Dear Saurabh: Thank you for the clarification and the pointer. Although I haven’t had the opportunity of taking a look to your I-D carefully (I will do it), I have seen that you refer to ABFAB and AAA.
Maybe this I-D we wrote a year ago may be of your interest as well, since it is related with AAA infrastructures and the establishment of security associations between AAA agents. https://tools.ietf.org/html/draft-marin-sdnrg-sdn-aaa-mng-00 "This document describes the management of Authentication, Authorization and Accounting (AAA) infraesctrutures by means of a Software-Defined Network (SDN) controller and raises the requirements to support this service. It considers the management of AAA routing and the establishment of security associations between AAA entities.” Best Regards. > El 27 nov 2016, a las 5:36, Saurabh Chattopadhyay - ERS, HCL Tech > <saurabhchattopad...@hcl.com> escribió: > > Dear Rafa, > > Thanks for pointing us to this draft. We now have a better understanding on > how i2nsf WG would likely address the dynamic key distribution requirements. > > We, on the other hand, are in the process of defining the control plane > architecture to be integrated with SDN Controllers, focusing on automated > registration, certificate issuance and dynamic trust establishment between > gateways/SFs positioned across different security domains. These will be the > pre-cursory requirements for dynamic key distribution, if Gateways/SFs don’t > already share the trust relationship. Thus, we don’t see any overlap per say > between what we are working on and this particular work, but these are > certainly adjacent to each other. We’ll perhaps request for your review once > we are done with our part, and incorporate your comments, if you would have > any. > If you would like to take a look at the current version of our draft, you can > find it here – > https://datatracker.ietf.org/doc/draft-chattopadhyay-sdnrg-multi-party-sdn-trust/. > > Thanks again for your kind response. > > Warm Regards, > Saurabh > > From: Rafa Marin-Lopez [mailto:r...@um.es] > Sent: Tuesday, November 22, 2016 11:29 PM > To: Saurabh Chattopadhyay - ERS, HCL Tech <saurabhchattopad...@hcl.com> > Cc: Rafa Marin-Lopez <r...@um.es>; > draft-ietf-i2nsf-problem-and-use-ca...@ietf.org; i2nsf@ietf.org; King, Daniel > <d.k...@lancaster.ac.uk>; Liushucheng (Will) <liushuch...@huawei.com>; > Kaushik Datta - ERS, HCL Tech <kaushik.da...@hcl.com>; Kohei Shiomoto > <shiomoto.ko...@lab.ntt.co.jp>; Gabriel Lopez Millan <gab...@um.es>; Sowmini > Varadhan <sowmini.varad...@oracle.com> > Subject: Re: [I2nsf] Queries on i2nsf's intended coverage over multi-domain > opsec automated provisioning > > Dear Saurabh: > > Regarding your comment about "a dynamic key distribution mechanism to NSFs”, > we would like to point you out to our work regarding an SDN-based IPsec Key > management, where key distribution is performed to establish IPsec security > associations. We also consider the case of having two (or multiple) SDN > controllers . See Section 10.2. Gateway-to-gateway under different SDN > controllers. Here, an interface between SDN controllers will be required. > > Although it is focused on IPsec, other security associations may be > considered in the future. > > Is this related with what you had in mind? > > Best Regards. > El 18 nov 2016, a las 7:57, Saurabh Chattopadhyay - ERS, HCL Tech > <saurabhchattopad...@hcl.com> escribió: > > Dear Authors, > > I and my co-author are currently working on SDN& NFV operation security > related area, and developing a draft in SDN Research Group. We wanted to > understand from you on certain aspects of i2nsf problem statement and its > intended coverage, thus writing this mail. > > From the draft (draft-ietf-i2nsf-problem-and-use-cases-04), we understood > that you have acknowledged the challenges associated to scenarios where NSFs > being present in heterogeneous administrative domains, and also have > considered developing a dynamic key distribution mechanism to NSFs. In this > context, we have the following queries – > > > · In certain scenarios, dynamic key distribution appears to be a > requirement for endpoints and other (non-security) functions as well. Do you > intend to develop the mechanism in a generic fashion that can be leveraged by > other entities as well? > · Specially for multi-domain scenarios, dynamic key distribution may > need some pre-cursory requirements to comply with, these are mostly around > setting up inter-domain trust and certificate chaining. Do you consider these > to be pre-provisioned, before the i2nsf specified mechanism starts off? > > We’ll look forward to your response on this. > > Warm Regards, > Saurabh > > > > ::DISCLAIMER:: > ---------------------------------------------------------------------------------------------------------------------------------------------------- > The contents of this e-mail and any attachment(s) are confidential and > intended for the named recipient(s) only. > E-mail transmission is not guaranteed to be secure or error-free as > information could be intercepted, corrupted, > lost, destroyed, arrive late or incomplete, or may contain viruses in > transmission. The e mail and its contents > (with or without referred errors) shall therefore not attach any liability on > the originator or HCL or its affiliates. > Views or opinions, if any, presented in this email are solely those of the > author and may not necessarily reflect the > views or opinions of HCL or its affiliates. Any form of reproduction, > dissemination, copying, disclosure, modification, > distribution and / or publication of this message without the prior written > consent of authorized representative of > HCL is strictly prohibited. If you have received this email in error please > delete it and notify the sender immediately. > Before opening any email and/or attachments, please check them for viruses > and other defects. > ---------------------------------------------------------------------------------------------------------------------------------------------------- > _______________________________________________ > I2nsf mailing list > I2nsf@ietf.org > https://www.ietf.org/mailman/listinfo/i2nsf > > ------------------------------------------------------- > Rafa Marin-Lopez, PhD > Dept. Information and Communications Engineering (DIIC) > Faculty of Computer Science-University of Murcia > 30100 Murcia - Spain > Telf: +34868888501 Fax: +34868884151 e-mail: r...@um.es > ------------------------------------------------------- > > > > > _______________________________________________ > I2nsf mailing list > I2nsf@ietf.org > https://www.ietf.org/mailman/listinfo/i2nsf ------------------------------------------------------- Rafael Marin Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: r...@um.es ------------------------------------------------------- _______________________________________________ I2nsf mailing list I2nsf@ietf.org https://www.ietf.org/mailman/listinfo/i2nsf
