Dear Rafa, Apologies for the delay, it took me some time to read through the draft. I think there is a good potential to cross leverage our work. I’ll just initiate a separate thread to explore this.
Regards, Saurabh -----Original Message----- From: I2nsf [mailto:[email protected]] On Behalf Of Rafa Marin Lopez Sent: Sunday, November 27, 2016 10:31 PM To: Saurabh Chattopadhyay - ERS, HCL Tech <[email protected]> Cc: Kaushik Datta - ERS, HCL Tech <[email protected]>; [email protected]; Kohei Shiomoto <[email protected]>; Gabriel Lopez Millan <[email protected]>; Liushucheng (Will) <[email protected]>; Rafa Marin Lopez <[email protected]>; Sowmini Varadhan <[email protected]>; King, Daniel <[email protected]>; [email protected] Subject: Re: [I2nsf] Queries on i2nsf's intended coverage over multi-domain opsec automated provisioning Dear Saurabh: Thank you for the clarification and the pointer. Although I haven’t had the opportunity of taking a look to your I-D carefully (I will do it), I have seen that you refer to ABFAB and AAA. Maybe this I-D we wrote a year ago may be of your interest as well, since it is related with AAA infrastructures and the establishment of security associations between AAA agents. https://tools.ietf.org/html/draft-marin-sdnrg-sdn-aaa-mng-00 "This document describes the management of Authentication, Authorization and Accounting (AAA) infraesctrutures by means of a Software-Defined Network (SDN) controller and raises the requirements to support this service. It considers the management of AAA routing and the establishment of security associations between AAA entities.” Best Regards. > El 27 nov 2016, a las 5:36, Saurabh Chattopadhyay - ERS, HCL Tech > <[email protected]> escribió: > > Dear Rafa, > > Thanks for pointing us to this draft. We now have a better understanding on > how i2nsf WG would likely address the dynamic key distribution requirements. > > We, on the other hand, are in the process of defining the control plane > architecture to be integrated with SDN Controllers, focusing on automated > registration, certificate issuance and dynamic trust establishment between > gateways/SFs positioned across different security domains. These will be the > pre-cursory requirements for dynamic key distribution, if Gateways/SFs don’t > already share the trust relationship. Thus, we don’t see any overlap per say > between what we are working on and this particular work, but these are > certainly adjacent to each other. We’ll perhaps request for your review once > we are done with our part, and incorporate your comments, if you would have > any. > If you would like to take a look at the current version of our draft, you can > find it here – > https://datatracker.ietf.org/doc/draft-chattopadhyay-sdnrg-multi-party-sdn-trust/. > > Thanks again for your kind response. > > Warm Regards, > Saurabh > > From: Rafa Marin-Lopez [mailto:[email protected]] > Sent: Tuesday, November 22, 2016 11:29 PM > To: Saurabh Chattopadhyay - ERS, HCL Tech > <[email protected]> > Cc: Rafa Marin-Lopez <[email protected]>; > [email protected]; [email protected]; King, > Daniel <[email protected]>; Liushucheng (Will) > <[email protected]>; Kaushik Datta - ERS, HCL Tech > <[email protected]>; Kohei Shiomoto > <[email protected]>; Gabriel Lopez Millan <[email protected]>; > Sowmini Varadhan <[email protected]> > Subject: Re: [I2nsf] Queries on i2nsf's intended coverage over > multi-domain opsec automated provisioning > > Dear Saurabh: > > Regarding your comment about "a dynamic key distribution mechanism to NSFs”, > we would like to point you out to our work regarding an SDN-based IPsec Key > management, where key distribution is performed to establish IPsec security > associations. We also consider the case of having two (or multiple) SDN > controllers . See Section 10.2. Gateway-to-gateway under different SDN > controllers. Here, an interface between SDN controllers will be required. > > Although it is focused on IPsec, other security associations may be > considered in the future. > > Is this related with what you had in mind? > > Best Regards. > El 18 nov 2016, a las 7:57, Saurabh Chattopadhyay - ERS, HCL Tech > <[email protected]> escribió: > > Dear Authors, > > I and my co-author are currently working on SDN& NFV operation security > related area, and developing a draft in SDN Research Group. We wanted to > understand from you on certain aspects of i2nsf problem statement and its > intended coverage, thus writing this mail. > > From the draft (draft-ietf-i2nsf-problem-and-use-cases-04), we > understood that you have acknowledged the challenges associated to > scenarios where NSFs being present in heterogeneous administrative > domains, and also have considered developing a dynamic key > distribution mechanism to NSFs. In this context, we have the following > queries – > > > · In certain scenarios, dynamic key distribution appears to be a > requirement for endpoints and other (non-security) functions as well. Do you > intend to develop the mechanism in a generic fashion that can be leveraged by > other entities as well? > · Specially for multi-domain scenarios, dynamic key distribution may > need some pre-cursory requirements to comply with, these are mostly around > setting up inter-domain trust and certificate chaining. Do you consider these > to be pre-provisioned, before the i2nsf specified mechanism starts off? > > We’ll look forward to your response on this. > > Warm Regards, > Saurabh > > > > ::DISCLAIMER:: > ---------------------------------------------------------------------- > ---------------------------------------------------------------------- > -------- The contents of this e-mail and any attachment(s) are > confidential and intended for the named recipient(s) only. > E-mail transmission is not guaranteed to be secure or error-free as > information could be intercepted, corrupted, lost, destroyed, arrive > late or incomplete, or may contain viruses in transmission. The e mail and > its contents (with or without referred errors) shall therefore not attach any > liability on the originator or HCL or its affiliates. > Views or opinions, if any, presented in this email are solely those of > the author and may not necessarily reflect the views or opinions of > HCL or its affiliates. Any form of reproduction, dissemination, > copying, disclosure, modification, distribution and / or publication of this > message without the prior written consent of authorized representative of HCL > is strictly prohibited. If you have received this email in error please > delete it and notify the sender immediately. > Before opening any email and/or attachments, please check them for viruses > and other defects. > ---------------------------------------------------------------------- > ---------------------------------------------------------------------- > -------- _______________________________________________ > I2nsf mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/i2nsf > > ------------------------------------------------------- > Rafa Marin-Lopez, PhD > Dept. Information and Communications Engineering (DIIC) Faculty of > Computer Science-University of Murcia > 30100 Murcia - Spain > Telf: +34868888501 Fax: +34868884151 e-mail: [email protected] > ------------------------------------------------------- > > > > > _______________________________________________ > I2nsf mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/i2nsf ------------------------------------------------------- Rafael Marin Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: [email protected] ------------------------------------------------------- _______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf ::DISCLAIMER:: ---------------------------------------------------------------------------------------------------------------------------------------------------- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ---------------------------------------------------------------------------------------------------------------------------------------------------- _______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
