...
- Priority 1: VNF Package Verification (Committed for Dublin as part of 5G use case)
- Priority 2: Integrity Verification at Instantiation (Release TBD)
- Priority 3: Service Provider Ability to Sign the Artifacts (Release TBD)
At this state Priority 1 is the only priority that has reached recommendation status. For this it is recommended to follow the
Priority 1, VNF Package Verification is : Integrity of the VNF package needs to be verified prior to, or at the time of onboarding. The purpose is to ensure that the VNF package originates from the vendor, and that the content has not been tampered with. The verification is done against the signature provided by the vendor. Reference [ETSI NFV SOL004] contains the detailed specifications. As of March 2019 this is being implemented for Dublin release in SDC and VNF SDK (VNF SDK includes partial implementation from Casablanca).
Priority 2, Integrity Verification at Instantiation. This is still FFS.
- Reference [ETSI NFV SEC021] is the main specification of this feature. As of March 2019 the status is 'final draft for approval', target date of publication is July 2019.
- As of March 2019, ETSI NFV plans changes in [ETSI NFV SOL004] impacting this item: creation of signature per individual artifact in the VNF package (by the package vendor) is planned to be mandatory.
Priority 3, Service Provider Ability to Sign the Artifacts. This is still FFS.
- Reference [ETSI NFV SEC021] is the main specification of this feature. As of March 2019 the status is 'final draft for approval', target date of publication is July 2019.
[ETSI NFV SOL004]
ETSI GS NFV-SOL 004 V2.3.1 (2017-07): http://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/004/02.03.01_60/gs_nfv-sol004v020301p.pdf
[ETSI NFV SEC021]
The latest draft can be found in: https://portal.etsi.org/webapp/WorkProgram/Report_WorkItem.asp?WKI_ID=53601 The other priorities are still FFS