I support the WG adoption because I think the I2RS WG needs it. However, I hope the authors can consider/address the following suggestions/comments:
When you think about the I2RS security, there are following different aspects: - Communication channel between I2RS client and Agent (and the channel between I2RS client and applications): The channel can be o Via physical Private network (e.g. within a secured direct connect within one site), o within one administrative domain, via virtual private network o Secured connection, such as TLS or IPSec o Public internet o .. - Authentication & Authorization o the authentication & authorization requirement for different communication channels can be different. Therefore, should have separate sections to address specific requirement for each communication channels between I2RS agent <-> clients (and client <-> applications) The current Section 4 of the draft already has very good description on the subject. I think 4.4.1 and 4.42 can be separated out of the section. - Encryption for the actual content between Client and Agent - DoS Design requirement (currently in Section 5.2.1) - Management of conflict with other plane (e.g. the management plane, multi-headed control, which has been discussed extensively in ephemeral draft) I think the draft should be organized from the aspects of the security to I2RS as suggested above. Here are some detailed questions and comments to the requirements listed in the document: Section 1: The second paragraph stated the security recommendations must "specifying where security functions may be hosted". First of all I don't see the draft address this aspect. Second, I think "where security functions are hosted" is orthogonal to "I2RS security" . [cid:[email protected]] Section 3: what does isolating two planes mean? does it mean they have different security requirement/issues? Or does it mean they need different protocols? What are the key differences with regard to the security requirements for I2RS plane and for management plane? Section 3.1 describes the interaction between I2RS plane and management plane. But I see the security requirement for the management plane is similar to I2RS plane . If you think that they are very different, can you elaborate more? Section 3.4 has title "Recommendations", but the content are all requirements. Why not name the section "Requirement"? REQ 2: Does it that a different IP address than the one used by the management system? How is REQ 22 different from REQ 21? REQ 27 is hard to enforce. How about say something like "shouldn't send any information beyond what have been defined by the I2RS data model"? REQ 30: simply controlling the resource can hardly prevent DoS. Malicious client can occupy the resource while the valid one can't access. Thanks for consideration, Linda From: i2rs [mailto:[email protected]] On Behalf Of Susan Hares Sent: Monday, August 17, 2015 12:50 PM To: [email protected] Cc: 'Jeffrey Haas'; [email protected]; 'Joel Halpern'; [email protected]; 'Alia Atlas' Subject: [i2rs] draft-mglt-i2rs-security-requirements-00 2 Week WG adoption call (8/17 to 8/31) This begins a 2 week WG adoption call for draft-mglt-i2rs-security-requirements. This draft discusses the security requirements for the I2RS environment. You can find the draft at: https://tools.ietf.org/html/draft-mglt-i2rs-security-environment-reqs-00 A security reviewer will review this draft during the time 8/20 to 8/25. We will post the security directorate review to this discussion. Sue Hares
_______________________________________________ i2rs mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2rs
