Dear Saurabh: Regarding your comment about "a dynamic key distribution mechanism to NSFs”, we would like to point you out to our work regarding an SDN-based IPsec Key management, where key distribution is performed to establish IPsec security associations. We also consider the case of having two (or multiple) SDN controllers . See Section 10.2. Gateway-to-gateway under different SDN controllers. Here, an interface between SDN controllers will be required.
Although it is focused on IPsec, other security associations may be considered in the future. Is this related with what you had in mind? Best Regards. > El 18 nov 2016, a las 7:57, Saurabh Chattopadhyay - ERS, HCL Tech > <[email protected]> escribió: > > Dear Authors, > > I and my co-author are currently working on SDN& NFV operation security > related area, and developing a draft in SDN Research Group. We wanted to > understand from you on certain aspects of i2nsf problem statement and its > intended coverage, thus writing this mail. > > From the draft (draft-ietf-i2nsf-problem-and-use-cases-04), we understood > that you have acknowledged the challenges associated to scenarios where NSFs > being present in heterogeneous administrative domains, and also have > considered developing a dynamic key distribution mechanism to NSFs. In this > context, we have the following queries – > > · In certain scenarios, dynamic key distribution appears to be a > requirement for endpoints and other (non-security) functions as well. Do you > intend to develop the mechanism in a generic fashion that can be leveraged by > other entities as well? > · Specially for multi-domain scenarios, dynamic key distribution may > need some pre-cursory requirements to comply with, these are mostly around > setting up inter-domain trust and certificate chaining. Do you consider these > to be pre-provisioned, before the i2nsf specified mechanism starts off? > > We’ll look forward to your response on this. > > Warm Regards, > Saurabh > > > > ::DISCLAIMER:: > ---------------------------------------------------------------------------------------------------------------------------------------------------- > The contents of this e-mail and any attachment(s) are confidential and > intended for the named recipient(s) only. > E-mail transmission is not guaranteed to be secure or error-free as > information could be intercepted, corrupted, > lost, destroyed, arrive late or incomplete, or may contain viruses in > transmission. The e mail and its contents > (with or without referred errors) shall therefore not attach any liability on > the originator or HCL or its affiliates. > Views or opinions, if any, presented in this email are solely those of the > author and may not necessarily reflect the > views or opinions of HCL or its affiliates. Any form of reproduction, > dissemination, copying, disclosure, modification, > distribution and / or publication of this message without the prior written > consent of authorized representative of > HCL is strictly prohibited. If you have received this email in error please > delete it and notify the sender immediately. > Before opening any email and/or attachments, please check them for viruses > and other defects. > ---------------------------------------------------------------------------------------------------------------------------------------------------- > _______________________________________________ > I2nsf mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/i2nsf > <https://www.ietf.org/mailman/listinfo/i2nsf> ------------------------------------------------------- Rafa Marin-Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: [email protected] -------------------------------------------------------
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
