Dear Xialiang: We are exploring different alternatives where the controller does not see or know the key material that will finally end in the NSFs.
In the current approach specified in the I-D, both Tx SA and Rx SA will still have different keys (inbound SA will have a different key than the outbound SA). The main discussion is whether it is suitable that a trusted entity such the controller sees the keys used in the inbound and outbound SA in case 2. Do you have any solution in mind? Best Regards. > El 12 jul 2018, a las 3:12, Xialiang (Frank, Network Integration Technology > Research Dept) <[email protected]> escribió: > > Hi authors, > In Section 5.2.1, to avoid exposure of other nodes once one node is > compromised, key materials for each pair must be different and irreversible, > this may cause performance issue with controller with large network during > initial setup and rekey. > > So, to distribute some of the SA key calculation to each device while still > avoiding negotiation latency, the other options is that controller can send > common key material to all NSFs, then NSF calculates actual SA key using the > common key and known local, peer info. This way, both peers can generate Tx > SA and Rx SA without negotiating with each other, also, the keys will be > unique for each tunnel. > > Will you consider this option? > > Thanks! > > B.R. > Frank ------------------------------------------------------- Rafa Marin-Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: [email protected] -------------------------------------------------------
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
