On 8/22/13 6:05 PM, Zhangdacheng (Dacheng) wrote: > Hi, thanks a lot for the comments. I agree that it is reasonable to > allow the VNs of a same tenant to share a group key in order to > secure their communication. I will add this into the new version of > the draft.
I'm generally a fan of group keying but I think it's important to understand that it's not just a plug-and-play replacement for pairwise keying, and that in particular you'll need to pay more attention to authorization issues, as well as give some thought to the implications of sharing certain pieces of data among all members of a group. It may or may not be the right technology to solve a given problem, and any text proposing the use of group keys should be tightly scoped and constrained. I'm somewhat concerned that there's an "ooh, shiny!" thing going on here. Melinda _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
