Hi, Authors
First of all, I do support this draft. A comment on the CP
security section.
In order to enforce the security boundary of different VNs in the
existence of inside adversaries, the signaling messages belonging to
different VNs need to be secured by different keys.
This has a requirement that each VN must have a different keys.
In a large data center, the number of VN can be huge. Therefore it may be a
problem at key management. Of cause there is no technology issue when
generating that amount of security keys. However, it is going to be hard for
key management. So my proposal is that we shall allow a group key to be used
for a group of VNs, in order to optimize the key management function.
Best Regards
Zu Qiang
_______________________________________________
nvo3 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nvo3
