Re: [karp] Proposal on securing PCEP by means of TLS

Qin Wu <> Wed, 24 July 2013 04:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6E02C21F9F44; Tue, 23 Jul 2013 21:50:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Owzc6NnuDA+P; Tue, 23 Jul 2013 21:50:12 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id E926E21F9D02; Tue, 23 Jul 2013 21:50:10 -0700 (PDT)
Received: from (EHLO ([]) by (MOS 4.3.5-GA FastPath queued) with ESMTP id AVJ10383; Wed, 24 Jul 2013 04:50:08 +0000 (GMT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.1.323.7; Wed, 24 Jul 2013 05:48:29 +0100
Received: from ( by ( with Microsoft SMTP Server (TLS) id 14.1.323.7; Wed, 24 Jul 2013 05:49:24 +0100
Received: from ([]) by ([]) with mapi id 14.01.0323.007; Wed, 24 Jul 2013 12:49:19 +0800
From: Qin Wu <>
To: "Diego R. Lopez" <>, "" <>
Thread-Topic: Proposal on securing PCEP by means of TLS
Thread-Index: AQHOf7+uXh4JtZqUPkOFzvaC0qiQVJlzUhSw
Date: Wed, 24 Jul 2013 04:49:18 +0000
Message-ID: <>
References: <E6D8B95470ED0845B3376F61DCAB1A049CD150B8@EX10-MB2-MAD.hi.inet>
In-Reply-To: <E6D8B95470ED0845B3376F61DCAB1A049CD150B8@EX10-MB2-MAD.hi.inet>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Cc: "" <>
Subject: Re: [karp] Proposal on securing PCEP by means of TLS
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion list for key management for routing and transport protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Jul 2013 04:50:16 -0000

Very interesting draft. TLS seems to bring more benefit for key management.

Would it be good to discuss securing PCEP by TCP-AO as well since TCP-MD5 has been obsoleted by TCP-AO?

Also it is better to discuss how TLS/TCP can be used to deal with Vulnerabilities concerns raised in RFC5440.

Another comment is when both PCC and PCE support both TLS/TCP and TCP, how does PCC select transport protocol? TCP is mandatory or both are mandatory? Does it rely on manual configuration or dynamic discovery?

(sorry for duplicate message if you received before since It looks this email was sent before and unfortunately filtered out)
-----Original Message-----
From: [] On Behalf Of Diego R. Lopez
Sent: Saturday, July 13, 2013 7:55 PM
Subject: [Pce] Proposal on securing PCEP by means of TLS


Oscar and I have prepared a draft on applying TLS to PCEP security:

Filename:        draft-lopez-pcp-pceps
Revision:        00
Title:           Secure Transport for PCEP
Creation date:   2013-07-10
Group:           Individual Submission
Number of pages: 8

  The Path Computation Element Communication Protocol (PCEP) defines
  the mechanisms for the communication between a client and a PCE, or
  among PCEs.  This document describe the usage of Transport Layer
  Security to enhance PCEP security, hence the PCEPS acronym proposed
  for it.  The additional security mechanisms are provided by the
  transport protocol supporting PCEP, and therefore they do not affect
  its flexibility and extensibility.


Comments and contributions will be extremely welcome.

As you can expect, we'd like to have the opportunity to present and discuss it in Berlin.

Be goode

"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D

Tel:    +34 913 129 041
Mobile: +34 682 051 091


Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo.
This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at:
Pce mailing list