Re: [I2nsf] Request for Online Meeting for I2NSF WG Rechartering

pwd=RHpTUWpMVE42VFkzV1RWd0F5ZXRxZz09> Linda & Yoav > On 18 Nov 2020, at 14:02, Yoav Nir wrote: > > Hi. > > I\ve set a Zoom meeting for December 3rd. The link is below: > https://Dell.zoom.us/j/97095207458?pwd=RHpTUWpMVE42VFkzV1RWd0F5ZXRxZz09 > <http

Re: [I2nsf] Request for Online Meeting for I2NSF WG Rechartering

support for this proposed new work.  Ideally, there were would be excitement and willingness to implement from beyond the current set of authors on the inflight documents. Regards,Roman   From: I2nsf <i2nsf-boun...@ietf.org> On Behalf Of Mr. Jaehoon Paul Jeong Sent: Wednesday, November 11, 2

Re: [I2nsf] I2NSF Re-chartering Text

work > items > other than the authors of the current I2NSF WG and individual drafts. > With those people, I hope our I2NSF WG can have more energy. :) > > Thanks. > > Best Regards, > Paul > > On Mon, Nov 16, 2020 at 1:59 AM Yoav Nir <mailto:ynir.i...@gmail.com>

Re: [I2nsf] I2NSF Re-chartering Text

Hi, Paul As Roman said in a separate email message, we can’t schedule a meeting during IETF week. It also requires two weeks notice, so it anyway can only be done on the week of the 29th / first week of December. That’s not a bad thing: it will give people enough time to read the charter and f

Re: [I2nsf] [IPsec] [Last-Call] New Version Notification for draft-ietf-i2nsf-sdn-ipsec-flow-protection-11.txt

> On 31 Oct 2020, at 15:12, tom petch wrote: > > On 30/10/2020 22:42, Tero Kivinen wrote: >> Roman Danyliw writes: >> It seems to me that the IANA entries for IKEv2 are incomplete. >> RFC8247 does a fine job of specifying algorithms and adding >> information such as status (MUST/SHO

[I2nsf] Publication has been requested for draft-ietf-i2nsf-sdn-ipsec-flow-protection-07

Yoav Nir has requested publication of draft-ietf-i2nsf-sdn-ipsec-flow-protection-07 as Proposed Standard on behalf of the I2NSF working group. Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-i2nsf-sdn-ipsec-flow-prote

[I2nsf] Publication has been requested for draft-ietf-i2nsf-capability-05

Yoav Nir has requested publication of draft-ietf-i2nsf-capability-05 as Proposed Standard on behalf of the I2NSF working group. Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-i2nsf-capability/ ___ I2nsf mailing

[I2nsf] Fwd: New Version Notification for draft-nir-i2nsf-ipsec-dc-prof-00.txt

t > Date: 23 July 2019 at 23:25:52 GMT-4 > To: "Yoav Nir" > > > A new version of I-D, draft-nir-i2nsf-ipsec-dc-prof-00.txt > has been successfully submitted by Yoav Nir and posted to the > IETF repository. > > Name: draft-nir-i2nsf-ipsec-dc-prof > Re

Re: [I2nsf] I-D Action: draft-ietf-i2nsf-sdn-ipsec-flow-protection-05.txt

uld > act in this situation to ensure that the consistence of the > network is preserved despite all the possible delays etc. > > Regards, > Valery. > > > From: Rafa Marin Lopez > Sent: Monday, July 22, 2019 6:11 PM > To: Valery Smyslov > Cc: Rafa Marin Lopez ;

Re: [I2nsf] I-D Action: draft-ietf-i2nsf-sdn-ipsec-flow-protection-05.txt

Hi, Valery [no hats] Thanks for that. I think this demonstrates that the current document is not enough and we will need some follow-up documents explaining when to use either case. I don’t think it’s very useful for the controller to distribute a policy (SPD entries) but no SAs (SAD entries)

Re: [I2nsf] I-D Action: draft-ietf-i2nsf-sdn-ipsec-flow-protection-05.txt

Thanks for getting this done and published. We will wait with requesting publication until the I2NSF session next week. Between now and then, please re-read the draft and send a message to the list is something is seriously wrong. Barring any such shouting, we will request publication right af

Re: [I2nsf] IPR Statements about I2NSF documents

o chime in. We will raise this issue one more time at the meeting, just to make sure everyone has been heard from. Thanks, Linda & Yoav > On 6 Jun 2019, at 20:27, Yoav Nir wrote: > > Hi > > Yesterday we got 5 IPR statements ([1], [2], [3], [4], [5]) related to the >

[I2nsf] IPR Statements about I2NSF documents

Hi Yesterday we got 5 IPR statements ([1], [2], [3], [4], [5]) related to the following drafts respectively: draft-ietf-i2nsf-nsf-facing-interface-dm draft-ietf-i2nsf-nsf-monitoring-data-model draft-ietf-i2nsf-capability-data-model draft-ietf-i2nsf-registration-interface-dm draft-ietf-i2nsf-cons

Re: [I2nsf] WGLC and IPR poll for draft-ietf-i2nsf-capability-data-model

There’s a bunch of disclosures with those terms. We’ll start a thread about this later today. > On 6 Jun 2019, at 6:53, Paul Wouters wrote: > > > On Jun 5, 2019, at 23:05, Mr. Jaehoon Paul Jeong > wrote: > >> Hi Linda and Yoav, >> As a coauthor, I am aware of

Re: [I2nsf] [yang-doctors] Need YANG Doctor reviewing the YANG module of draft-ietf-i2nsf-sdn-ipsec-flow-protection which I2NSF is about to call WGLC

description “The acceptable numbers are defined in IANA > Registry - Internet Key Exchange Version 2 (IKEv2) Parameters - IKEv2 > Transform Type 1 - Encryption Algorithm Transform IDs"; > } > > Is this reasonable? > > >> El 5 abr 2019, a las 20:13

Re: [I2nsf] [yang-doctors] Need YANG Doctor reviewing the YANG module of draft-ietf-i2nsf-sdn-ipsec-flow-protection which I2NSF is about to call WGLC

At this point I’m wondering if it would not be a better strategy to avoid all enumerations of algorithms, whether they are spelled out or imported from draft-ietf-netconf-crypto-types, and instead use the numbers from the IANA registry for IPsec. That does not help us deprecate old algorithms,

Re: [I2nsf] [IPsec] Review of draft-ietf-i2nsf-sdn-ipsec-flow-protection-03 (Section 1)

A couple of remarks (with no hats) If we’re bikeshedding the names, I think the difference is that in one case the two NSFs generate traffic keys between themselves, and in the other it is the controller that generates the keys for them. So how about “distributed keying” vs “centralized keying

Re: [I2nsf] Review of draft-ietf-i2nsf-sdn-ipsec-flow-protection-03

> On 20 Nov 2018, at 17:14, Paul Wouters wrote: > > On Mon, 19 Nov 2018, Rafa Marin Lopez wrote: > >>> Based on the introduction and abstract of the draft, this document does two >>> things: >>> >>> 1) Specify a yang model for use with SDWAN + IKE + IPsec >>> 2) Define the desired modes and

Re: [I2nsf] Reviewing sdn-ipsec-flow-protection

Thanks, Rafa. Just one response below. > On 14 Nov 2018, at 11:30, Rafa Marin-Lopez wrote: > > Hi Yoav: > >> El 8 nov 2018, a las 17:11, Yoav Nir > <mailto:ynir.i...@gmail.com>> escribió: >> >> Hi, all >> >> As discussed in the r

[I2nsf] Reviewing sdn-ipsec-flow-protection

Hi, all As discussed in the room, we need some reviewers for the sdn-ipsec-flow-protection draft ([1]) While any comments on any part of the document are welcome, I would like people to concentrate on the following issues: The YANG model in Appendix A Some of the crypto seems obsolete (example:

Re: [I2nsf] [IPsec] How about simplified IKE? RE: IPsec Flow Protection @I2NSF

> On 17 Jul 2018, at 11:38, Rafa Marin-Lopez wrote: > Regarding the question about smart objects, I do not understand why a > constrained device cannot be a flow-based NSF. > I don’t think IOT devices are going to be NSFs. There is no hard definition for what a smart object is, but som

Re: [I2nsf] How about simplified IKE? RE: [IPsec] IPsec Flow Protection @I2NSF

opinion? Issues? > > Linda Dunbar > >   <> > From: IPsec [mailto:ipsec-boun...@ietf.org <mailto:ipsec-boun...@ietf.org>] > On Behalf Of Yoav Nir > Sent: Monday, July 16, 2018 3:11 PM > To: IPsecME WG mailto:ip...@ietf.org>> > Subject: [IPsec] IPsec Flow P

Re: [I2nsf] WG Adoption call for draft-hares-i2nsf-capability-data-model-07

Thanks to all who replied. The response was overwhelmingly positive, so we judge that there is consensus for adoption. Standard question for draft authors: Are you all willing to continue editing this document? We will assume the answer is yes; please reply to the list or to the chairs priva

Re: [I2nsf] Calling for IETF101 I2NSF WG session agenda request. If you need remote presentations, please let us know as soon as possible

Hi, Paul That’s a total of 75 minutes, 70 of them for various drafts. So what is the intent here? Last time we had a whole bunch of presentations that were pretty much a primer on what this draft is about. Working group sessions are supposed to be about discussion, and the attendees are assume

Re: [I2nsf] WG Adoption call for https://tools.ietf.org/html/draft-kim-i2nsf-nsf-facing-interface-data-model-04

hanks. > > Best Regards, > Paul > > > On Fri, Feb 16, 2018 at 4:14 AM, Yoav Nir <mailto:ynir.i...@gmail.com>> wrote: > Thanks to all who participated. > > We believe that there is rough consensus to adopt this document as a starting > point for the gro

Re: [I2nsf] WG Adoption call for https://tools.ietf.org/html/draft-kim-i2nsf-nsf-facing-interface-data-model-04

Thanks to all who participated. We believe that there is rough consensus to adopt this document as a starting point for the group to work on. Authors, please resubmit this document as a working group document with the name draft-ietf-i2nsf-nsf-facing-interface-dm-00. Yoav (on behalf of the WG

Re: [I2nsf] WG Adoption call for https://tools.ietf.org/html/draft-jeong-i2nsf-consumer-facing-interface-dm-04

Thanks to all who participated. We believe that there is rough consensus to adopt this document as a starting point for the group to work on. Authors, please resubmit this document as a working group document with the name draft-ietf-i2nsf-consumer-facing-interface-dm-00. Yoav (on behalf of th

Re: [I2nsf] draft-ietf-i2nsf-sdn-ipsec-flow-protection

Thanks, Benoit. Authors: Please change this in your working copy so that we can get it right in the next revision (-01) Something like: file "ietf-ip...@2018-01-08.yang” or file "ietf-ip...@2017-10-28.yang" It’s also fine to make the date earlier if you

Re: [I2nsf] Document Action: 'Framework for Interface to Network Security Functions' to Informational RFC (draft-ietf-i2nsf-framework-10.txt)

> This framework is not directly implementable, but it underpins the work > of the working group. At least one vendor is building a system based on > the work of the working group and following this framework as an > architecture. There has also been experimentation at IETF hackat

Re: [I2nsf] Can you please send the slides for the i2nsf registration IM/DM drafts for today’s meeting

Thanks. Uploading... > On 14 Nov 2017, at 10:34, Sangwon Hyun wrote: > > Hi Linda, > > Here are the slides from the SKKU group. > > One thing to note is that our I2NSF Hackathon Project was awarded the Best > Student Project. > > Thanks for your coordination. > > Best Regards, > Sangwon >

Re: [I2nsf] Request for WG Adoption Call for I2NSF Data Model Drafts

Hi, John > On 2 Nov 2017, at 7:08, John Strassner wrote: > Second, my worry is that draft-kumar is not ready. It is not an information > model; rather, it is (at best) requirements that could be turned into an > information model. In addition, it needs to be integrated with the existing > c

Re: [I2nsf] I-D Action: draft-ietf-i2nsf-sdn-ipsec-flow-protection-00.txt

And now it is. > On 29 Oct 2017, at 7:09, Paul Wouters wrote: > > On Sat, 28 Oct 2017, internet-dra...@ietf.org wrote: > >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Interface to Network Security Functions WG >> of t

[I2nsf] Virtual Interim Meeting - Starting Now!!!

In case you missed the timezone conversion. ___ I2nsf mailing list I2nsf@ietf.org https://www.ietf.org/mailman/listinfo/i2nsf

Re: [I2nsf] Call for adoption of draft-abad-i2nsf-sdn-ipsec-flow-protection

On 15 Sep 2017, at 11:09, Yoav Nir wrote: > > Hi all > > This starts a two-week call for adoption of > draft-abad-i2nsf-sdn-ipsec-flow-protection. Please send in your comments both > for and against adopting this as a working group document by EOD Monday, > October 2nd.

Re: [I2nsf] [IPsec] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is.

Hi, Paul > On 19 Sep 2017, at 1:31, Paul Wouters wrote: > > On Mon, 18 Sep 2017, Linda Dunbar wrote: > >> If we need to use IPsec tunnels to connect a group of CPE devices, (as shown >> in the figure I sent earlier), do you still need DNS? Or the Key >> management will be managed by the "Zero

[I2nsf] Call for adoption of draft-abad-i2nsf-sdn-ipsec-flow-protection

Hi all This starts a two-week call for adoption of draft-abad-i2nsf-sdn-ipsec-flow-protection. Please send in your comments both for and against adopting this as a working group document by EOD Monday, October 2nd. As always, adoption by the working group does not require consensus on the det

Re: [I2nsf] your example (like Gap) about IPSec VPN gateway deployed in shopping mall not aware of where the controller is.

Hi, Linda The reason I brought up the Gap was because they described their network in a Packet Pusher’s episode ([1]). And the solution for them was some vendor’s SD-WAN solution. As far as I can tell, each vendor’s SD-WAN solution is proprietary and non-interoperable with other vendors’ SD-WA

Re: [I2nsf] interim tomorrow

And now it is Sent from my Windows 10 phone From: Yoav Nir Sent: Wednesday, September 6, 2017 7:54 To: Michael Richardson Cc: i2nsf@ietf.org; ipsec-cha...@ietf.org Subject: Re: [I2nsf] interim tomorrow It can and it will. Later today… > On 6 Sep 2017, at 4:46, Michael Richardson wr

Re: [I2nsf] interim tomorrow

It can and it will. Later today… > On 6 Sep 2017, at 4:46, Michael Richardson wrote: > > Maybe I should ask the i2nsf chairs instead. > > Michael Richardson wrote: >> Could the agenda, which the IETF calendar links to at: >> https://datatracker.ietf.org/meeting/interim-2017-i2nsf-01/materials

[I2nsf] I2NSF Virtual Interim meeting on IPsec and draft-abad [Doodle]

PRODID:-//Apple Inc.//Mac OS X 10.12.6//EN BEGIN:VEVENT TRANSP:OPAQUE DTEND:20170906T173000Z ORGANIZER;SCHEDULE-AGENT=CLIENT:MAILTO:mai...@doodle.com UID:1504713602039394...@doodle.biz DTSTAMP:20170808T210655Z LOCATION:It's virtual DESCRIPTION:Initiated by Yoav Nir\nThe I2NSF meeting in Pragu

Re: [I2nsf] Is there any objection of merging the content from draft-ietf-i2nsf-terminology to draft-ietf-i2nsf-framework draft?

ail really is only > for context and to help you understand how we got to where we are. > > Cheers, > Adrian > > > -Original Message- > > From: I2nsf [mailto:i2nsf-boun...@ietf.org] On Behalf Of Kathleen Moriarty > > Sent: 02 August 2017 20:17 > > To:

Re: [I2nsf] I2NSF Virtual Interim meeting on IPsec and draft-abad

Sorry for the confusion, but it turns out that some key people can’t make it in August. I’ve updated the poll with dates in September. Thanks > On 28 Jul 2017, at 13:02, Yoav Nir wrote: > > Hi folks. > > This message is cross-posted to both the IPsec list and the i2nsf list.

[I2nsf] I2NSF Virtual Interim meeting on IPsec and draft-abad

Hi folks. This message is cross-posted to both the IPsec list and the i2nsf list. During the F2F meeting in Prague it was apparent that there is a disconnect between the SDN people and the VPN people. ISTM that the best way to solve this is to hold a virtual interim meeting for longer than the

Re: [I2nsf] [IPsec] draft-abad-i2nsf-sdn-ipsec-flow-protection

> On 20 Jul 2017, at 9:56, Valery Smyslov wrote: > > Hi Gabriel, > > I think that at this point the discussion is not very productive. > I admit that I’m not very familiar with SDNs, so I have to > blindly trust you when you state that the SDN Controller > knows everything and is able to contro

Re: [I2nsf] [IPsec] draft-abad-i2nsf-sdn-ipsec-flow-protection

:34, Yaron Sheffer wrote: > > On 18/07/17 17:14, Yoav Nir wrote: >> I mostly agree, but one point… >> >>> On 18 Jul 2017, at 17:06, Tero Kivinen wrote: >> >> >>> This I think is important question, i.e., what is the gain for not >>> running

Re: [I2nsf] [IPsec] draft-abad-i2nsf-sdn-ipsec-flow-protection

I mostly agree, but one point… > On 18 Jul 2017, at 17:06, Tero Kivinen wrote: > This I think is important question, i.e., what is the gain for not > running IKEv2 between the nodes? > Simpler gateway, less code, no PK operations, no need for random number generator. The counter-argument i

Re: [I2nsf] Aid from Yaov

Sorry. Just saw your mail. Corrected. > On 18 Jul 2017, at 15:00, Susan Hares wrote: > > Yaov: > > As scribe, I did not hear all of what you said in order to record it for the > I2NSF notes. Please look at the notes in the etherpad and add some of your > comments. > http://etherpad.tools.ie

Re: [I2nsf] sharing key among multiple end points vs. Group Encryption Key - draft-abad-i2nsf-sdn-ipsec-flow-protectio

Hi, Linda > On 21 Apr 2017, at 0:40, Linda Dunbar wrote: > > Yoav, > > You said that it is a bad idea to have "sharing key among multiple points" as > introduced by draft-abad-i2nsf-sdn-ipsec-flow-protection. > > Isn't the "Group Encryption Key" of having a "Key Server" distributing the > ke

Re: [I2nsf] draft-abad-i2nsf-sdn-ipsec-flow-protection and SD-WAN

Hi, Dave. On 22 Jul 2016, at 1:02 PM, David Carrel wrote: > I am quite interested in the notion of integrating IKE (or IKE-like) security > and functionality into the SD-WAN controller messaging. My company does this > now, though not in a standard way. All IPSEC key management comes from th

[I2nsf] draft-abad-i2nsf-sdn-ipsec-flow-protection and SD-WAN

Hi In addition to what we said at the meeting, I’d like to mention that what the draft is proposing seems to be a subset of what SD-WAN vendors are doing. I apologize in advance for using the terms NSF and SD-WAN gateway interchangeably. For those not familiar, Wikipedia has a so-so article abo