Re: [karp] Proposal on securing PCEP by means of TLS
Qin Wu <bill.wu@huawei.com> Wed, 24 July 2013 04:50 UTC
Return-Path: <bill.wu@huawei.com>
X-Original-To: karp@ietfa.amsl.com
Delivered-To: karp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E02C21F9F44; Tue, 23 Jul 2013 21:50:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Owzc6NnuDA+P; Tue, 23 Jul 2013 21:50:12 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) by ietfa.amsl.com (Postfix) with ESMTP id E926E21F9D02; Tue, 23 Jul 2013 21:50:10 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml204-edg.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.5-GA FastPath queued) with ESMTP id AVJ10383; Wed, 24 Jul 2013 04:50:08 +0000 (GMT)
Received: from LHREML405-HUB.china.huawei.com (10.201.5.242) by lhreml204-edg.china.huawei.com (172.18.7.223) with Microsoft SMTP Server (TLS) id 14.1.323.7; Wed, 24 Jul 2013 05:48:29 +0100
Received: from NKGEML403-HUB.china.huawei.com (10.98.56.34) by lhreml405-hub.china.huawei.com (10.201.5.242) with Microsoft SMTP Server (TLS) id 14.1.323.7; Wed, 24 Jul 2013 05:49:24 +0100
Received: from NKGEML501-MBS.china.huawei.com ([169.254.2.43]) by nkgeml403-hub.china.huawei.com ([10.98.56.34]) with mapi id 14.01.0323.007; Wed, 24 Jul 2013 12:49:19 +0800
From: Qin Wu <bill.wu@huawei.com>
To: "Diego R. Lopez" <diego@tid.es>, "pce@ietf.org" <pce@ietf.org>
Thread-Topic: Proposal on securing PCEP by means of TLS
Thread-Index: AQHOf7+uXh4JtZqUPkOFzvaC0qiQVJlzUhSw
Date: Wed, 24 Jul 2013 04:49:18 +0000
Message-ID: <B8F9A780D330094D99AF023C5877DABA43B6DCD1@nkgeml501-mbs.china.huawei.com>
References: <E6D8B95470ED0845B3376F61DCAB1A049CD150B8@EX10-MB2-MAD.hi.inet>
In-Reply-To: <E6D8B95470ED0845B3376F61DCAB1A049CD150B8@EX10-MB2-MAD.hi.inet>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.138.41.149]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Cc: "karp@ietf.org" <karp@ietf.org>
Subject: Re: [karp] Proposal on securing PCEP by means of TLS
X-BeenThere: karp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion list for key management for routing and transport protocols <karp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/karp>, <mailto:karp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/karp>
List-Post: <mailto:karp@ietf.org>
List-Help: <mailto:karp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/karp>, <mailto:karp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2013 04:50:16 -0000
Hi,Diego: Very interesting draft. TLS seems to bring more benefit for key management. Would it be good to discuss securing PCEP by TCP-AO as well since TCP-MD5 has been obsoleted by TCP-AO? Also it is better to discuss how TLS/TCP can be used to deal with Vulnerabilities concerns raised in RFC5440. Another comment is when both PCC and PCE support both TLS/TCP and TCP, how does PCC select transport protocol? TCP is mandatory or both are mandatory? Does it rely on manual configuration or dynamic discovery? Regards! -Qin (sorry for duplicate message if you received before since It looks this email was sent before and unfortunately filtered out) -----Original Message----- From: pce-bounces@ietf.org [mailto:pce-bounces@ietf.org] On Behalf Of Diego R. Lopez Sent: Saturday, July 13, 2013 7:55 PM To: pce@ietf.org Cc: karp@ietf.org Subject: [Pce] Proposal on securing PCEP by means of TLS Hi, Oscar and I have prepared a draft on applying TLS to PCEP security: 8<--- Filename: draft-lopez-pcp-pceps Revision: 00 Title: Secure Transport for PCEP Creation date: 2013-07-10 Group: Individual Submission Number of pages: 8 URL: http://www.ietf.org/internet-drafts/draft-lopez-pcp-pceps-00.txt Status: http://datatracker.ietf.org/doc/draft-lopez-pcp-pceps Htmlized: http://tools.ietf.org/html/draft-lopez-pcp-pceps-00 Abstract: The Path Computation Element Communication Protocol (PCEP) defines the mechanisms for the communication between a client and a PCE, or among PCEs. This document describe the usage of Transport Layer Security to enhance PCEP security, hence the PCEPS acronym proposed for it. The additional security mechanisms are provided by the transport protocol supporting PCEP, and therefore they do not affect its flexibility and extensibility. 8<--- Comments and contributions will be extremely welcome. As you can expect, we'd like to have the opportunity to present and discuss it in Berlin. Be goode -- "Esta vez no fallaremos, Doctor Infierno" Dr Diego R. Lopez Telefonica I+D http://people.tid.es/diego.lopez/ e-mail: diego@tid.es Tel: +34 913 129 041 Mobile: +34 682 051 091 ----------------------------------------- ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx _______________________________________________ Pce mailing list Pce@ietf.org https://www.ietf.org/mailman/listinfo/pce