IETF Logo Mail Archive

Re: [auth48] AUTH48: RFC-to-be 9353 <draft-ietf-lsr-pce-discovery-security-support-13> for your review

"Acee Lindem (acee)" <acee@cisco.com> Mon, 02 January 2023 16:05 UTC

Return-Path: <acee@cisco.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B221C1522C2; Mon, 2 Jan 2023 08:05:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.595
X-Spam-Level:
X-Spam-Status: No, score=-14.595 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=C8c1qwfb; dkim=pass (1024-bit key) header.d=cisco.com header.b=IhhoE62Z
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nxGt9VIGlByp; Mon, 2 Jan 2023 08:05:12 -0800 (PST)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D7E8C1522DA; Mon, 2 Jan 2023 08:05:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=67955; q=dns/txt; s=iport; t=1672675512; x=1673885112; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=h4dxkTmSQP0pS9JFJTSOP6G/YbVAKZ4927pRntSlUJc=; b=C8c1qwfbBxKsqr4cGlWjG0wxUrRrAKI6Nzdfpidnwgsf0MhggZP5LymL 6+c/4zHsX09F2i7bwRtWkDexrqEYf0d4E+8PMUFetKTRqqc5qCikhpU9H VYU8e8W5feIMUp5RgYVhdwKFAb6ywOKUPDE+B9tnJ0Wdo+vb8XpsHQtdi E=;
X-IPAS-Result: A0ADAAD7/rJjmJNdJa1QChoBAQEBAQEBAQEBAwEBAQESAQEBAQICAQEBAUCBOwUBAQEBCwGBKTFSgQUCWTpFiBoDhFBfiCEDiWyBUYVJiweBLBSBEQNWDwEBAQ0BATsJBAEBhQUChRACJTQJDgECBAEBAQEDAgMBAQEBAQEDAQEFAQEBAgEHBBQBAQEBAQEBAR4ZBQ4QJ4VoDYZWAQEBAQECDAYIAQwZAQElBwsBDwIBCBEDAQIhAQYHIREUCQgCBAENBQgaglwBghZYAzEDAQ+iQgGBPwKKH3iBATOBAYIIAQEGBASBOAGbEg2CRgmBQAGHNwMeWFyDToRGAiccgg2BFAFDgWaBAT6CIEIBAQEBgSABBAQBBwsBCRoeBgcJg1qCLoENgn6NSodFCoE9fYEnDmYHNgNEHUADCzsyCkAUIQYFDEsrGhsHgQoqCR8VAwQEAwIGEwMgAg0oMRQEKRMNJyZrCQIDImEFAwMEKC0JIAQcBxURJjwHVhImBAMCDx83BgMJAwIfUXslJAUDCxUqRwQINgUGHDYSAggPEg8GJkMOQjc2EwZcASoLDhMDUIFPBC85C4EZCgIEKSiaboEuEAEUTCsTJgQNFQUBBwMfAQEiJAgCMBABB0IFIwEFCwEYDgM6jGOFJRQaDimCWwGKd0eKcoJmkkoJPm8Kg26KMYEijgKBBIYjFoN5SYEIgiWIZAOGZYYviBSCSF6XRiCCK4gmglWDapBnKQQDDAMKA4RyAgQCBAUCDgEBBoFiOmtwcBUaIYIzATMJSRkPjX4iDQwJFYEVgiaFFIVKdQIBATcCBwsBAQMJhkyCfiyBTl8BAQ
IronPort-PHdr: A9a23:EjfPiBaIV7nK74Et/FWIZcX/LTAphN3EVzX9orIriLNLJ6Kk+Zmqf EnS/u5kg1KBW4LHo+lFhOzbv+GFOyQA7J+NvWpEfMlKUBkI2skTlhYrVciCD0CzJfX2bis8S cJFUlIt/3yyPUVPXsjkYFiHqXyp5jlUERL6ZmJI
IronPort-Data: A9a23:Lkl4+akN+B4KlfVQQNqfQqPo5gw+JkRdPkR7XQ2eYbSJt1+Wr1Gzt xJNDWCPbq2Majfwf9t1PIy/p0sCsMWEm98xHFQ+pXswRFtH+JHPbTi7wugcHM8zwunrFh8PA xA2M4GYRCwMZiaA4E/raNANlFEkvU2ybuKU5NXsZ2YgG2eIdA970Ug4w7dh2NYx6TSEK1rlV e3a8pW31GCNg1aYAkpMg05UgEoy1BhakGpwUm0WPZinjneH/5UmJM53yZWKEpfNatI88thW6 Ar05OrREmvxp3/BAz4++1rxWhVirrX6ZWBihpfKMkSvqkAqm8A87ko0HKInW2MJki6Eo/1o9 cVBpJaPZVgqLKKZzYzxUzEAe81/FbdN9LmCKn+lvInKlgvNcmDnxLNlC0Re0Y8wo7ksRzoRs 61DbmlRMXhvhMruqF6/YuBni8kLJ8jwN4RZsXZlpd3cJa93G8ufGfuTjTNe9G9ogf5MPa+EX eUmODNdUUidbDJdYn5CXfrSm8/x1iWgLFW0smm9rKE67i7SwRB/+LfoOdvRPNeNQK19l1uEp j6W9n7yAhAEOfSFxzHA/36tmujV2yThV+o6FrKj3vx3hlyLy3ZVDhAKPXO/uuP8gU63WshEA 00Z5iRoqrI9nGSvVcO4VhGjiH+JohBaXMBfe8U24QeMx6785AKVCm8LCDVGLsEl3OczTCUry 1GAmdywLTxyuaKYSDSW8bL8hTmzPSxTMnIqZTINUgYEpdLkpekbghPCQdElCuixicX4Cxnsz jSHoi84hr4ay8UM0s2T517Mxj+gp4TOVCYv6A6SU26k8gRjIom/aOSA5VjB8OgGLYuFQHGOu XEFn46V6+VmMH2WvDaGTONIF7az6rPcaXvXgEVkGN8q8DHFF2OfkZ54uApMABlwKcs4VCbUc EPCszx9u5xBMy7/BUNoWL6ZB8MvxKnmMN3qUPHIc9ZDCqRMmB+7EDJGPhHPgji8+KQ4ueRuZ sfBKJfE4WMyUPw/lFKLq/EhPajHLx3SKEvJTpz9ih+gy7fbPSfTQrYeO1zIZec8hE9lnOk32 4gFXydp40wPOAEbXsUx2dRDRbztBSNgba0aU+QNKoa+zvNOQQnN8cP5z7I7YJBClK9IjOrO9 XzVchYGlwCi1CKXc1rXMy0LhFbTsXBX8C5T0csEYAjA5pTfSd3HAFo3LsFuJuB3qISPM9YtF ahfEyl/Phi/Ym2Xp2tCBXUMhIdjbx+szRmfJDaoZSNXQnKTb1KhxzMQRSO2rHNmJnPu7aMW+ uT8viuFGsBrb1o5U67rhAeHkgnZUY41wrwiBiMl47B7JS3RzWSdA3ep16Zvcp1WdkSrK/nz/ 1/+PCr0bNLl++cdmOQlT4jdx2t1O4OSxnZnIlQ=
IronPort-HdrOrdr: A9a23:pqga5qsSF/jO8HXz54M0myXk7skCyIMji2hC6mlwRA09TyXGra 6TdaUguiMc1gx8ZJh5o6H9BEGBKUmskaKdkrNhQotKPTOW9VdASbsC0WKM+UyZJ8STzJ8+6U 4kSdkCNDSSNyk3sS+Z2njCLz9I+rDum8rE5Za8854ud3ARV0gK1XYfNu/vKDwOeOAwP+teKH Pz3LsjmxOQPVAsKuirDHgMWObO4/fRkoj9XBIADxk7rCGTkDKB8tfBYlel9yZbdwkK7aYp8G DDnQC8zL6kqeuHxhjV0HKWx4hKmeHm1sBICKW3+4Yow3TX+0eVjbZaKv6/VQMO0aOSAZER4Z zxSiIbToROArXqDyWISFXWqk7dOX0VmgHfIBej8AreSIrCNXQH4w4rv/MATvMfgHBQ5e2UmZ g7r16xpt5ZCwjNkz/64MWNXxZ2llCsqX5niuILiWdDOLFuIIO5gLZvin+9Kq1wVR7S+cQiCq 1jHcvc7PFZfReTaG3YpHBmxJipUm4oFhmLT0AesojNugIm1kxR3g8d3ogSj30A/JUyR91N4P nFKL1hkPVLQtUNZaxwCe8dSY+8C3DLQxjLLGWOSG6XX50vKjbIsdr68b817OaldNgBy4Yzgo 3IVBdCuWs7ayvVeLqzNV1wg2TwqUmGLEHQI5tllutEU5XHNcjWDRE=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos; i="5.96,294,1665446400"; d="scan'208,217"; a="19234261"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 02 Jan 2023 16:05:10 +0000
Received: from mail.cisco.com (xfe-rcd-004.cisco.com [173.37.227.252]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 302G5Akr019118 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Mon, 2 Jan 2023 16:05:10 GMT
Received: from xfe-rcd-003.cisco.com (173.37.227.251) by xfe-rcd-004.cisco.com (173.37.227.252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Mon, 2 Jan 2023 10:05:10 -0600
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-003.cisco.com (173.37.227.251) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Mon, 2 Jan 2023 10:05:10 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZN+SaBGkkub9jFqvQMC97n6qRqBsabIglPNIff+AX/RUObZ1NMb+3QHZIGZFb24ethJ2WQOANOpBOLwpg/g4w6ZlCJx0SIolmc10kdL4Ha8o8Jmn/dyo2rcRInSZ9PhGVHrJ4EJ5p+D5H9i+5Qnu5eWh7/x3GkK9YMHZETOCalDc7yWSLfEedi0hL0yQF+4k5scjGog3o36PwiiwYSlFluO7qNuJBGY6gKo0T32IqOpzRp9/LTgSUFuOrPqWJCjdviI/GV/qLARDmfjBX/fSiiuXXubpMfKzGJu7PyjU0KqDsFGgz2wohn5uo1FoXom2pJeVmp9zxmu77awNFFS2uQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VLbtg8xGtV3fBAhPxcvsxojHRDq/l5hAOcvUqicR+lo=; b=cyr35MeCWLOQuLUBDu6+KLZ5vE5A+rHNaSLmsleAlfjXRWr/2E4aI/ZbjjjRioWR4cQ9HksN/Yg47i9pGKSXoEdPMdWXFxWI/N0z7IVDeTD27mwUbDKN4GecoAYojBqS+DcpEhEm8M4X147YsGTgOrfVRtEffOCdedTtmkR2Ye8c8YLjhunyqgLosPck/Ur2OlLNkPLdcTRDen1wWnIuitL+hHSs2i7IhZ3C9jQRy07rW7Sr3jZuO5LDNN7Dq47jfQk5WBLwsNzgikiqUpsno0HCYVA/WN3oRlixYq7bn1weoKkiOg9MScfjkeyrtw4Avr9U1H/0DN6HRQPp5MnvgQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VLbtg8xGtV3fBAhPxcvsxojHRDq/l5hAOcvUqicR+lo=; b=IhhoE62ZOJmry5Zlc610C6l4OgVtsM/AbvxEdw3hs+nzO+YQ6Y2XeY9sEdZn6cLx9elDR9cbxLE2Xn/dzxHsOPaH9aDCIgJ4reJ8utqDQYZ2IkQLYtuT3uY+GRq1KAZ9LlIAazGav5PeT5fmLCMBU586Qfjgir2Tb8ntlrukiis=
Received: from BYAPR11MB2757.namprd11.prod.outlook.com (2603:10b6:a02:cb::16) by SJ0PR11MB5168.namprd11.prod.outlook.com (2603:10b6:a03:2dc::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.19; Mon, 2 Jan 2023 16:05:08 +0000
Received: from BYAPR11MB2757.namprd11.prod.outlook.com ([fe80::44c4:7808:377e:2cf6]) by BYAPR11MB2757.namprd11.prod.outlook.com ([fe80::44c4:7808:377e:2cf6%4]) with mapi id 15.20.5944.019; Mon, 2 Jan 2023 16:05:08 +0000
From: "Acee Lindem (acee)" <acee@cisco.com>
To: Dhruv Dhody <dhruv.ietf@gmail.com>, "rfc-editor@rfc-editor.org" <rfc-editor@rfc-editor.org>
CC: "diego.r.lopez@telefonica.com" <diego.r.lopez@telefonica.com>, "bill.wu@huawei.com" <bill.wu@huawei.com>, "maqiufang1@huawei.com" <maqiufang1@huawei.com>, "daniel@olddog.co.uk" <daniel@olddog.co.uk>, "lsr-ads@ietf.org" <lsr-ads@ietf.org>, "lsr-chairs@ietf.org" <lsr-chairs@ietf.org>, "jgs@juniper.net" <jgs@juniper.net>, "auth48archive@rfc-editor.org" <auth48archive@rfc-editor.org>, "acee.ietf@gmail.com" <acee.ietf@gmail.com>
Thread-Topic: AUTH48: RFC-to-be 9353 <draft-ietf-lsr-pce-discovery-security-support-13> for your review
Thread-Index: AQHZFwsF4aSCw3cjPEOqU35RdmTab66KlyIAgAC9YNo=
Date: Mon, 02 Jan 2023 16:05:08 +0000
Message-ID: <BYAPR11MB2757904738A9DC7FE33DEAD4C2F79@BYAPR11MB2757.namprd11.prod.outlook.com>
References: <20221223201319.9E5A6C8AE2@rfcpa.amsl.com> <CAB75xn7-_=h0Vo81gSt5dHKnZzGHP_dtaw02QcpNJm42Mo5aTw@mail.gmail.com>
In-Reply-To: <CAB75xn7-_=h0Vo81gSt5dHKnZzGHP_dtaw02QcpNJm42Mo5aTw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BYAPR11MB2757:EE_|SJ0PR11MB5168:EE_
x-ms-office365-filtering-correlation-id: d6c82b4b-21f1-43c7-a205-08daecdb1e94
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: oR+FAqlBLITWZkYyVh5hwF7Fp/LQcZQA01sd9f4VMFVmqNtriUvuvVZOp9SVNAUJrUMYOikUQ/PCHOrb1N4bMWj3zxPuzQ5MoMJTpW76KreYONd/PCN3T6tYxNJEbr/GyL2Wx93MfRjBQ18n1dSZc41GoH1OC1HVu7p77kjYrCO57844zWGh4BHDvycbnqtf+K+Jo8MIuzfy9gU+OcQywGgiDf7zkxYYDkTfr0pmw5bw7H9GF51znzZsfX5mfZ/bzuw36zBKrWWaivvwbY4bqVl6uS6Bpxz0YPvdo6QIagKALOL7DwII6wYEN3JHpPNXqK9P0hL7SzAe9LJMUYHRQVodPLjN4JXzn68sBOwiKw0pRyMvAUlCXm4pigiJIzKaVdHK5oXYb8DPlQHt2SN2snz2+ZTzXySEhZZXzoz/9q840aozJYUcOz4YmgLkAYXBtf4WxDKDQLUuGVah523dssdeCfctZXiKjScb6YzbIeEy2Ivz7zK5nPSYrmBgwCTBYyy6Dt/472KzaagkBPHqkGoH4izIA+HVfmaPY17ujK992mjuCMBve4OkEOI4TKGTbTg7h407WXrM6NKv+LLx+EppcstVg0Pv/9mkvWAZFt4N2qcGS5Se1PRdVa87zVoPhWGs2yr6UyemUlEHE+tOZ0PNQodtuuLnz5l6W10gwBOo1igw0i0LBQP55ihxI3lBgvsQIidbsD/MEy+AfTiFGwcbJ97HgeDl6jLBS8BhFSV5lVgoNE/aA92rYp2OUB6xY9Ksv8cKXIvGPqw5N0jLo5wa3l7egVd4FIXLrKtlz9I=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB2757.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(396003)(376002)(136003)(39860400002)(346002)(366004)(451199015)(7416002)(5660300002)(2906002)(30864003)(21615005)(8936002)(52536014)(41300700001)(8676002)(4326008)(66899015)(15650500001)(76116006)(316002)(66476007)(66946007)(66556008)(64756008)(66446008)(91956017)(54906003)(110136005)(71200400001)(966005)(478600001)(53546011)(9686003)(186003)(26005)(55016003)(33656002)(7696005)(6506007)(83380400001)(66574015)(166002)(38100700002)(122000001)(86362001)(38070700005)(22166006)(579004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: IAgBLHuL8yQyfkox5RI/EicWzUtAOiCcV3tZMpsV4NcsqBUOZUToi3mx6MY6SYwOJFNLtYKwwS9OQPY++xXTG10Q7pMyWEA6Fmt9QVg1WQgo268eBo4cSP9tS/nybDZrXpOlzcc6RXpQzpLCe27S0ybeIRm+VmMHom6XZGIVyAmqVWWw7IpRusCwbKOrQWSHVrCIMg/oV+4LLAhTVdVWtVUgU5isHgXu+puaJouklnrGaf9YKom1csjQim4rSNQHMHCR/aib17kgxU+nJdSf+mA/5TiyfoosD1u0jJRfUu0STgfIgt0mKHaJHhbciD6PsPN/4lbbOFW2pxUXQ0FZf8AyXwQhHHM9ltYSesI8+vNfouG2Va6KAJIY96ki4DdaG+oT7fMRmjEsBg87ilqBacnZFaIXFY6UUEB1RpPhmUd4sZY9nbMhLqsGw7+3+EYUF8bTFk0G6GTKGZN7cNet9eCE9yNu1jj01sP5EoklWdFTXwN6sjsj6cJbJQu414/h3/jShtjrVl1ummyKHfBTIVMTJfBSPjVUQXLRAMpMoyV3yBXYTkDBF53lo/0gTFeW8s+G0ggMxGTX23F0u0z4wy+klkz/4ieQ0GaxDs1pyVrP+4zCUDiaWhRpLN0CubV1g8OlhA1Of0Ig0QoepdB+mgHlot0XsLpNqY/Wd3UwB14DRyo1Q4Gun5hOSrReSfZqlbuM1EHQe4OCJIyOJt75jwJ3+C0Otjg4wlolAvRoX36o/ks42y8T3JYKUCqm/hV8h1jzPIuAGiywh3GN+kX6mKsvjWNYNM7VVdsEvuX2gx9DazqxPs2aaJArOm60gl6oS9pPjPpnsDckJ2y1eDjL7qxzkC6qCjRW99sTZiP0IwnMpcRLubWfQDdZ8dfM0RgULg1p8UckDB5xNBbPlq2NuVjpSHRBLr6yeYKzXC0Rxwiv9LIkKhVQX0PiMuguOaG61FqNAs5jPOMKazDOmg/fWMuhj4x6gRaWRiMOfegGPe2Fz7dvoqq96XXff+bmkUfCtAJYJr2uh/pkAhJ7s2STzHNudMRc2mWBoe6B7F4/Mla0zrWwjGHhJ2PzuJfKLnd8nFpi/Pv3JUABA/yOxbteXIXdUX7heNS0iPOs+SUxUrcEGpvhSkQ2/02DY5GxahbaYdA/94YQjc6ydlyy0N1DwYQ0iGFC8GaccRdaJ8D4z75lwrpGwisjGrQfCDtRYT0SPSRgPK7u7hdCrIAF0Y3VFFdlz4lc1VO33KVJV030CLwN8G8rwYTXWrNL5l8hKHV1xWFu+T+rfVS97DyRQvIT8Atqm1EWHT/euO28zeUDA5zU0bCXDBoqO5CvllFcSimrqwibV2ytuK9z+z4JgehBCg0U9lOmkTpIhV5z1RAmdjBU7bsJ9QD91axvemTu6LgqtMQ9hr91vR9bMrvqXPZIBHmzLS6elOxNShBdbf4fx+loOfRTr2Z1Q8rmoZf9+Nl7L6NB4O12nDhwKCbSqhYSGLM2fvxZ3KOWvyLYNPsUg01Zx+SyNwGd48BetPz5na/0zhio3qDqA21gQBIhWGLPORkwU6u7/Nyxx+kMS9g2cQwHbz7smvI7z0y3Ke3xIcMV
Content-Type: multipart/alternative; boundary="_000_BYAPR11MB2757904738A9DC7FE33DEAD4C2F79BYAPR11MB2757namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB2757.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d6c82b4b-21f1-43c7-a205-08daecdb1e94
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jan 2023 16:05:08.0771 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jHDgDTxdZ4NeJ/hpSG0ednZnSHCAG4pXC77alR+UeZZ3UpCoTF1JVeSqSIlg5/+w
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB5168
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.227.252, xfe-rcd-004.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/91pv4RYb29nLkMTo6yvDNu2mlbE>
Subject: Re: [auth48] AUTH48: RFC-to-be 9353 <draft-ietf-lsr-pce-discovery-security-support-13> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jan 2023 16:05:18 -0000

Hi RFC Editor, Dhruv,

I concur with Dhruv on thanking the RFC Editors for the excellent work!!!

See a couple inlines.

From: Dhruv Dhody <dhruv.ietf@gmail.com>
Date: Sunday, January 1, 2023 at 11:28 PM
To: rfc-editor@rfc-editor.org <rfc-editor@rfc-editor.org>
Cc: diego.r.lopez@telefonica.com <diego.r.lopez@telefonica.com>, bill.wu@huawei.com <bill.wu@huawei.com>, maqiufang1@huawei.com <maqiufang1@huawei.com>, daniel@olddog.co.uk <daniel@olddog.co.uk>, lsr-ads@ietf.org <lsr-ads@ietf.org>, lsr-chairs@ietf.org <lsr-chairs@ietf.org>, Acee Lindem (acee) <acee@cisco.com>, jgs@juniper.net <jgs@juniper.net>, auth48archive@rfc-editor.org <auth48archive@rfc-editor.org>
Subject: Re: AUTH48: RFC-to-be 9353 <draft-ietf-lsr-pce-discovery-security-support-13> for your review
Hello,

Happy New Year! Thanks for making the document better with your excellent work. See inline...

On Sat, Dec 24, 2022 at 1:43 AM <rfc-editor@rfc-editor.org<mailto:rfc-editor@rfc-editor.org>> wrote:
Authors,

While reviewing this document during AUTH48, please resolve (as necessary) the following questions, which are also in the XML file.

1) <!-- [rfced] Please note that the title of the document has been updated as follows:

a) Abbreviations have been expanded per Section 3.6 of RFC 7322 (“RFC
Style Guide”). Please review.

Original:
IGP extension for PCEP security capability support in PCE discovery

Current:
IGP Extension for Path Computation Element Communication Protocol
(PCEP) Security Capability Support in PCE Discovery (PCED)

Dhruv: This is fine.



b) The short title (in the running header of the PDF version) has been updated.  Please review and let us know any objections.

Current:
IGP Extension: PCEP Security in PCED
-->

Dhruv: No objection.



2) <!-- [rfced] Please insert any keywords (beyond those that appear in
the title) for use on https://www.rfc-editor.org/search. -->


Dhruv: Can't think of any other keywords


3) <!-- [rfced]  Please review our suggested rephrase of the following text. Does it retain your intended meaning?

Original:
When a Path Computation Element (PCE) is a Label Switching Router
(LSR) participating in the Interior Gateway Protocol (IGP), or even a server participating in the IGP, its presence and path computation capabilities can be advertised using IGP flooding.

Perhaps:
When a Path Computation Element (PCE) is a Label Switching Router
(LSR) or a server participating in the Interior Gateway Protocol (IGP), its
presence and path computation capabilities can be advertised using IGP
flooding. -->

Dhruv: I am happy with the rephrasing.



4) <!--[rfced] Please review the updates we have made to the following
     text (to avoid awkward hyphenation) to ensure the changes have
     retained your intended meaning.

Original:
As described in [RFC5440], Path Computation Element Communication
Protocol (PCEP) communication privacy and integrity are important
issues, as an attacker that intercepts a PCEP message could obtain
sensitive information related to computed paths and resources.

Current:
As described in RFC 5440, privacy and
integrity are important issues for communication using the Path
Computation Element Communication Protocol (PCEP); an attacker that
intercepts a PCEP message could obtain sensitive information related
to computed paths and resources.

-->

Dhruv: It is fine; just s/RFC 5440/[RFC5440]/ and I noticed that in the link that is exactly what you have already :)



5) <!-- [rfced] We have updated this sentence to include TCP-AO as a
     method to advertise PCEP security to make the text parallel to
     the Abstract. Please let us know any objections.

Original:
[RFC5088] and [RFC5089] define a method to advertise path computation
capabilities using IGP flooding for OSPF and IS-IS respectively.
However, these specifications lack a method to advertise PCEP security
(e.g., TLS) support capability.

Current:
[RFC5088] and [RFC5089] define a method to advertise path computation
capabilities using IGP flooding for OSPF and IS-IS, respectively.
However, these specifications lack a method to advertise PCEP security
(e.g., TLS and TCP-AO) support capability. -->


Dhruv: Sure!


6) <!--[rfced] Is text missing here?  "...the IS-IS" what?  Protocol?
     Sub-TLVs?  Please clarify.

Original:
[RFC5089] states that the IS-IS uses the same registry as OSPF.
-->

Dhruv: Perhaps -

[RFC5089] states that the IS-IS PCE-CAP-FLAGS sub-TLV uses the
same registry as OSPF.

Dhruv’s suggested text is fine.



7) <!--[rfced] Please review the following text for clarity.  We were
     unsure about the last sentence when comparing it with the IANA
     actions in the IANA Considerations section and RFC 8306.  If the
     suggested text is incorrect, please provide another rephrasing.

Original:
This document updates [RFC8306] where it uses the term "OSPF PCE
Capability Flag" and request assignment from OSPF Parameters registry
with "PCE Capability Flag" and the IGP Parameters registry.

Perhaps:
This document also updates [RFC8306] by changing the term "OSPF PCE
Capability Flag" to read as "Path Computation Element (PCE) Capability
Flags" and to note the corresponding registry now exits in the

"Interior Gateway Protocol (IGP) Parameters" registry.
-->

Dhruv: Happy with the rephrasing!

Please change “exits” to “exists”.



8) <!--[rfced] Please review whether any of the notes in this document
     should be in the <aside> element. It is defined as "a container
     for content that is semantically less important or tangential to
     the content that surrounds it"
     (https://authors.ietf.org/en/rfcxml-vocabulary#aside).

Original (1):
Note that [RFC5557] uses the term "OSPF registry" instead of the "IGP
registry" whereas [RFC8623] and [RFC9168] uses the term "OSPF
Parameters" instead of "IGP Parameters".

Original (2):
Note that the PCEP Open message exchange is another way to discover
PCE capabilities information, but in this instance, the TCP security
related key parameters need to be known before the PCEP session is
established and the PCEP Open messages are exchanged.  Thus, the use
of the PCE Discovery and capabilities advertisement of the IGP needs
to be leveraged. -->

Dhruv: Happy to use <aside> element in the xml!



9) <!--[rfced] The Web Portion of the RFC Style Guide
     (https://www.rfc-editor.org/styleguide/part2/) recommends using
     the abbreviated form of an abbreviation after it has been
     introduced. We will implement this style for each of the
     following abbreviations unless we hear objection.

PCE Discovery (PCED)
TCP Authentication Option (TCP-AO)
Master Key Tuple (MKT) -->

Dhruv: No objection



10) <!--[rfced] The following text is difficult to follow with regard to subject/verb agreement.  Would either of the following suggestions work?

Original:
Thus, the use of the PCE discovery and capabilities
advertisement of the IGP needs to be leveraged.

Perhaps A:
Thus, PCE discovery and capabilities
advertisement of the IGP need to be leveraged.

Perhaps B:
Thus, the leveraging of PCE discovery and capabilities
advertisement of the IGP is necessary.
-->

Dhruv: A is fine with me!

I’d suggest:
     Thus, the IGP advertisement and flooding mechanisms need to be
     leveraged for PCE discovery and capabilities advertisement.

However, I don’t feel that strongly and would be happy with A.



11) <!--[rfced] We have received guidance from Benoit Claise and the YANG
Doctors that "YANG module" and "YANG data model" are preferred.
We have updated the text to use these forms.  Please review.

Original:
The YANG model for PCEP [I-D.ietf-pce-pcep-yang] supports PCEP
security parameters (key, key chain, and TLS).

Current:
The YANG module for PCEP [I-D.ietf-pce-pcep-yang] supports PCEP
security parameters (key, key chain, and TLS). -->


Dhruv: Ack


12) <!--[rfced] We suggest rephrasing this sentence for the ease of the
     reader. Does the following suggestion retain your intended
     meaning?

Original:
Thus, before advertising the PCEP security parameters, using the
mechanism described in this document, the IGP MUST be known to provide
authentication and integrity for the PCED TLV using the mechanisms
defined in [RFC5304], [RFC5310] or [RFC5709].

Perhaps:
Thus, before advertising the PCEP security parameters by using the
mechanism described in this document, the IGP MUST be known to provide
authentication and integrity for the PCED TLV using the mechanisms
defined in [RFC5304], [RFC5310], or [RFC5709]. -->


Dhruv: It does! Happy with the rephrase!


13) <!--[rfced] Should the title change for the following IANA registry?
     We note that RFC 5086 expanded PCED on first use and capped
     "sub-" when in a title.  If these changes are agreeable, we will
     communicate them to IANA during AUTH48 and update the text of
     this document accordingly.  See:
     https://www.iana.org/assignments/igp-parameters/igp-parameters.xhtml:

Current:
PCED sub-TLV Type Indicator

Perhaps:
PCE Discovery (PCED) Sub-TLV Type Indicator

>From RFC 5089:
   This document defines a new sub-TLV (named the PCE Discovery (PCED))
   to be carried within the IS-IS Router Capability TLV ([RFC4971]).
-->

Dhruv: Happy with the change!



14) <!-- [rfced] RFC 2385 has been obsoleted by RFC 5925. Would the following update be agreeable?  We note that RFC 5925 is already in the References section.

Original:
   As described in Section 10.2 of [RFC5440], an PCEP speaker MUST
   support TCP MD5 [RFC2385], so no capability advertisement is needed
   to indicate support.

Perhaps:
   As described in Section 10.2 of [RFC5440], an PCEP speaker MUST
   support TCP MD5 [RFC2385], so no capability advertisement is needed
   to indicate support.  (Note that RFC 2385 has been obsoleted by RFC
   5925.)
-->

Dhruv: I think the reference RFC2385 itself needs to change. I see two option, we could either -

A: Not using any reference, I see published RFCs which include the term "MD5" without a reference as it is quite well-known.
B: Use the reference as RFC 1321 (can also say that is obsoleted by RFC 5925)

I think it should be “a PCEP speaker” rather than “an PCEP speaker since neither “P” or “Path” would be preceded by “an”.
I don’t feel strongly about the reference – FBOW MD5 is deployed. Either option is fine with me stating that it has been
obsoleted.

I would like to know the opinion of the RFC editor team and others in CC!





15) <!-- [rfced] Would you like the references to be alphabetized
or left in their current order?-->

Dhruv: Please alphabetize them.

16) <!-- [rfced] We note that the URL provided for the reference below
     goes to a page titled "Unicode Security Considerations" instead
     of "Character Encoding Model". Please let us know how we should
     update this reference.

Original:
   [UTR36]    Davis, M., "Unicode Technical Report #36, Character
              Encoding Model",
              UTR17 https://www.unicode.org/unicode/reports/tr36/,
              February 2005. -->


Dhruv: Thanks for spotting this! Please correct this to ->

Davis, M., Ed. and M. Suignard, Ed., "Unicode Security Considerations", Unicode Technical Report #36, August 2010, <http://unicode.org/reports/tr36/<https://unicode.org/reports/tr36/>>.

This is what I see in RFC 9003.


17) <!-- [rfced] We had the following questions related to terminology use
     throughout the document:

a) We see the following variations with regard to spacing,
hyphenation, and capping. Please review occurrences and let us know
if/how these may be made consistent.

key-chain vs. keychain vs. key chain

Dhruv: key chain

Agreed. This is consistent with RFC 8177.

Thanks,
Acee



key-chain name vs. Key Chain Name vs. keychain name

Dhruv: key chain name (and capitalize based on context)

Also in section 3.3.1, the field name "Key Name" should be "Key Chain Name" to align with 3.3.2


Note we see both Key Chain Name sub-TLV and KEY-CHAIN-NAME sub-TLV as well.

Dhruv: Use KEY-CHAIN-NAME sub-TLV


b) We see the following mixed use of KeyID and Key ID (spacing).  May
these be made uniform?  If so, how may we update?

...[RFC5925] (referred to as KeyID).
vs.
KeyID: The one octet Key ID as per [RFC5925]
(Note: we assume KEY-ID sub-TLV should remain as is).
-->

Dhruv: My preference is for KeyID and yes when referring to sub-TLV it should be KEY-ID sub-TLV.



18) <!-- [rfced] Please review the "Inclusive Language" portion of the online Style Guide
<https://www.rfc-editor.org/styleguide/part2/#inclusive_language> and let
us know if any changes are needed. For example, please consider whether
the term "Master Key Tuple (MKT)" should be updated.

Original:
KeyID: The one octet Key ID as per [RFC5925] to uniquely identify
the Master Key Tuple (MKT). -->


Dhruv: No change is needed.

Thanks!
Dhruv


Thank you.

RFC Editor/mc/mf

*****IMPORTANT*****

Updated 2022/12/23

RFC Author(s):
--------------

Instructions for Completing AUTH48

Your document has now entered AUTH48.  Once it has been reviewed and
approved by you and all coauthors, it will be published as an RFC.
If an author is no longer available, there are several remedies
available as listed in the FAQ (https://www.rfc-editor.org/faq/).

You and you coauthors are responsible for engaging other parties
(e.g., Contributors or Working Group) as necessary before providing
your approval.

Planning your review
---------------------

Please review the following aspects of your document:

*  RFC Editor questions

   Please review and resolve any questions raised by the RFC Editor
   that have been included in the XML file as comments marked as
   follows:

   <!-- [rfced] ... -->

   These questions will also be sent in a subsequent email.

*  Changes submitted by coauthors

   Please ensure that you review any changes submitted by your
   coauthors.  We assume that if you do not speak up that you
   agree to changes submitted by your coauthors.

*  Content

   Please review the full content of the document, as this cannot
   change once the RFC is published.  Please pay particular attention to:
   - IANA considerations updates (if applicable)
   - contact information
   - references

*  Copyright notices and legends

   Please review the copyright notice and legends as defined in
   RFC 5378 and the Trust Legal Provisions
   (TLP – https://trustee.ietf.org/license-info/).

*  Semantic markup

   Please review the markup in the XML file to ensure that elements of
   content are correctly tagged.  For example, ensure that <sourcecode>
   and <artwork> are set correctly.  See details at
   <https://authors.ietf.org/rfcxml-vocabulary>.

*  Formatted output

   Please review the PDF, HTML, and TXT files to ensure that the
   formatted output, as generated from the markup in the XML file, is
   reasonable.  Please note that the TXT will have formatting
   limitations compared to the PDF and HTML.


Submitting changes
------------------

To submit changes, please reply to this email using ‘REPLY ALL’ as all
the parties CCed on this message need to see your changes. The parties
include:

   *  your coauthors

   *  rfc-editor@rfc-editor.org<mailto:rfc-editor@rfc-editor.org> (the RPC team)

   *  other document participants, depending on the stream (e.g.,
      IETF Stream participants are your working group chairs, the
      responsible ADs, and the document shepherd).

   *  auth48archive@rfc-editor.org<mailto:auth48archive@rfc-editor.org>, which is a new archival mailing list
      to preserve AUTH48 conversations; it is not an active discussion
      list:

     *  More info:
        https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc

     *  The archive itself:
        https://mailarchive.ietf.org/arch/browse/auth48archive/

     *  Note: If only absolutely necessary, you may temporarily opt out
        of the archiving of messages (e.g., to discuss a sensitive matter).
        If needed, please add a note at the top of the message that you
        have dropped the address. When the discussion is concluded,
        auth48archive@rfc-editor.org<mailto:auth48archive@rfc-editor.org> will be re-added to the CC list and
        its addition will be noted at the top of the message.

You may submit your changes in one of two ways:

An update to the provided XML file
 — OR —
An explicit list of changes in this format

Section # (or indicate Global)

OLD:
old text

NEW:
new text

You do not need to reply with both an updated XML file and an explicit
list of changes, as either form is sufficient.

We will ask a stream manager to review and approve any changes that seem
beyond editorial in nature, e.g., addition of new text, deletion of text,
and technical changes.  Information about stream managers can be found in
the FAQ.  Editorial changes do not require approval from a stream manager.


Approving for publication
--------------------------

To approve your RFC for publication, please reply to this email stating
that you approve this RFC for publication.  Please use ‘REPLY ALL’,
as all the parties CCed on this message need to see your approval.


Files
-----

The files are available here:
   https://www.rfc-editor.org/authors/rfc9353.xml
   https://www.rfc-editor.org/authors/rfc9353.html
   https://www.rfc-editor.org/authors/rfc9353.pdf
   https://www.rfc-editor.org/authors/rfc9353.txt

Diff file of the text:
   https://www.rfc-editor.org/authors/rfc9353-diff.html
   https://www.rfc-editor.org/authors/rfc9353-rfcdiff.html (side by side)

Diff of the XML:
   https://www.rfc-editor.org/authors/rfc9353-xmldiff1.html

The following files are provided to facilitate creation of your own
diff files of the XML.

Initial XMLv3 created using XMLv2 as input:
   https://www.rfc-editor.org/authors/rfc9353.original.v2v3.xml

XMLv3 file that is a best effort to capture v3-related format updates
only:
   https://www.rfc-editor.org/authors/rfc9353.form.xml


Tracking progress
-----------------

The details of the AUTH48 status of your document are here:
   https://www.rfc-editor.org/auth48/rfc9353

Please let us know if you have any questions.

Thank you for your cooperation,

RFC Editor

--------------------------------------
RFC9353 (draft-ietf-lsr-pce-discovery-security-support-13)

Title            : IGP extension for PCEP security capability support in PCE discovery
Author(s)        : D. Lopez, Q. Wu, D. Dhody, Q. Ma, D. King
WG Chair(s)      : Acee Lindem, Christian Hopps
Area Director(s) : Alvaro Retana, John Scudder, Andrew Alston

v2.23.0 | Report a Bug | By Email