Re: [auth48] AUTH48: RFC-to-be 9353 <draft-ietf-lsr-pce-discovery-security-support-13> for your review
"Acee Lindem (acee)" <acee@cisco.com> Mon, 02 January 2023 16:05 UTC
Return-Path: <acee@cisco.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B221C1522C2; Mon, 2 Jan 2023 08:05:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.595
X-Spam-Level:
X-Spam-Status: No, score=-14.595 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=C8c1qwfb; dkim=pass (1024-bit key) header.d=cisco.com header.b=IhhoE62Z
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nxGt9VIGlByp; Mon, 2 Jan 2023 08:05:12 -0800 (PST)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D7E8C1522DA; Mon, 2 Jan 2023 08:05:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=67955; q=dns/txt; s=iport; t=1672675512; x=1673885112; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=h4dxkTmSQP0pS9JFJTSOP6G/YbVAKZ4927pRntSlUJc=; b=C8c1qwfbBxKsqr4cGlWjG0wxUrRrAKI6Nzdfpidnwgsf0MhggZP5LymL 6+c/4zHsX09F2i7bwRtWkDexrqEYf0d4E+8PMUFetKTRqqc5qCikhpU9H VYU8e8W5feIMUp5RgYVhdwKFAb6ywOKUPDE+B9tnJ0Wdo+vb8XpsHQtdi E=;
X-IPAS-Result: A0ADAAD7/rJjmJNdJa1QChoBAQEBAQEBAQEBAwEBAQESAQEBAQICAQEBAUCBOwUBAQEBCwGBKTFSgQUCWTpFiBoDhFBfiCEDiWyBUYVJiweBLBSBEQNWDwEBAQ0BATsJBAEBhQUChRACJTQJDgECBAEBAQEDAgMBAQEBAQEDAQEFAQEBAgEHBBQBAQEBAQEBAR4ZBQ4QJ4VoDYZWAQEBAQECDAYIAQwZAQElBwsBDwIBCBEDAQIhAQYHIREUCQgCBAENBQgaglwBghZYAzEDAQ+iQgGBPwKKH3iBATOBAYIIAQEGBASBOAGbEg2CRgmBQAGHNwMeWFyDToRGAiccgg2BFAFDgWaBAT6CIEIBAQEBgSABBAQBBwsBCRoeBgcJg1qCLoENgn6NSodFCoE9fYEnDmYHNgNEHUADCzsyCkAUIQYFDEsrGhsHgQoqCR8VAwQEAwIGEwMgAg0oMRQEKRMNJyZrCQIDImEFAwMEKC0JIAQcBxURJjwHVhImBAMCDx83BgMJAwIfUXslJAUDCxUqRwQINgUGHDYSAggPEg8GJkMOQjc2EwZcASoLDhMDUIFPBC85C4EZCgIEKSiaboEuEAEUTCsTJgQNFQUBBwMfAQEiJAgCMBABB0IFIwEFCwEYDgM6jGOFJRQaDimCWwGKd0eKcoJmkkoJPm8Kg26KMYEijgKBBIYjFoN5SYEIgiWIZAOGZYYviBSCSF6XRiCCK4gmglWDapBnKQQDDAMKA4RyAgQCBAUCDgEBBoFiOmtwcBUaIYIzATMJSRkPjX4iDQwJFYEVgiaFFIVKdQIBATcCBwsBAQMJhkyCfiyBTl8BAQ
IronPort-PHdr: A9a23:EjfPiBaIV7nK74Et/FWIZcX/LTAphN3EVzX9orIriLNLJ6Kk+Zmqf EnS/u5kg1KBW4LHo+lFhOzbv+GFOyQA7J+NvWpEfMlKUBkI2skTlhYrVciCD0CzJfX2bis8S cJFUlIt/3yyPUVPXsjkYFiHqXyp5jlUERL6ZmJI
IronPort-Data: A9a23:Lkl4+akN+B4KlfVQQNqfQqPo5gw+JkRdPkR7XQ2eYbSJt1+Wr1Gzt xJNDWCPbq2Majfwf9t1PIy/p0sCsMWEm98xHFQ+pXswRFtH+JHPbTi7wugcHM8zwunrFh8PA xA2M4GYRCwMZiaA4E/raNANlFEkvU2ybuKU5NXsZ2YgG2eIdA970Ug4w7dh2NYx6TSEK1rlV e3a8pW31GCNg1aYAkpMg05UgEoy1BhakGpwUm0WPZinjneH/5UmJM53yZWKEpfNatI88thW6 Ar05OrREmvxp3/BAz4++1rxWhVirrX6ZWBihpfKMkSvqkAqm8A87ko0HKInW2MJki6Eo/1o9 cVBpJaPZVgqLKKZzYzxUzEAe81/FbdN9LmCKn+lvInKlgvNcmDnxLNlC0Re0Y8wo7ksRzoRs 61DbmlRMXhvhMruqF6/YuBni8kLJ8jwN4RZsXZlpd3cJa93G8ufGfuTjTNe9G9ogf5MPa+EX eUmODNdUUidbDJdYn5CXfrSm8/x1iWgLFW0smm9rKE67i7SwRB/+LfoOdvRPNeNQK19l1uEp j6W9n7yAhAEOfSFxzHA/36tmujV2yThV+o6FrKj3vx3hlyLy3ZVDhAKPXO/uuP8gU63WshEA 00Z5iRoqrI9nGSvVcO4VhGjiH+JohBaXMBfe8U24QeMx6785AKVCm8LCDVGLsEl3OczTCUry 1GAmdywLTxyuaKYSDSW8bL8hTmzPSxTMnIqZTINUgYEpdLkpekbghPCQdElCuixicX4Cxnsz jSHoi84hr4ay8UM0s2T517Mxj+gp4TOVCYv6A6SU26k8gRjIom/aOSA5VjB8OgGLYuFQHGOu XEFn46V6+VmMH2WvDaGTONIF7az6rPcaXvXgEVkGN8q8DHFF2OfkZ54uApMABlwKcs4VCbUc EPCszx9u5xBMy7/BUNoWL6ZB8MvxKnmMN3qUPHIc9ZDCqRMmB+7EDJGPhHPgji8+KQ4ueRuZ sfBKJfE4WMyUPw/lFKLq/EhPajHLx3SKEvJTpz9ih+gy7fbPSfTQrYeO1zIZec8hE9lnOk32 4gFXydp40wPOAEbXsUx2dRDRbztBSNgba0aU+QNKoa+zvNOQQnN8cP5z7I7YJBClK9IjOrO9 XzVchYGlwCi1CKXc1rXMy0LhFbTsXBX8C5T0csEYAjA5pTfSd3HAFo3LsFuJuB3qISPM9YtF ahfEyl/Phi/Ym2Xp2tCBXUMhIdjbx+szRmfJDaoZSNXQnKTb1KhxzMQRSO2rHNmJnPu7aMW+ uT8viuFGsBrb1o5U67rhAeHkgnZUY41wrwiBiMl47B7JS3RzWSdA3ep16Zvcp1WdkSrK/nz/ 1/+PCr0bNLl++cdmOQlT4jdx2t1O4OSxnZnIlQ=
IronPort-HdrOrdr: A9a23:pqga5qsSF/jO8HXz54M0myXk7skCyIMji2hC6mlwRA09TyXGra 6TdaUguiMc1gx8ZJh5o6H9BEGBKUmskaKdkrNhQotKPTOW9VdASbsC0WKM+UyZJ8STzJ8+6U 4kSdkCNDSSNyk3sS+Z2njCLz9I+rDum8rE5Za8854ud3ARV0gK1XYfNu/vKDwOeOAwP+teKH Pz3LsjmxOQPVAsKuirDHgMWObO4/fRkoj9XBIADxk7rCGTkDKB8tfBYlel9yZbdwkK7aYp8G DDnQC8zL6kqeuHxhjV0HKWx4hKmeHm1sBICKW3+4Yow3TX+0eVjbZaKv6/VQMO0aOSAZER4Z zxSiIbToROArXqDyWISFXWqk7dOX0VmgHfIBej8AreSIrCNXQH4w4rv/MATvMfgHBQ5e2UmZ g7r16xpt5ZCwjNkz/64MWNXxZ2llCsqX5niuILiWdDOLFuIIO5gLZvin+9Kq1wVR7S+cQiCq 1jHcvc7PFZfReTaG3YpHBmxJipUm4oFhmLT0AesojNugIm1kxR3g8d3ogSj30A/JUyR91N4P nFKL1hkPVLQtUNZaxwCe8dSY+8C3DLQxjLLGWOSG6XX50vKjbIsdr68b817OaldNgBy4Yzgo 3IVBdCuWs7ayvVeLqzNV1wg2TwqUmGLEHQI5tllutEU5XHNcjWDRE=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos; i="5.96,294,1665446400"; d="scan'208,217"; a="19234261"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 02 Jan 2023 16:05:10 +0000
Received: from mail.cisco.com (xfe-rcd-004.cisco.com [173.37.227.252]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 302G5Akr019118 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Mon, 2 Jan 2023 16:05:10 GMT
Received: from xfe-rcd-003.cisco.com (173.37.227.251) by xfe-rcd-004.cisco.com (173.37.227.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Mon, 2 Jan 2023 10:05:10 -0600
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-003.cisco.com (173.37.227.251) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Mon, 2 Jan 2023 10:05:10 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZN+SaBGkkub9jFqvQMC97n6qRqBsabIglPNIff+AX/RUObZ1NMb+3QHZIGZFb24ethJ2WQOANOpBOLwpg/g4w6ZlCJx0SIolmc10kdL4Ha8o8Jmn/dyo2rcRInSZ9PhGVHrJ4EJ5p+D5H9i+5Qnu5eWh7/x3GkK9YMHZETOCalDc7yWSLfEedi0hL0yQF+4k5scjGog3o36PwiiwYSlFluO7qNuJBGY6gKo0T32IqOpzRp9/LTgSUFuOrPqWJCjdviI/GV/qLARDmfjBX/fSiiuXXubpMfKzGJu7PyjU0KqDsFGgz2wohn5uo1FoXom2pJeVmp9zxmu77awNFFS2uQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VLbtg8xGtV3fBAhPxcvsxojHRDq/l5hAOcvUqicR+lo=; b=cyr35MeCWLOQuLUBDu6+KLZ5vE5A+rHNaSLmsleAlfjXRWr/2E4aI/ZbjjjRioWR4cQ9HksN/Yg47i9pGKSXoEdPMdWXFxWI/N0z7IVDeTD27mwUbDKN4GecoAYojBqS+DcpEhEm8M4X147YsGTgOrfVRtEffOCdedTtmkR2Ye8c8YLjhunyqgLosPck/Ur2OlLNkPLdcTRDen1wWnIuitL+hHSs2i7IhZ3C9jQRy07rW7Sr3jZuO5LDNN7Dq47jfQk5WBLwsNzgikiqUpsno0HCYVA/WN3oRlixYq7bn1weoKkiOg9MScfjkeyrtw4Avr9U1H/0DN6HRQPp5MnvgQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VLbtg8xGtV3fBAhPxcvsxojHRDq/l5hAOcvUqicR+lo=; b=IhhoE62ZOJmry5Zlc610C6l4OgVtsM/AbvxEdw3hs+nzO+YQ6Y2XeY9sEdZn6cLx9elDR9cbxLE2Xn/dzxHsOPaH9aDCIgJ4reJ8utqDQYZ2IkQLYtuT3uY+GRq1KAZ9LlIAazGav5PeT5fmLCMBU586Qfjgir2Tb8ntlrukiis=
Received: from BYAPR11MB2757.namprd11.prod.outlook.com (2603:10b6:a02:cb::16) by SJ0PR11MB5168.namprd11.prod.outlook.com (2603:10b6:a03:2dc::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.19; Mon, 2 Jan 2023 16:05:08 +0000
Received: from BYAPR11MB2757.namprd11.prod.outlook.com ([fe80::44c4:7808:377e:2cf6]) by BYAPR11MB2757.namprd11.prod.outlook.com ([fe80::44c4:7808:377e:2cf6%4]) with mapi id 15.20.5944.019; Mon, 2 Jan 2023 16:05:08 +0000
From: "Acee Lindem (acee)" <acee@cisco.com>
To: Dhruv Dhody <dhruv.ietf@gmail.com>, "rfc-editor@rfc-editor.org" <rfc-editor@rfc-editor.org>
CC: "diego.r.lopez@telefonica.com" <diego.r.lopez@telefonica.com>, "bill.wu@huawei.com" <bill.wu@huawei.com>, "maqiufang1@huawei.com" <maqiufang1@huawei.com>, "daniel@olddog.co.uk" <daniel@olddog.co.uk>, "lsr-ads@ietf.org" <lsr-ads@ietf.org>, "lsr-chairs@ietf.org" <lsr-chairs@ietf.org>, "jgs@juniper.net" <jgs@juniper.net>, "auth48archive@rfc-editor.org" <auth48archive@rfc-editor.org>, "acee.ietf@gmail.com" <acee.ietf@gmail.com>
Thread-Topic: AUTH48: RFC-to-be 9353 <draft-ietf-lsr-pce-discovery-security-support-13> for your review
Thread-Index: AQHZFwsF4aSCw3cjPEOqU35RdmTab66KlyIAgAC9YNo=
Date: Mon, 02 Jan 2023 16:05:08 +0000
Message-ID: <BYAPR11MB2757904738A9DC7FE33DEAD4C2F79@BYAPR11MB2757.namprd11.prod.outlook.com>
References: <20221223201319.9E5A6C8AE2@rfcpa.amsl.com> <CAB75xn7-_=h0Vo81gSt5dHKnZzGHP_dtaw02QcpNJm42Mo5aTw@mail.gmail.com>
In-Reply-To: <CAB75xn7-_=h0Vo81gSt5dHKnZzGHP_dtaw02QcpNJm42Mo5aTw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BYAPR11MB2757:EE_|SJ0PR11MB5168:EE_
x-ms-office365-filtering-correlation-id: d6c82b4b-21f1-43c7-a205-08daecdb1e94
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: oR+FAqlBLITWZkYyVh5hwF7Fp/LQcZQA01sd9f4VMFVmqNtriUvuvVZOp9SVNAUJrUMYOikUQ/PCHOrb1N4bMWj3zxPuzQ5MoMJTpW76KreYONd/PCN3T6tYxNJEbr/GyL2Wx93MfRjBQ18n1dSZc41GoH1OC1HVu7p77kjYrCO57844zWGh4BHDvycbnqtf+K+Jo8MIuzfy9gU+OcQywGgiDf7zkxYYDkTfr0pmw5bw7H9GF51znzZsfX5mfZ/bzuw36zBKrWWaivvwbY4bqVl6uS6Bpxz0YPvdo6QIagKALOL7DwII6wYEN3JHpPNXqK9P0hL7SzAe9LJMUYHRQVodPLjN4JXzn68sBOwiKw0pRyMvAUlCXm4pigiJIzKaVdHK5oXYb8DPlQHt2SN2snz2+ZTzXySEhZZXzoz/9q840aozJYUcOz4YmgLkAYXBtf4WxDKDQLUuGVah523dssdeCfctZXiKjScb6YzbIeEy2Ivz7zK5nPSYrmBgwCTBYyy6Dt/472KzaagkBPHqkGoH4izIA+HVfmaPY17ujK992mjuCMBve4OkEOI4TKGTbTg7h407WXrM6NKv+LLx+EppcstVg0Pv/9mkvWAZFt4N2qcGS5Se1PRdVa87zVoPhWGs2yr6UyemUlEHE+tOZ0PNQodtuuLnz5l6W10gwBOo1igw0i0LBQP55ihxI3lBgvsQIidbsD/MEy+AfTiFGwcbJ97HgeDl6jLBS8BhFSV5lVgoNE/aA92rYp2OUB6xY9Ksv8cKXIvGPqw5N0jLo5wa3l7egVd4FIXLrKtlz9I=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB2757.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(396003)(376002)(136003)(39860400002)(346002)(366004)(451199015)(7416002)(5660300002)(2906002)(30864003)(21615005)(8936002)(52536014)(41300700001)(8676002)(4326008)(66899015)(15650500001)(76116006)(316002)(66476007)(66946007)(66556008)(64756008)(66446008)(91956017)(54906003)(110136005)(71200400001)(966005)(478600001)(53546011)(9686003)(186003)(26005)(55016003)(33656002)(7696005)(6506007)(83380400001)(66574015)(166002)(38100700002)(122000001)(86362001)(38070700005)(22166006)(579004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: IAgBLHuL8yQyfkox5RI/EicWzUtAOiCcV3tZMpsV4NcsqBUOZUToi3mx6MY6SYwOJFNLtYKwwS9OQPY++xXTG10Q7pMyWEA6Fmt9QVg1WQgo268eBo4cSP9tS/nybDZrXpOlzcc6RXpQzpLCe27S0ybeIRm+VmMHom6XZGIVyAmqVWWw7IpRusCwbKOrQWSHVrCIMg/oV+4LLAhTVdVWtVUgU5isHgXu+puaJouklnrGaf9YKom1csjQim4rSNQHMHCR/aib17kgxU+nJdSf+mA/5TiyfoosD1u0jJRfUu0STgfIgt0mKHaJHhbciD6PsPN/4lbbOFW2pxUXQ0FZf8AyXwQhHHM9ltYSesI8+vNfouG2Va6KAJIY96ki4DdaG+oT7fMRmjEsBg87ilqBacnZFaIXFY6UUEB1RpPhmUd4sZY9nbMhLqsGw7+3+EYUF8bTFk0G6GTKGZN7cNet9eCE9yNu1jj01sP5EoklWdFTXwN6sjsj6cJbJQu414/h3/jShtjrVl1ummyKHfBTIVMTJfBSPjVUQXLRAMpMoyV3yBXYTkDBF53lo/0gTFeW8s+G0ggMxGTX23F0u0z4wy+klkz/4ieQ0GaxDs1pyVrP+4zCUDiaWhRpLN0CubV1g8OlhA1Of0Ig0QoepdB+mgHlot0XsLpNqY/Wd3UwB14DRyo1Q4Gun5hOSrReSfZqlbuM1EHQe4OCJIyOJt75jwJ3+C0Otjg4wlolAvRoX36o/ks42y8T3JYKUCqm/hV8h1jzPIuAGiywh3GN+kX6mKsvjWNYNM7VVdsEvuX2gx9DazqxPs2aaJArOm60gl6oS9pPjPpnsDckJ2y1eDjL7qxzkC6qCjRW99sTZiP0IwnMpcRLubWfQDdZ8dfM0RgULg1p8UckDB5xNBbPlq2NuVjpSHRBLr6yeYKzXC0Rxwiv9LIkKhVQX0PiMuguOaG61FqNAs5jPOMKazDOmg/fWMuhj4x6gRaWRiMOfegGPe2Fz7dvoqq96XXff+bmkUfCtAJYJr2uh/pkAhJ7s2STzHNudMRc2mWBoe6B7F4/Mla0zrWwjGHhJ2PzuJfKLnd8nFpi/Pv3JUABA/yOxbteXIXdUX7heNS0iPOs+SUxUrcEGpvhSkQ2/02DY5GxahbaYdA/94YQjc6ydlyy0N1DwYQ0iGFC8GaccRdaJ8D4z75lwrpGwisjGrQfCDtRYT0SPSRgPK7u7hdCrIAF0Y3VFFdlz4lc1VO33KVJV030CLwN8G8rwYTXWrNL5l8hKHV1xWFu+T+rfVS97DyRQvIT8Atqm1EWHT/euO28zeUDA5zU0bCXDBoqO5CvllFcSimrqwibV2ytuK9z+z4JgehBCg0U9lOmkTpIhV5z1RAmdjBU7bsJ9QD91axvemTu6LgqtMQ9hr91vR9bMrvqXPZIBHmzLS6elOxNShBdbf4fx+loOfRTr2Z1Q8rmoZf9+Nl7L6NB4O12nDhwKCbSqhYSGLM2fvxZ3KOWvyLYNPsUg01Zx+SyNwGd48BetPz5na/0zhio3qDqA21gQBIhWGLPORkwU6u7/Nyxx+kMS9g2cQwHbz7smvI7z0y3Ke3xIcMV
Content-Type: multipart/alternative; boundary="_000_BYAPR11MB2757904738A9DC7FE33DEAD4C2F79BYAPR11MB2757namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB2757.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d6c82b4b-21f1-43c7-a205-08daecdb1e94
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jan 2023 16:05:08.0771 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jHDgDTxdZ4NeJ/hpSG0ednZnSHCAG4pXC77alR+UeZZ3UpCoTF1JVeSqSIlg5/+w
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB5168
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.227.252, xfe-rcd-004.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/91pv4RYb29nLkMTo6yvDNu2mlbE>
Subject: Re: [auth48] AUTH48: RFC-to-be 9353 <draft-ietf-lsr-pce-discovery-security-support-13> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jan 2023 16:05:18 -0000
Hi RFC Editor, Dhruv, I concur with Dhruv on thanking the RFC Editors for the excellent work!!! See a couple inlines. From: Dhruv Dhody <dhruv.ietf@gmail.com> Date: Sunday, January 1, 2023 at 11:28 PM To: rfc-editor@rfc-editor.org <rfc-editor@rfc-editor.org> Cc: diego.r.lopez@telefonica.com <diego.r.lopez@telefonica.com>, bill.wu@huawei.com <bill.wu@huawei.com>, maqiufang1@huawei.com <maqiufang1@huawei.com>, daniel@olddog.co.uk <daniel@olddog.co.uk>, lsr-ads@ietf.org <lsr-ads@ietf.org>, lsr-chairs@ietf.org <lsr-chairs@ietf.org>, Acee Lindem (acee) <acee@cisco.com>, jgs@juniper.net <jgs@juniper.net>, auth48archive@rfc-editor.org <auth48archive@rfc-editor.org> Subject: Re: AUTH48: RFC-to-be 9353 <draft-ietf-lsr-pce-discovery-security-support-13> for your review Hello, Happy New Year! Thanks for making the document better with your excellent work. See inline... On Sat, Dec 24, 2022 at 1:43 AM <rfc-editor@rfc-editor.org<mailto:rfc-editor@rfc-editor.org>> wrote: Authors, While reviewing this document during AUTH48, please resolve (as necessary) the following questions, which are also in the XML file. 1) <!-- [rfced] Please note that the title of the document has been updated as follows: a) Abbreviations have been expanded per Section 3.6 of RFC 7322 (“RFC Style Guide”). Please review. Original: IGP extension for PCEP security capability support in PCE discovery Current: IGP Extension for Path Computation Element Communication Protocol (PCEP) Security Capability Support in PCE Discovery (PCED) Dhruv: This is fine. b) The short title (in the running header of the PDF version) has been updated. Please review and let us know any objections. Current: IGP Extension: PCEP Security in PCED --> Dhruv: No objection. 2) <!-- [rfced] Please insert any keywords (beyond those that appear in the title) for use on https://www.rfc-editor.org/search. --> Dhruv: Can't think of any other keywords 3) <!-- [rfced] Please review our suggested rephrase of the following text. Does it retain your intended meaning? Original: When a Path Computation Element (PCE) is a Label Switching Router (LSR) participating in the Interior Gateway Protocol (IGP), or even a server participating in the IGP, its presence and path computation capabilities can be advertised using IGP flooding. Perhaps: When a Path Computation Element (PCE) is a Label Switching Router (LSR) or a server participating in the Interior Gateway Protocol (IGP), its presence and path computation capabilities can be advertised using IGP flooding. --> Dhruv: I am happy with the rephrasing. 4) <!--[rfced] Please review the updates we have made to the following text (to avoid awkward hyphenation) to ensure the changes have retained your intended meaning. Original: As described in [RFC5440], Path Computation Element Communication Protocol (PCEP) communication privacy and integrity are important issues, as an attacker that intercepts a PCEP message could obtain sensitive information related to computed paths and resources. Current: As described in RFC 5440, privacy and integrity are important issues for communication using the Path Computation Element Communication Protocol (PCEP); an attacker that intercepts a PCEP message could obtain sensitive information related to computed paths and resources. --> Dhruv: It is fine; just s/RFC 5440/[RFC5440]/ and I noticed that in the link that is exactly what you have already :) 5) <!-- [rfced] We have updated this sentence to include TCP-AO as a method to advertise PCEP security to make the text parallel to the Abstract. Please let us know any objections. Original: [RFC5088] and [RFC5089] define a method to advertise path computation capabilities using IGP flooding for OSPF and IS-IS respectively. However, these specifications lack a method to advertise PCEP security (e.g., TLS) support capability. Current: [RFC5088] and [RFC5089] define a method to advertise path computation capabilities using IGP flooding for OSPF and IS-IS, respectively. However, these specifications lack a method to advertise PCEP security (e.g., TLS and TCP-AO) support capability. --> Dhruv: Sure! 6) <!--[rfced] Is text missing here? "...the IS-IS" what? Protocol? Sub-TLVs? Please clarify. Original: [RFC5089] states that the IS-IS uses the same registry as OSPF. --> Dhruv: Perhaps - [RFC5089] states that the IS-IS PCE-CAP-FLAGS sub-TLV uses the same registry as OSPF. Dhruv’s suggested text is fine. 7) <!--[rfced] Please review the following text for clarity. We were unsure about the last sentence when comparing it with the IANA actions in the IANA Considerations section and RFC 8306. If the suggested text is incorrect, please provide another rephrasing. Original: This document updates [RFC8306] where it uses the term "OSPF PCE Capability Flag" and request assignment from OSPF Parameters registry with "PCE Capability Flag" and the IGP Parameters registry. Perhaps: This document also updates [RFC8306] by changing the term "OSPF PCE Capability Flag" to read as "Path Computation Element (PCE) Capability Flags" and to note the corresponding registry now exits in the "Interior Gateway Protocol (IGP) Parameters" registry. --> Dhruv: Happy with the rephrasing! Please change “exits” to “exists”. 8) <!--[rfced] Please review whether any of the notes in this document should be in the <aside> element. It is defined as "a container for content that is semantically less important or tangential to the content that surrounds it" (https://authors.ietf.org/en/rfcxml-vocabulary#aside). Original (1): Note that [RFC5557] uses the term "OSPF registry" instead of the "IGP registry" whereas [RFC8623] and [RFC9168] uses the term "OSPF Parameters" instead of "IGP Parameters". Original (2): Note that the PCEP Open message exchange is another way to discover PCE capabilities information, but in this instance, the TCP security related key parameters need to be known before the PCEP session is established and the PCEP Open messages are exchanged. Thus, the use of the PCE Discovery and capabilities advertisement of the IGP needs to be leveraged. --> Dhruv: Happy to use <aside> element in the xml! 9) <!--[rfced] The Web Portion of the RFC Style Guide (https://www.rfc-editor.org/styleguide/part2/) recommends using the abbreviated form of an abbreviation after it has been introduced. We will implement this style for each of the following abbreviations unless we hear objection. PCE Discovery (PCED) TCP Authentication Option (TCP-AO) Master Key Tuple (MKT) --> Dhruv: No objection 10) <!--[rfced] The following text is difficult to follow with regard to subject/verb agreement. Would either of the following suggestions work? Original: Thus, the use of the PCE discovery and capabilities advertisement of the IGP needs to be leveraged. Perhaps A: Thus, PCE discovery and capabilities advertisement of the IGP need to be leveraged. Perhaps B: Thus, the leveraging of PCE discovery and capabilities advertisement of the IGP is necessary. --> Dhruv: A is fine with me! I’d suggest: Thus, the IGP advertisement and flooding mechanisms need to be leveraged for PCE discovery and capabilities advertisement. However, I don’t feel that strongly and would be happy with A. 11) <!--[rfced] We have received guidance from Benoit Claise and the YANG Doctors that "YANG module" and "YANG data model" are preferred. We have updated the text to use these forms. Please review. Original: The YANG model for PCEP [I-D.ietf-pce-pcep-yang] supports PCEP security parameters (key, key chain, and TLS). Current: The YANG module for PCEP [I-D.ietf-pce-pcep-yang] supports PCEP security parameters (key, key chain, and TLS). --> Dhruv: Ack 12) <!--[rfced] We suggest rephrasing this sentence for the ease of the reader. Does the following suggestion retain your intended meaning? Original: Thus, before advertising the PCEP security parameters, using the mechanism described in this document, the IGP MUST be known to provide authentication and integrity for the PCED TLV using the mechanisms defined in [RFC5304], [RFC5310] or [RFC5709]. Perhaps: Thus, before advertising the PCEP security parameters by using the mechanism described in this document, the IGP MUST be known to provide authentication and integrity for the PCED TLV using the mechanisms defined in [RFC5304], [RFC5310], or [RFC5709]. --> Dhruv: It does! Happy with the rephrase! 13) <!--[rfced] Should the title change for the following IANA registry? We note that RFC 5086 expanded PCED on first use and capped "sub-" when in a title. If these changes are agreeable, we will communicate them to IANA during AUTH48 and update the text of this document accordingly. See: https://www.iana.org/assignments/igp-parameters/igp-parameters.xhtml: Current: PCED sub-TLV Type Indicator Perhaps: PCE Discovery (PCED) Sub-TLV Type Indicator >From RFC 5089: This document defines a new sub-TLV (named the PCE Discovery (PCED)) to be carried within the IS-IS Router Capability TLV ([RFC4971]). --> Dhruv: Happy with the change! 14) <!-- [rfced] RFC 2385 has been obsoleted by RFC 5925. Would the following update be agreeable? We note that RFC 5925 is already in the References section. Original: As described in Section 10.2 of [RFC5440], an PCEP speaker MUST support TCP MD5 [RFC2385], so no capability advertisement is needed to indicate support. Perhaps: As described in Section 10.2 of [RFC5440], an PCEP speaker MUST support TCP MD5 [RFC2385], so no capability advertisement is needed to indicate support. (Note that RFC 2385 has been obsoleted by RFC 5925.) --> Dhruv: I think the reference RFC2385 itself needs to change. I see two option, we could either - A: Not using any reference, I see published RFCs which include the term "MD5" without a reference as it is quite well-known. B: Use the reference as RFC 1321 (can also say that is obsoleted by RFC 5925) I think it should be “a PCEP speaker” rather than “an PCEP speaker since neither “P” or “Path” would be preceded by “an”. I don’t feel strongly about the reference – FBOW MD5 is deployed. Either option is fine with me stating that it has been obsoleted. I would like to know the opinion of the RFC editor team and others in CC! 15) <!-- [rfced] Would you like the references to be alphabetized or left in their current order?--> Dhruv: Please alphabetize them. 16) <!-- [rfced] We note that the URL provided for the reference below goes to a page titled "Unicode Security Considerations" instead of "Character Encoding Model". Please let us know how we should update this reference. Original: [UTR36] Davis, M., "Unicode Technical Report #36, Character Encoding Model", UTR17 https://www.unicode.org/unicode/reports/tr36/, February 2005. --> Dhruv: Thanks for spotting this! Please correct this to -> Davis, M., Ed. and M. Suignard, Ed., "Unicode Security Considerations", Unicode Technical Report #36, August 2010, <http://unicode.org/reports/tr36/<https://unicode.org/reports/tr36/>>. This is what I see in RFC 9003. 17) <!-- [rfced] We had the following questions related to terminology use throughout the document: a) We see the following variations with regard to spacing, hyphenation, and capping. Please review occurrences and let us know if/how these may be made consistent. key-chain vs. keychain vs. key chain Dhruv: key chain Agreed. This is consistent with RFC 8177. Thanks, Acee key-chain name vs. Key Chain Name vs. keychain name Dhruv: key chain name (and capitalize based on context) Also in section 3.3.1, the field name "Key Name" should be "Key Chain Name" to align with 3.3.2 Note we see both Key Chain Name sub-TLV and KEY-CHAIN-NAME sub-TLV as well. Dhruv: Use KEY-CHAIN-NAME sub-TLV b) We see the following mixed use of KeyID and Key ID (spacing). May these be made uniform? If so, how may we update? ...[RFC5925] (referred to as KeyID). vs. KeyID: The one octet Key ID as per [RFC5925] (Note: we assume KEY-ID sub-TLV should remain as is). --> Dhruv: My preference is for KeyID and yes when referring to sub-TLV it should be KEY-ID sub-TLV. 18) <!-- [rfced] Please review the "Inclusive Language" portion of the online Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> and let us know if any changes are needed. For example, please consider whether the term "Master Key Tuple (MKT)" should be updated. Original: KeyID: The one octet Key ID as per [RFC5925] to uniquely identify the Master Key Tuple (MKT). --> Dhruv: No change is needed. Thanks! Dhruv Thank you. RFC Editor/mc/mf *****IMPORTANT***** Updated 2022/12/23 RFC Author(s): -------------- Instructions for Completing AUTH48 Your document has now entered AUTH48. Once it has been reviewed and approved by you and all coauthors, it will be published as an RFC. If an author is no longer available, there are several remedies available as listed in the FAQ (https://www.rfc-editor.org/faq/). You and you coauthors are responsible for engaging other parties (e.g., Contributors or Working Group) as necessary before providing your approval. Planning your review --------------------- Please review the following aspects of your document: * RFC Editor questions Please review and resolve any questions raised by the RFC Editor that have been included in the XML file as comments marked as follows: <!-- [rfced] ... --> These questions will also be sent in a subsequent email. * Changes submitted by coauthors Please ensure that you review any changes submitted by your coauthors. We assume that if you do not speak up that you agree to changes submitted by your coauthors. * Content Please review the full content of the document, as this cannot change once the RFC is published. Please pay particular attention to: - IANA considerations updates (if applicable) - contact information - references * Copyright notices and legends Please review the copyright notice and legends as defined in RFC 5378 and the Trust Legal Provisions (TLP – https://trustee.ietf.org/license-info/). * Semantic markup Please review the markup in the XML file to ensure that elements of content are correctly tagged. For example, ensure that <sourcecode> and <artwork> are set correctly. See details at <https://authors.ietf.org/rfcxml-vocabulary>. * Formatted output Please review the PDF, HTML, and TXT files to ensure that the formatted output, as generated from the markup in the XML file, is reasonable. Please note that the TXT will have formatting limitations compared to the PDF and HTML. Submitting changes ------------------ To submit changes, please reply to this email using ‘REPLY ALL’ as all the parties CCed on this message need to see your changes. The parties include: * your coauthors * rfc-editor@rfc-editor.org<mailto:rfc-editor@rfc-editor.org> (the RPC team) * other document participants, depending on the stream (e.g., IETF Stream participants are your working group chairs, the responsible ADs, and the document shepherd). * auth48archive@rfc-editor.org<mailto:auth48archive@rfc-editor.org>, which is a new archival mailing list to preserve AUTH48 conversations; it is not an active discussion list: * More info: https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc * The archive itself: https://mailarchive.ietf.org/arch/browse/auth48archive/ * Note: If only absolutely necessary, you may temporarily opt out of the archiving of messages (e.g., to discuss a sensitive matter). If needed, please add a note at the top of the message that you have dropped the address. When the discussion is concluded, auth48archive@rfc-editor.org<mailto:auth48archive@rfc-editor.org> will be re-added to the CC list and its addition will be noted at the top of the message. You may submit your changes in one of two ways: An update to the provided XML file — OR — An explicit list of changes in this format Section # (or indicate Global) OLD: old text NEW: new text You do not need to reply with both an updated XML file and an explicit list of changes, as either form is sufficient. We will ask a stream manager to review and approve any changes that seem beyond editorial in nature, e.g., addition of new text, deletion of text, and technical changes. Information about stream managers can be found in the FAQ. Editorial changes do not require approval from a stream manager. Approving for publication -------------------------- To approve your RFC for publication, please reply to this email stating that you approve this RFC for publication. Please use ‘REPLY ALL’, as all the parties CCed on this message need to see your approval. Files ----- The files are available here: https://www.rfc-editor.org/authors/rfc9353.xml https://www.rfc-editor.org/authors/rfc9353.html https://www.rfc-editor.org/authors/rfc9353.pdf https://www.rfc-editor.org/authors/rfc9353.txt Diff file of the text: https://www.rfc-editor.org/authors/rfc9353-diff.html https://www.rfc-editor.org/authors/rfc9353-rfcdiff.html (side by side) Diff of the XML: https://www.rfc-editor.org/authors/rfc9353-xmldiff1.html The following files are provided to facilitate creation of your own diff files of the XML. Initial XMLv3 created using XMLv2 as input: https://www.rfc-editor.org/authors/rfc9353.original.v2v3.xml XMLv3 file that is a best effort to capture v3-related format updates only: https://www.rfc-editor.org/authors/rfc9353.form.xml Tracking progress ----------------- The details of the AUTH48 status of your document are here: https://www.rfc-editor.org/auth48/rfc9353 Please let us know if you have any questions. Thank you for your cooperation, RFC Editor -------------------------------------- RFC9353 (draft-ietf-lsr-pce-discovery-security-support-13) Title : IGP extension for PCEP security capability support in PCE discovery Author(s) : D. Lopez, Q. Wu, D. Dhody, Q. Ma, D. King WG Chair(s) : Acee Lindem, Christian Hopps Area Director(s) : Alvaro Retana, John Scudder, Andrew Alston
- [auth48] AUTH48: RFC-to-be 9353 <draft-ietf-lsr-p… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9353 <draft-ietf-l… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9353 <draft-ietf-l… Dhruv Dhody
- Re: [auth48] AUTH48: RFC-to-be 9353 <draft-ietf-l… Acee Lindem (acee)
- Re: [auth48] [AD] AUTH48: RFC-to-be 9353 <draft-i… Megan Ferguson
- Re: [auth48] [IANA] AUTH48: RFC-to-be 9353 <draft… Megan Ferguson
- [auth48] [IANA #1263592] Re: [IANA] AUTH48: RFC-t… Amanda Baber via RT
- Re: [auth48] [AD] AUTH48: RFC-to-be 9353 <draft-i… Acee Lindem
- Re: [auth48] [AD] AUTH48: RFC-to-be 9353 <draft-i… Dhruv Dhody
- Re: [auth48] AUTH48: RFC-to-be 9353 <draft-ietf-l… Megan Ferguson
- Re: [auth48] [IANA #1263592] [IANA] AUTH48: RFC-t… Megan Ferguson
- Re: [auth48] AUTH48: RFC-to-be 9353 <draft-ietf-l… Dhruv Dhody
- Re: [auth48] AUTH48: RFC-to-be 9353 <draft-ietf-l… Diego R. Lopez
- Re: [auth48] AUTH48: RFC-to-be 9353 <draft-ietf-l… daniel
- Re: [auth48] AUTH48: RFC-to-be 9353 <draft-ietf-l… maqiufang (A)
- Re: [auth48] AUTH48: RFC-to-be 9353 <draft-ietf-l… Megan Ferguson
- Re: [auth48] AUTH48: RFC-to-be 9353 <draft-ietf-l… Qin Wu