David and Brian, In case you missed this email, can you answer those questions?
Thank you very much. Linda From: Linda Dunbar Sent: Monday, August 13, 2018 12:18 PM To: IPsecME WG <[email protected]>; [email protected]; 'David Carrel (carrel)' <[email protected]>; 'Brian Weis (bew)' <[email protected]> Subject: questions and comments to drat-carrel-ipsecme-controller-ike-00 David and Brian, In your draft, you assumed that Devices (e.g. A or B) sends its Public key to the Controller. In some SD-WAN deployment, Controller manages & distributes the "Public key" and "nonce" to each device to achieve Zero Touch Provisioning. Can you update the Figure 2 to reflect "Controller" sending "public key to devices"? Since this document is about Controller managed IKE, can we have a section on recommendation of which attributes of IPsec are suitable to be distributed by Controller? For example, - PAD (Peer Authentication Database) can be maintained by Controller for deployment of devices with constraint resource - Public key & nonce managed by Controller The Rekey process in Section 4 describes some occasions with a device having 2 or 4 SAs for each Peer (Section 4.2). Does it mean the receiving node has to use two different decryption keys? How does the receiving node know which one the sender actually used? The entire Section 4 description is no different from scenario of two peers' direct communication (i.e. without Controller being present), is it correct? Thank you very much Linda Dunbar
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
