Hi all. > El 14 nov 2018, a las 10:30, Rafa Marin-Lopez <[email protected]> escribió: > > Hi Yoav: > >> El 8 nov 2018, a las 17:11, Yoav Nir <[email protected] >> <mailto:[email protected]>> escribió: >> >> Hi, all >> >> > >> The interaction between Controller and NSF >> There’s no way for the controller to retrieve NSF capabilities. What if the >> NSF does not implement rc5? It’s fine if we say that the Controller knows >> in advance what the capabilities of each NSF are, but it should be stated. > > Agree. Nevertheless, I would say that the most correct way is when the > controller asks the NSF about capabilities after NSF and controller connect.
Regarding this question, we wonder how the controller knows about the capabilities provided by each IPsec NSF. As Rafa pointed out, one way is that the NSF could provide them by itself during the NSF’s registration process into the controller. Another way is that the controller receives the capabilities for a set of NSFs from an external entity. Following the I2NSF Reference Model in RFC 8329, it is assumed this role is assigned to the “Developer’s Management System”. In our concrete example where a NSF provides IPsec-based security functions, our understanding of that IPsec capabilities refer the set of features a IPsec NSF node is able to support. A (non-exhaustive) list is: - IKE support - IKEless support - For IKE case: authentication and encryption algorithms, dh_groups, authentication method, NAT traversal support, etc. - For IKEless case: authentication, integrity and encryption algorithms, AH support, etc. We would like to draw attention to IPsec-based NSFs and suggest authors of these drafts to consider the usage of the capabilities model to inform the security controller about IPsec capabilities. Thanks in advance and best regards, Gabi. > > _______________________________________________ > I2nsf mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/i2nsf ----------------------------------------------------------- Gabriel López Millán Departamento de Ingeniería de la Información y las Comunicaciones University of Murcia Spain Tel: +34 868888504 Fax: +34 868884151 email: [email protected]
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
