), which is defined in the above I-D. The I2NSF Analyzer analyzes the monitoring data and diagnoses what is a problem or security attack. The I2NSF Analyzer makes a feedback report to a Security Controller so that the Security Controller can augment its existing security policy or generate a new security policy to cope with the problem or security attack. The involved security functions include the following steps: 1. The monitoring data delivery from an NSF to an I2NSF Analyzer, 2. The analysis of the monitoring data at the I2NSF Analyzer, 3. The construction of a feedback report by the I2NSF Analyzer, 4. The delivery of the feedback report from the I2NSF Analyzer to the Security Controller, 5. The interpretation/translation of the feedback report at the Security Controller, and the augmentation of an existing security policy (or the generation of a new security policy) by the Security Controller, and 6. The delivery of the augmented (or generated) security policy to an appropriate NSF. These steps are explained in the above I-D. I have explained them in the presentation of I2NSF Re-chartering slides during the IETF-113 I2NSF WG Session. For the support of the containers for I2NSF NSFs, the interface to security functions on Container will be the same with that to the security functions on VM. However, the operation and management of I2NSF in container deployment can be specified in the document. Here is my I2NSF I-D for Cloud Native Systems for your reference: https://datatracker.ietf.org/doc/html/draft-yang-i2nsf-nfv-architecture-07#page-11<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-yang-i2nsf-nfv-architecture-07%23page-11&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=5jkxDRkVzgA0VMltvNAAyDIM5KsvMyuLcYIqPPkMvH8%3D&reserved=0> I CC Dr. Kyoungjae Sun and Dr. Hyunsik Yang as the authors of this I-D for the Cloud Native Systems for I2NSF since they are experts in this domain. For the support of Other Contemporary Technologies, "Quantum Key" can be distributed to NSFs through Security Controllers. The work of RFC 9061 (A YANG Data Model for IPsec Flow Protection Based on Software-Defined Networking (SDN)) can be extended for this key distribution. For the 2nd work item, I2NSF Application Interface delivers a feedback report containing feedback information as a high-level policy to describe a problem or security attack rather than monitoring data. The Application Interface is a newly defined interface from I2NSF Analyzed to Security Controller, so it is different from the Monitoring Interface. You can refer to my I2NSF I-D for the Application Interface: https://datatracker.ietf.org/doc/html/draft-lingga-i2nsf-application-interface-dm-02<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-lingga-i2nsf-application-interface-dm-02&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=sEbIvZW4NFSUzG0SALRlqdzS8WKOfS8ywjTGozvQfbc%3D&reserved=0> For the 3rd work item, the guidelines for security policy translation are specified in terms of the mapping of interfaces, default action handling, the population of translation information (e.g., mapping of user group (or device group) and their IP addresses), the procedures of the security policy translation rather than translation algorithm itself. You can refer to my I2NSF I-D for the Security Policy Translation: https://datatracker.ietf.org/doc/html/draft-yang-i2nsf-security-policy-translation-10<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-yang-i2nsf-security-policy-translation-10&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=s93IFrkZ4%2BAVWUjLe0NMNPFBqDwM1HuZutZsUJC%2Brog%3D&reserved=0> If you have questions and comments, let me know. Thanks. Best Regards, Paul On Thu, Mar 31, 2022 at 2:10 AM Linda Dunbar <[email protected]<mailto:[email protected]>> wrote: I2NSF Rechartering Proponents, I re-read all the emails exchanged about I2NSF Re-Chartering plus the discussion minutes at IETF113, I concluded the 2 key points: * The proposed Rechartered work is too broad, the scope of work is to wide, * We don't have enough people and expertise to cover all the proposed work. Therefore I would like to suggest prioritizing the work items based on available expertise, and choose the highest 3~4 work items for the I2NSF rechartering. With the current available expertise among the I2NSF participants, we can confidently tackle the following work items. Therefore I think they should be high on the priority list of the rechartering. * Work around the remote attestation of NSF in I2NSF architecture, including the YANG Data Model. * Add the support recently developed protocols such as QUIC and HTTP/3. * Develop the YANG module of IPsec policies to functions embedded in nodes running BGP. For the proposed work item of the Interface tot eh Data Analysis Entities, I am wondering if the work is similar to the draft-ietf-i2nsf-nsf-monitoring-data-model? For the proposed work item of "controlling container deployments in Cloud Native NFV architecture", I am not sure how different between the "Interface to NSF" vs. the "interface to Container". Can you please chime in to express your opinion? Thank you Linda From: I2nsf <[email protected]<mailto:[email protected]>> On Behalf Of Mr. Jaehoon Paul Jeong Sent: Thursday, March 24, 2022 2:38 AM To: [email protected]<mailto:[email protected]> Cc: Roman Danyliw <[email protected]<mailto:[email protected]>>; Panwei (William) <[email protected]<mailto:[email protected]>>; Henk Birkholz <[email protected]<mailto:[email protected]>>; tom petch <[email protected]<mailto:[email protected]>>; yangpenglin <[email protected]<mailto:[email protected]>>; Susan Hares <[email protected]<mailto:[email protected]>>; DIEGO LOPEZ GARCIA <[email protected]<mailto:[email protected]>> Subject: [I2nsf] Request for Comments, Interest and Support in I2NSF Re-Chartering Hi I2NSF WG, As you know, our I2NSF WG will discuss the I2NSF Re-Chartering at IETF-113 I2NSF WG Session today. I attach the text of the re-chartering as pdf and txt files. Our five core I2NSF YANG data model drafts are almost completed. ------------------------------------------------------------------------------------ 1. Capability YANG Data Model https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-capability-data-model-27<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-i2nsf-capability-data-model-27&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=TRzRqjLtK7Vqg%2F4yJxZMc5xFSDjCmBHohns6VUrlLPM%3D&reserved=0> 2. NSF-Facing Interface YANG Data Model https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-nsf-facing-interface-dm-22<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-i2nsf-nsf-facing-interface-dm-22&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ifm6PB3tFG%2B8F2JbDviFnwd0B30iftCRKr0aze6vOJY%3D&reserved=0> 3. Monitoring Interface YANG Data Model https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-nsf-monitoring-data-model-16<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-i2nsf-nsf-monitoring-data-model-16&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Y7Q3ursUB3KalwVGmvSGJxQbohoN9yjjn4MwDXsOIvc%3D&reserved=0> 4. Consumer-Facing Interface YANG Data Model https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-consumer-facing-interface-dm-17<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-i2nsf-consumer-facing-interface-dm-17&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OQNZ4F5iRKNe9G74OehRS%2BWLcBzJX%2FF9sok7f7sYBLY%3D&reserved=0> 5. Registration Interface YANG Data Model https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-registration-interface-dm-15<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-i2nsf-registration-interface-dm-15&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=CHYx5DQsaPESpsMD14nhTwTZa9ZSxlMXfc%2Bf61q14BY%3D&reserved=0> ------------------------------------------------------------------------------------ The three of them (i.e., 1, 2, and 3) got the feedback of the IESG and the revisions have been sent to the IESG reviewers. The remaining two (i.e., 4, 5) are well-synchronized with the others. I will present the updates of them today's I2NSF WG. I attach the slides for them for your easy checking. Our AD Roman has concerns about the low energy of our I2NSF WG for the new work items in the I2NSF Re-chartering. Could you speak up your voice about your comments, interest, and support of our I2NSF Re-Chartering? See you online at IETF-113 I2NSF WG Session today. Thanks. Best Regards, Paul -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Associate Professor Department Head Department of Computer Science and Engineering Sungkyunkwan University Office: +82-31-299-4957 Email: [email protected]<mailto:[email protected]>, [email protected]<mailto:[email protected]> Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcpslab.skku.edu%2Fpeople-jaehoon-jeong.php&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=lArXzPvmAjhFcwKMhNgNEmpbnRo70lLtU0pEHU8HiHI%3D&reserved=0>
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
