[I2nsf] comments to draft-ietf-i2nsf-sdn-ipsec-flow-protection-02
Linda Dunbar <linda.dunbar@huawei.com> Thu, 18 October 2018 21:18 UTC
Return-Path: <linda.dunbar@huawei.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56E2C130E1F; Thu, 18 Oct 2018 14:18:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GPrj5ET-gQvC; Thu, 18 Oct 2018 14:18:43 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B955112F1AC; Thu, 18 Oct 2018 14:18:42 -0700 (PDT)
Received: from lhreml701-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 72281AF72515C; Thu, 18 Oct 2018 22:18:38 +0100 (IST)
Received: from SJCEML701-CHM.china.huawei.com (10.208.112.40) by lhreml701-cah.china.huawei.com (10.201.108.42) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 18 Oct 2018 22:18:40 +0100
Received: from SJCEML521-MBS.china.huawei.com ([169.254.2.103]) by SJCEML701-CHM.china.huawei.com ([169.254.3.28]) with mapi id 14.03.0415.000; Thu, 18 Oct 2018 14:18:38 -0700
From: Linda Dunbar <linda.dunbar@huawei.com>
To: "draft-ietf-i2nsf-sdn-ipsec-flow-protection@ietf.org" <draft-ietf-i2nsf-sdn-ipsec-flow-protection@ietf.org>, Rafa Marin-Lopez <rafa@um.es>, Gabriel Lopez <gabilm@um.es>, "i2nsf@ietf.org" <i2nsf@ietf.org>
Thread-Topic: comments to draft-ietf-i2nsf-sdn-ipsec-flow-protection-02
Thread-Index: AdRnJkeYoDfNt+drSC+DuN8THBBVOg==
Date: Thu, 18 Oct 2018 21:18:37 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F66B178173@sjceml521-mbs.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.192.11.112]
Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F66B178173sjceml521mbschi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/snH-9naGCy7PLyiOXUYWRl7jhgI>
Subject: [I2nsf] comments to draft-ietf-i2nsf-sdn-ipsec-flow-protection-02
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2018 21:18:44 -0000
Gabriel and Rafa, I remember in IETF102 I2NSF session, you agreed to add some description on how/where your Option 2 can be used ( i.e. Using Controller to assist the IPsec key computation and pass the SA attributes together with its IPsec session key to the pair-wise Nodes via a secure management channel), such as - for some special secure environment (e.g. in one physically isolated data center) or - some resource constrained IoT deployment that can tolerance some risks. It is important to document the risks associated with the option, so that users can make the informed decision. Thanks, Linda Dunbar
- [I2nsf] comments to draft-ietf-i2nsf-sdn-ipsec-fl… Linda Dunbar
- Re: [I2nsf] comments to draft-ietf-i2nsf-sdn-ipse… Rafa Marin-Lopez