Dear Rafa, Thanks for pointing us to this draft. We now have a better understanding on how i2nsf WG would likely address the dynamic key distribution requirements.
We, on the other hand, are in the process of defining the control plane architecture to be integrated with SDN Controllers, focusing on automated registration, certificate issuance and dynamic trust establishment between gateways/SFs positioned across different security domains. These will be the pre-cursory requirements for dynamic key distribution, if Gateways/SFs don’t already share the trust relationship. Thus, we don’t see any overlap per say between what we are working on and this particular work, but these are certainly adjacent to each other. We’ll perhaps request for your review once we are done with our part, and incorporate your comments, if you would have any. If you would like to take a look at the current version of our draft, you can find it here – https://datatracker.ietf.org/doc/draft-chattopadhyay-sdnrg-multi-party-sdn-trust/. Thanks again for your kind response. Warm Regards, Saurabh From: Rafa Marin-Lopez [mailto:[email protected]] Sent: Tuesday, November 22, 2016 11:29 PM To: Saurabh Chattopadhyay - ERS, HCL Tech <[email protected]> Cc: Rafa Marin-Lopez <[email protected]>; [email protected]; [email protected]; King, Daniel <[email protected]>; Liushucheng (Will) <[email protected]>; Kaushik Datta - ERS, HCL Tech <[email protected]>; Kohei Shiomoto <[email protected]>; Gabriel Lopez Millan <[email protected]>; Sowmini Varadhan <[email protected]> Subject: Re: [I2nsf] Queries on i2nsf's intended coverage over multi-domain opsec automated provisioning Dear Saurabh: Regarding your comment about "a dynamic key distribution mechanism to NSFs”, we would like to point you out to our work regarding an SDN-based IPsec Key management, where key distribution is performed to establish IPsec security associations. We also consider the case of having two (or multiple) SDN controllers . See Section 10.2. Gateway-to-gateway under different SDN controllers. Here, an interface between SDN controllers will be required. Although it is focused on IPsec, other security associations may be considered in the future. Is this related with what you had in mind? Best Regards. El 18 nov 2016, a las 7:57, Saurabh Chattopadhyay - ERS, HCL Tech <[email protected]<mailto:[email protected]>> escribió: Dear Authors, I and my co-author are currently working on SDN& NFV operation security related area, and developing a draft in SDN Research Group. We wanted to understand from you on certain aspects of i2nsf problem statement and its intended coverage, thus writing this mail. From the draft (draft-ietf-i2nsf-problem-and-use-cases-04), we understood that you have acknowledged the challenges associated to scenarios where NSFs being present in heterogeneous administrative domains, and also have considered developing a dynamic key distribution mechanism to NSFs. In this context, we have the following queries – • In certain scenarios, dynamic key distribution appears to be a requirement for endpoints and other (non-security) functions as well. Do you intend to develop the mechanism in a generic fashion that can be leveraged by other entities as well? • Specially for multi-domain scenarios, dynamic key distribution may need some pre-cursory requirements to comply with, these are mostly around setting up inter-domain trust and certificate chaining. Do you consider these to be pre-provisioned, before the i2nsf specified mechanism starts off? We’ll look forward to your response on this. Warm Regards, Saurabh ::DISCLAIMER:: ---------------------------------------------------------------------------------------------------------------------------------------------------- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ---------------------------------------------------------------------------------------------------------------------------------------------------- _______________________________________________ I2nsf mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/i2nsf ------------------------------------------------------- Rafa Marin-Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: [email protected]<mailto:[email protected]> -------------------------------------------------------
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
