Hi, thanks a lot for the comments. I agree that it is reasonable to allow the VNs of a same tenant to share a group key in order to secure their communication. I will add this into the new version of the draft.
Cheers Dacheng From: [email protected] [mailto:[email protected]] On Behalf Of Zu Qiang Sent: Wednesday, August 14, 2013 8:01 PM To: NVO3 Subject: [nvo3] draft-hartman-nvo3-security-requirements Hi, Authors First of all, I do support this draft. A comment on the CP security section. In order to enforce the security boundary of different VNs in the existence of inside adversaries, the signaling messages belonging to different VNs need to be secured by different keys. This has a requirement that each VN must have a different keys. In a large data center, the number of VN can be huge. Therefore it may be a problem at key management. Of cause there is no technology issue when generating that amount of security keys. However, it is going to be hard for key management. So my proposal is that we shall allow a group key to be used for a group of VNs, in order to optimize the key management function. Best Regards Zu Qiang
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
