Hi Linda, On Tue, Apr 5, 2022 at 3:22 AM Linda Dunbar <[email protected]> wrote:
> Paul, > > > > IESG doesn’t like fancy acronyms, mentioning Block chain without > describing the additional features won’t go very far. > > > > Suggest to have a narrower scoped work proposal, so that it is more likely > to get IESG approval. > > > > Comments to your suggested work items for I2NSF Rechartering are inserted > below: > > > > > > *From:* Mr. Jaehoon Paul Jeong <[email protected]> > *Sent:* Friday, April 1, 2022 2:51 AM > *To:* Linda Dunbar <[email protected]> > *Cc:* [email protected]; Roman Danyliw <[email protected]>; Yoav Nir < > [email protected]>; tom petch <[email protected]>; Susan Hares < > [email protected]>; DIEGO LOPEZ GARCIA <[email protected]>; > JungSoo Park <[email protected]>; Yunchul Choi <[email protected]>; Patrick > Lingga <[email protected]>; Jeong Hyeon Kim < > [email protected]>; Younghan Kim <[email protected]>; Panwei > (William) <[email protected]>; Henk Birkholz < > [email protected]>; yangpenglin <[email protected]>; > Kyoungjae Sun <[email protected]>; Hyunsik Yang <[email protected]>; > skku-iotlab-members <[email protected]>; Mr. Jaehoon > Paul Jeong <[email protected]> > *Subject:* Re: Narrowing down the scope of work for the I2NSF > Re-Chartering > > > > Hi Linda and Yoav, > > I would say that the theme of this I2NSF Re-Chartering is "Security > Management Automation". > This theme is based on 7-year I2NSF standardization and hackathon projects > with our I2NSF WG colleagues. > > May I suggest three more work items in addition to your proposed work > items? > > The following three work items can be handled with focus along with the > CCed I2NSF WG colleagues > > as coauthors and contributors: > > --------------------------------------------------------------------------------------------------------------------------------------------------------------- > 1. Security Service Management through Leveraging I2NSF Framework and > Interfaces > - Main Contents > . An Extension of I2NSF Framework for Intelligent Security Management > Automation > . Distributed Auditing Services for Supply Chain Attacks and Insider > Attacks by Distributed Ledger Technology (DLT) and Remote Attestation > . Support of Containers for I2NSF in Cloud Native Systems > . Support of Other Contemporary Technologies for I2NSF such as Quantum > Key Distribution (QKD) and Post Quantum Cryptography (PQC) > > [Linda] The above items should be already covered by the existing I2NSF > Charter, except I don’t know what additional features required by QKD and > PQC to NSF or Consumer facing interfaces. > > > => [Paul] A certain level of security management automation (e.g., > enforcement of a high-level security policy from I2NSF User to an NSF) is > mentioned > in the current I2NSF charter, and are fulfilled by the five I2NSF > YANG data models. > However, the full level of security mangement automation can be > completed by the adding the feedback-control-loop to augment security > policies > through NSF monitoring data collection, the analysis of those > monitoring data, and the delivery of feedback information to Security > Controller. > Refer to Figure 1 and Section 3 in > https://datatracker.ietf.org/doc/html/draft-jeong-i2nsf-security-management-automation-03 > > for the detailed explanation of the extension of the I2NSF framework. > => [Paul] For QKD and PQC, we need to extend the NSF-Facing Interface for the exchange of parameters for quantum computing-based security rather than the Consumer-Facing Interface. This is because the I2NSF User just specifies a high-level security policy to the Security Controller, and the Security Controller needs to translate it into a low-level security policy along with the detailed handling of QKD and PQC. > > 2. I2NSF Application Interface YANG Data Model > - Main Contents > . A New I2NSF Interface for Feedback-control-loop-based Security > Management Automation > > . Support of Feedback Information Delivery from I2NSF (Data) Analyzer to > Security Controller for Security Policy Augmentation and Generation > => [Paul] In Figure 1 in the above I-D, the feedback-loop-based security management requires a new interface called Application Interface. This interface delivers feedback information (or policy reconfiguration) with an NSF name, a problem description and a possible solution to either Security Controller or I2NSF User rather than a high-level security policy delivered from the I2NSF User to the Security Controller via the Consumer-Facing Interface. Either the Security Controller or the I2NSF User needs to evaluate whether the suggested solution in the feedback information is good for the reported problem or not. After this evaluation, one of them can update the current high-level security policy or generate a high-level security policy for a low-level security policy. > 3. Guidelines to Security Policy Translation for I2NSF-Based Security > Enforcement > > - Main Contents > . A Relation between I2NSF Consumer-Facing Interface and NSF > Facing-Interface > . Handling of Default Actions for a High-level Security Policy to be > translated to a Low-level Security Policy > . Population of Information for Security Policy Translation (e.g., > mapping of IP addresses for users and devices) > . Implementation Guidelines for Security Policy Translator (will be put > as Appendix rather than main text) > > [Linda] I can see this being the potential work item for the rechartering. > => [Paul] Thanks. Actually, this security policy translation needs to include the following translations: - Policy Translation between the Consumer-Facing Interface and the NSF-Facing Interface - Policy Translation between the Application Interface and the Consumer-Facing Interface (or NSF-Facing Interface) Thanks. Best Regards, Paul > > Linda > > > > --------------------------------------------------------------------------------------------------------------------------------------------------------------- > > > As you know, my SKKU team with ETRI demonstrated the feasibility of those > three work items through the past I2NSF Projects. > > For the 1st work item, this provides autonomous security management > services to minimize human engagement for security services. > > The I2NSF extension for this autonomous security management is explained > by my new I2NSF I-D: > > https://datatracker.ietf.org/doc/html/draft-jeong-i2nsf-security-management-automation-03 > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-jeong-i2nsf-security-management-automation-03&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=2Ok0aDHdpx%2Ft36oaWiOfeIntayLaTd8cfEDtc0kqQc0%3D&reserved=0> > > As a use case, a new outside (or inside) security attack is detected and > blocked by an I2NSF system. > > For this, an NSF reports monitoring data of a suspicious activity to an > I2NSF Analyzer (as a new component which is > > a data collector and a data analyzer with machine learning), which is > defined in the above I-D. > > The I2NSF Analyzer analyzes the monitoring data and diagnoses what is a > problem or security attack. > The I2NSF Analyzer makes a feedback report to a Security Controller so > that the Security Controller can augment > > its existing security policy or generate a new security policy to cope > with the problem or security attack. > > The involved security functions include the following steps: > 1. The monitoring data delivery from an NSF to an I2NSF Analyzer, > 2. The analysis of the monitoring data at the I2NSF Analyzer, > 3. The construction of a feedback report by the I2NSF Analyzer, > 4. The delivery of the feedback report from the I2NSF Analyzer to the > Security Controller, > 5. The interpretation/translation of the feedback report at the Security > Controller, and > > the augmentation of an existing security policy (or the generation of a > new security policy) by the Security Controller, and > 6. The delivery of the augmented (or generated) security policy to an > appropriate NSF. > > These steps are explained in the above I-D. I have explained them in the > presentation of I2NSF Re-chartering slides > > during the IETF-113 I2NSF WG Session. > > For the support of the containers for I2NSF NSFs, the interface to > security functions on Container will be the same > > with that to the security functions on VM. > However, the operation and management of I2NSF in container deployment can > be specified in the document. > Here is my I2NSF I-D for Cloud Native Systems for your reference: > > > https://datatracker.ietf.org/doc/html/draft-yang-i2nsf-nfv-architecture-07#page-11 > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-yang-i2nsf-nfv-architecture-07%23page-11&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=5jkxDRkVzgA0VMltvNAAyDIM5KsvMyuLcYIqPPkMvH8%3D&reserved=0> > > > I CC Dr. Kyoungjae Sun and Dr. Hyunsik Yang as the authors of this I-D for > the Cloud Native Systems for I2NSF > > since they are experts in this domain. > > For the support of Other Contemporary Technologies, "Quantum Key" can be > distributed to NSFs through Security Controllers. > The work of RFC 9061 (A YANG Data Model for IPsec Flow Protection Based on > Software-Defined Networking (SDN)) > > can be extended for this key distribution. > > For the 2nd work item, I2NSF Application Interface delivers a feedback > report containing feedback information as > > a high-level policy to describe a problem or security attack rather than > monitoring data. > The Application Interface is a newly defined interface from I2NSF Analyzed > to Security Controller, > > so it is different from the Monitoring Interface. > You can refer to my I2NSF I-D for the Application Interface: > > https://datatracker.ietf.org/doc/html/draft-lingga-i2nsf-application-interface-dm-02 > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-lingga-i2nsf-application-interface-dm-02&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=sEbIvZW4NFSUzG0SALRlqdzS8WKOfS8ywjTGozvQfbc%3D&reserved=0> > > For the 3rd work item, the guidelines for security policy translation are > specified in terms of the mapping of interfaces, > > default action handling, the population of translation information (e.g., > mapping of user group (or device group) and > > their IP addresses), the procedures of the security policy translation > rather than translation algorithm itself. > > You can refer to my I2NSF I-D for the Security Policy Translation: > > https://datatracker.ietf.org/doc/html/draft-yang-i2nsf-security-policy-translation-10 > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-yang-i2nsf-security-policy-translation-10&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=s93IFrkZ4%2BAVWUjLe0NMNPFBqDwM1HuZutZsUJC%2Brog%3D&reserved=0> > > > > If you have questions and comments, let me know. > > Thanks. > > Best Regards, > Paul > > > > On Thu, Mar 31, 2022 at 2:10 AM Linda Dunbar <[email protected]> > wrote: > > I2NSF Rechartering Proponents, > > > > I re-read all the emails exchanged about I2NSF Re-Chartering plus the > discussion minutes at IETF113, I concluded the 2 key points: > > - The proposed Rechartered work is too broad, the scope of work is to > wide, > - We don’t have enough people and expertise to cover all the proposed > work. > > > > Therefore I would like to suggest prioritizing the work items based on > available expertise, and choose the highest 3~4 work items for the I2NSF > rechartering. > > > > With the current available expertise among the I2NSF participants, we can > confidently tackle the following work items. Therefore I think they should > be high on the priority list of the rechartering. > > > > - Work around the remote attestation of NSF in I2NSF architecture, > including the YANG Data Model. > - Add the support recently developed protocols such as QUIC and HTTP/3. > - Develop the YANG module of IPsec policies to functions embedded in > nodes running BGP. > > > > For the proposed work item of the Interface tot eh Data Analysis Entities, > I am wondering if the work is similar to the > draft-ietf-i2nsf-nsf-monitoring-data-model? > > > > For the proposed work item of “controlling container deployments in Cloud > Native NFV architecture”, I am not sure how different between the > “Interface to NSF” vs. the “interface to Container”. > > > > Can you please chime in to express your opinion? > > > > Thank you > > Linda > > > > *From:* I2nsf <[email protected]> *On Behalf Of *Mr. Jaehoon Paul > Jeong > *Sent:* Thursday, March 24, 2022 2:38 AM > *To:* [email protected] > *Cc:* Roman Danyliw <[email protected]>; Panwei (William) < > [email protected]>; Henk Birkholz <[email protected]>; > tom petch <[email protected]>; yangpenglin < > [email protected]>; Susan Hares <[email protected]>; DIEGO LOPEZ > GARCIA <[email protected]> > *Subject:* [I2nsf] Request for Comments, Interest and Support in I2NSF > Re-Chartering > > > > Hi I2NSF WG, > > As you know, our I2NSF WG will discuss the I2NSF Re-Chartering > > at IETF-113 I2NSF WG Session today. > > > > I attach the text of the re-chartering as pdf and txt files. > > > > Our five core I2NSF YANG data model drafts are almost completed. > > > ------------------------------------------------------------------------------------ > > 1. Capability YANG Data Model > > https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-capability-data-model-27 > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-i2nsf-capability-data-model-27&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=TRzRqjLtK7Vqg%2F4yJxZMc5xFSDjCmBHohns6VUrlLPM%3D&reserved=0> > > 2. NSF-Facing Interface YANG Data Model > > https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-nsf-facing-interface-dm-22 > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-i2nsf-nsf-facing-interface-dm-22&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ifm6PB3tFG%2B8F2JbDviFnwd0B30iftCRKr0aze6vOJY%3D&reserved=0> > > 3. Monitoring Interface YANG Data Model > > https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-nsf-monitoring-data-model-16 > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-i2nsf-nsf-monitoring-data-model-16&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Y7Q3ursUB3KalwVGmvSGJxQbohoN9yjjn4MwDXsOIvc%3D&reserved=0> > > 4. Consumer-Facing Interface YANG Data Model > > https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-consumer-facing-interface-dm-17 > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-i2nsf-consumer-facing-interface-dm-17&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OQNZ4F5iRKNe9G74OehRS%2BWLcBzJX%2FF9sok7f7sYBLY%3D&reserved=0> > > 5. Registration Interface YANG Data Model > > https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-registration-interface-dm-15 > <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-i2nsf-registration-interface-dm-15&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=CHYx5DQsaPESpsMD14nhTwTZa9ZSxlMXfc%2Bf61q14BY%3D&reserved=0> > > > ------------------------------------------------------------------------------------ > > > > The three of them (i.e., 1, 2, and 3) got the feedback of the IESG and > > the revisions have been sent to the IESG reviewers. > > > > The remaining two (i.e., 4, 5) are well-synchronized with the others. > > I will present the updates of them today's I2NSF WG. > > I attach the slides for them for your easy checking. > > > > Our AD Roman has concerns about the low energy of our I2NSF WG for the new > > work items in the I2NSF Re-chartering. > > > > Could you speak up your voice about your comments, interest, and support > of our I2NSF Re-Chartering? > > > > See you online at IETF-113 I2NSF WG Session today. > > > > Thanks. > > > > Best Regards, > > Paul > -- > > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Associate Professor > > Department Head > Department of Computer Science and Engineering > Sungkyunkwan University > Office: +82-31-299-4957 > Email: [email protected], [email protected] > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcpslab.skku.edu%2Fpeople-jaehoon-jeong.php&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C56912b91156d4740dcd408da13b4799e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637843963123356743%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=lArXzPvmAjhFcwKMhNgNEmpbnRo70lLtU0pEHU8HiHI%3D&reserved=0> > >
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
