Hi Penglin, I am Paul in charge of I2NSF YANG Data Models such as NSF Capability, Consumer-Facing Interface, NSF-Facing Interface, Monitoring Interface, and Registration Interface.
I have read through your draft about remote NSF attestation interfaces and I became to know that your work is well-assigned to the next step of I2NSF WG for security management automation in the following draft: https://datatracker.ietf.org/doc/draft-jeong-i2nsf-security-management-automation/ The NSF attestation is very important to provide customers with stable and trustworthy I2NSF-based security services. However, we need to clarify the new components of your draft such as Endorser, Verifier/Relying Party, Reference Value Provider, and RoT (Root of Trust). Endorser is defined in https://datatracker.ietf.org/doc/html/draft-ietf-rats-architecture as follows: Endorser: A role performed by an entity (typically a manufacturer) whose Endorsements help Verifiers appraise the authenticity of Evidence. I think Endorse can be part of Developer's Management System (DMS) because DMS is an entity to provide the capability information of its NSF to Security Controller and also a virtualized NSF image as a VNF or container to the I2NSF framework. The overall structure of YANG modules of Trust Enhanced NSF Monitoring Interface and Trust Enhanced Registration interface look good to me. However, we need to make sure that these two new interface data models need to comply with the structure of NSF Monitoring Interface ( https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-nsf-monitoring-data-model-12 ) and Registration Interface ( https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-registration-interface-dm-13 ). I have much interest in this work on remote NSF attestation for I2NSF WG and want to contribute to the development of this draft for I2NSF evolution toward security management automation. Thanks. Best Regards, Paul On Thu, Dec 2, 2021 at 12:46 PM [email protected] < [email protected]> wrote: > Hi everyone, > > This is Penglin Yang from China Mobile Research Institute. Recently, we > composed a document named trust enhanced I2NSF and submitted to the I2NSF > group. ( > https://datatracker.ietf.org/doc/draft-yang-i2nsf-trust-enhanced-i2nsf/) > The motivation of this document is trying to use remote attestation > technology to augment the security and to enhance the trustworthiness of > NSF. In this document we illustrated the architecture of trsuted enhanced > I2NSF and the relevant interfaces. > > We sincerely welcome everyone to comment on this document. And if you are > interested, we can work together to promote this idea to a better version. > > BR > Penglin Yang > CMCC > > _______________________________________________ > I2nsf mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/i2nsf >
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
