> On 17 Jul 2018, at 11:38, Rafa Marin-Lopez wrote:
> Regarding the question about smart objects, I do not understand why a
> constrained device cannot be a flow-based NSF.
>
I don’t think IOT devices are going to be NSFs. There is no hard definition
for what a smart object is, but
Please send your presentation slides for Wed I2NSF WG session ASAP if you
haven't done so.
Here is the agenda for tomorrow's I2NSF session:
https://datatracker.ietf.org/meeting/102/materials/agenda-102-i2nsf-00
Linda & Yoav
___
I2nsf mailing list
Hi all,
I don’t have the clear observation of how popular the IKEv2 is supported by
most of the OS, my straight thought is something without IKEv2 for simplicity,
light weight implementation and cost saving has its feasibility now and in the
future.
The other point we should consider is the
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Interface to Network Security Functions WG of
the IETF.
Title : Applicability of Interfaces to Network Security
Functions to Network-Based Security Services
Dave,
That would be great! Any suggestions to provide stronger protections are
appreciated.
Thanks, Linda
From: David Carrel (carrel) [mailto:car...@cisco.com]
Sent: Tuesday, July 17, 2018 1:20 PM
To: Linda Dunbar ; Yoav Nir ;
IPsecME WG
Cc: i2nsf@ietf.org
Subject: Re: [I2nsf] How about
Linda,
Brian and I put together a draft to address the Case #2 with stronger
protections for key security. We will be presenting this in the IPSEME
meeting. The highlights of the draft are that it uses Diffie-Hellman to ensure
that all keys are only known to the end nodes and while the
Linda Dunbar writes:
> There are two cases proposed by SDN controlled IPsec Flow Protection:
>
> - Case 1 is SDN controller only sending down the IPsec configuration
> attributes to End points, and End Points supports the IKEs and SA
> maintenance.
>
> - Case 2 is end points not supporting
Dear Yue,
I see your point.
Please refer to the "Information Model of NSFs Capabilities" document
(draft-ietf-i2nsf-capability-02).
To the best of my knowledge, data models will be (derived from and) made
coherent with the Information Model as soon as it will be (close to) final.
Regards,
Hi Diego and Aldo,
Thanks for your comments. I think generally we have got your idea. But
personally I still have a question:
In the I2NSF capability data model [draft-ietf-i2nsf-capability-data-model-01],
the content security capability part contains the antiviurs, ips, ids, and etc.
Hi Diego,
We got your point, which makes sense.
We will consider how to make the security capability to be abstract and general
enough, and independent with any particular kind of device. Although it's not
so straightforward to achieve, it is indeed the right direction.
Thanks!
B.R.
Frank
10 matches
Mail list logo