IETF Logo Mail Archive

Re: [Secdispatch] Controller-IKE

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Mon, 22 July 2019 14:29 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 312D71202DD for <secdispatch@ietfa.amsl.com>; Mon, 22 Jul 2019 07:29:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mbcgQcmiAIsT for <secdispatch@ietfa.amsl.com>; Mon, 22 Jul 2019 07:29:11 -0700 (PDT)
Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 086871202A9 for <secdispatch@ietf.org>; Mon, 22 Jul 2019 07:29:11 -0700 (PDT)
Received: by mail-oi1-x234.google.com with SMTP id u15so29736792oiv.0 for <secdispatch@ietf.org>; Mon, 22 Jul 2019 07:29:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SLKbx14/ry9/kAOnptyU0i9P8cj/QSKc/tBikp/Sw/E=; b=P5r+LWoBfv1hj9GSVkg0fjBkzVcYoUIZkIJ34FDbFvnAnYDj1/FfXdNEuXiWX2jatD huPWaggiHKLE8WelZqOzVS9H2OsBKXvvfMFlT0ql1pYAVunJ7BrjFp0UL9RpNQZCqZpJ Wy7/xGsTZWlrTGhsoBYZUbjtoo+8EV23v6C+BOLF+llyY9zLVW5+EyN3HwDmv9RisIwH 8haDinRH+aroulfjRXnUOQOK+sXWTqso86dTN/AOSYP5AgTWpVzHuxKnxBcriEsBqldW T423zUjo5seaUOusFHQpntr6B/gKTvB17cpow2EF6xHH68ckPsd3mc73GbHW0IZozdqz 0PHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SLKbx14/ry9/kAOnptyU0i9P8cj/QSKc/tBikp/Sw/E=; b=PDTeeNEg7541iABhVD4e6tQeZLcwT9WERwULYJXfgEAP/EnBLE7TnLD6QIxi1hNLUg dO0awJ1Kjv7osc4y5wWzbHQmSUdpQwT9po+TSHjl0H5UFskhWLWpS94CxbbboQnJrYOq 9g1OewOy/xgbo5uXWfZXj9Q87aAM/8urqmj4W3+N6lauq+7zCe6JLPDDmCG+qz6qrsZy vovHSJI1JZVup4uuCv9axb8NiXVMgex2c03B7ZBphBMM9MvnBAMtELBZ0rW56xqoLBDg 9dr1lUbo0Hkv8kIJ04zzIq84bvm/7C+M/Ra8Dizq7/ZyGuzckCl7cVWciWCn051DjRr9 qH+A==
X-Gm-Message-State: APjAAAWiZpRLfA6iJiXh0ALfCTwtI+NPt85ds0zrn7NCaaj/AzVXSnBg B5QO4iBwU8GE5H1OwpT7TL4+KVa9zv0e7yhsxJQ=
X-Google-Smtp-Source: APXvYqzGgT7yI0ekN3NbT1GuRk/oG2r1OPvGuH8zM10bbdlO4NQuE6VcVfg1kk/iz99+MJYu+29Wh7YXkre0z3s8nGo=
X-Received: by 2002:aca:3808:: with SMTP id f8mr33286784oia.158.1563805750365; Mon, 22 Jul 2019 07:29:10 -0700 (PDT)
MIME-Version: 1.0
References: <CDF90625-34F6-40C3-8AE4-AACD50D70C2E@cisco.com>
In-Reply-To: <CDF90625-34F6-40C3-8AE4-AACD50D70C2E@cisco.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Mon, 22 Jul 2019 10:28:31 -0400
Message-ID: <CAHbuEH7NQ3DV1nt_vq2wyQ4yZC2carVmRk8LfURGe9eWHfboeQ@mail.gmail.com>
To: "David Carrel (carrel)" <carrel@cisco.com>
Cc: "secdispatch@ietf.org" <secdispatch@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003f93b9058e45e6db"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/LZFtH63-hly1hJrBQK8bNI57-Qw>
Subject: Re: [Secdispatch] Controller-IKE
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jul 2019 14:29:13 -0000

Hi David,

Could you please explain how this is different from the adopted work in
I2NSF,
https://datatracker.ietf.org/doc/draft-ietf-i2nsf-sdn-ipsec-flow-protection/
 ?

This is referenced in your draft along with one another, but there is no
analysis on why they don't fit the need.  The draft in I2NSF pulled in the
IPsecMe working group and underwent significant revisions as a result to
deal with several initial security issues.  If there 's a gap that can be
solved with that draft, could that be a way forward or is this needed for
some specific reason?  It would be helpful to understand this.

Thank you,
Kathleen

On Fri, Jul 19, 2019 at 10:20 PM David Carrel (carrel) <carrel@cisco.com>
wrote:

> Folks,
>
>
>
> I would like to present Controller-IKE in the Montreal Security Dispatch
> meeting.  There is growing interest from routing folks, and I strongly feel
> we should evaluate and progress this in the security area.  I’ll have some
> slides to share shortly.  For now, please do read the draft.  Also there
> are some drafts referencing this:
>
>
>
> Controller-IKE:
> https://tools.ietf.org/html/draft-carrel-ipsecme-controller-ike-01
>
>
>
> Also some docs referencing this form of key management:
>
> BESS, Secure EVPN:
> https://tools.ietf.org/html/draft-sajassi-bess-secure-evpn-02
>
> And: https://tools.ietf.org/html/draft-dunbar-bess-bgp-sdwan-usage-01
>
>
>
> Comments appreciated.
>
>
>
> Dave
>
>
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/secdispatch
>


-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email