Hi Linda, This was pushed down my stack by a not-so-unusual combination of urgent assignments. I am trying to get up-to-date with it...
· The automation of security management procedures, considering the integration with general automation and autonomic mechanisms, as defined by the OPS Area [Linda] This seems a very big area. Are you talking about Best Practices for Security management procedures? Is it possible to carve out a portion related to network security functions? As in the case of RATS (see below), what we have in mind is to analyze what is going on in the OPS area related to inventory and lifecycle management (see, for example, draft-palmero-opsawg-dmlmo-02 or draft-yg3bp-ccamp-optical-inventory-yang-01) and to service assurance (see draft-ietf-opsawg-service-assurance-architecture-02 as reference) to see how we could align I2NSF proposals, with the idea of making security management converge with these proposals · Mechanisms for guiding and verifying policy translation [Linda] Can you elaborate what are the input and out of the “Policy translation” so that we can understand the feasibility? The input would be high-level policy specifications using a formal (or at least controlled) language, plus information about topology and available NSFs, and the output would be YANG statements focused on the available NSFs. This could be related as well with asset management, as described above, in what relates to the selection of functions. · The implications for security management of recent developments: o Remote attestation procedures [Linda] Is this within the scope of RATS WG? If not, can you explain? It certainly is. The idea, as above, is to analyze how we can apply RATS mechanisms to improve the management of NSFs o Trusted and oblivious execution models [Linda] Do you mean execution models on the Network Security Functions? Yes. One of the common concerns about many NSFs is that their way of working interferes with user privacy requirements. The idea here would be to provide means to assess the trust a user decides to put on particular functions, considering the applicability of (totally or partially) oblivious execution of the NSFs. o Container-based virtualization approaches [Linda] Do you mean Container-based Network Security Functions? Yes. We have based our I2NSF model on implicit assumptions about virtualization very much relying on VM. We think container-based approaches need to be considered in detail as well. Be goode, -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D https://www.linkedin.com/in/dr2lopez/ e-mail: [email protected]<mailto:[email protected]> Mobile: +34 682 051 091 ---------------------------------- o Quantum-safe crypto (PQC, QKD…) o Distributed trust and execution infrastructures (along the work of DINRG and COINRG) · An extended capability model, suitable for the above items As you can imagine, we very much welcome this document and would be extremely interested in collaborating with you in developing it and the general approach to enhance trust in SFs managed through I2NSF. Be goode, -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D https://www.linkedin.com/in/dr2lopez/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fdr2lopez%2F&data=04%7C01%7Clinda.dunbar%40futurewei.com%7C4d1986ef81e14703708a08d9badf85db%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637746291467800513%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yLOtmNQbfp5UMaROIeV1hUK3vNebpMGr5YnRIrwDb%2Bs%3D&reserved=0> e-mail: [email protected]<mailto:[email protected]> Mobile: +34 682 051 091 ---------------------------------- On 02/12/2021, 04:46, "I2nsf on behalf of [email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]> on behalf of [email protected]<mailto:[email protected]>> wrote: Hi everyone, This is Penglin Yang from China Mobile Research Institute. Recently, we composed a document named trust enhanced I2NSF and submitted to the I2NSF group. (https://datatracker.ietf.org/doc/draft-yang-i2nsf-trust-enhanced-i2nsf/) The motivation of this document is trying to use remote attestation technology to augment the security and to enhance the trustworthiness of NSF. In this document we illustrated the architecture of trsuted enhanced I2NSF and the relevant interfaces. We sincerely welcome everyone to comment on this document. And if you are interested, we can work together to promote this idea to a better version. BR Penglin Yang CMCC ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
