[Last-Call] Secdir last call review of draft-ietf-pce-vn-association
tirumal reddy <kondtir@gmail.com> Tue, 25 October 2022 12:26 UTC
Return-Path: <kondtir@gmail.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 524F0C14F718; Tue, 25 Oct 2022 05:26:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lv9cFc5U3LpW; Tue, 25 Oct 2022 05:26:03 -0700 (PDT)
Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C48DEC14F6EB; Tue, 25 Oct 2022 05:26:03 -0700 (PDT)
Received: by mail-lf1-x132.google.com with SMTP id r14so21689335lfm.2; Tue, 25 Oct 2022 05:26:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=3WUjbJa+dZ5bLlKelVajS9UCDJhCyjXkhAqNm/8lN6U=; b=dhhiH+x/aPEymo+4CIGosiYIWdb3um2ABwiDVjdxsfvCerVOVNbkA54RSZzflX8pCl cOerLdqGbqExiJXwtDlK5t8ro3C7eqOEx5zJnG241FhrJyl1kNYutdKBBtQ1FUPNXXc8 ZzJDpNmCGadNyNJXReBLEAkuJADG1icxMrUp6clZJGr0BZw1dbIaNLcFLRjaiehokop/ FE3PzU41fI7ox3TmQv8xx5Fj6btMHQKtF9F5+UUPlsdTJ0+tIrbdOkbC1uPkQ0cpirU8 DhUNH8ycPuYMJiPcIzAukw2dDF6taVBhP4208pB5nvdEmRoWaedEyuIBIdZxC7l4Paeh 9Eaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=3WUjbJa+dZ5bLlKelVajS9UCDJhCyjXkhAqNm/8lN6U=; b=RF0+lBmEEHs73OzBhJrjb+dg/qWK35iik4avYrG7vEssSi/DdA2abqYvcKPtKfNU0s pTQTTVU7vN29AbfuA+fCY/r+cdZ7mqafCORvolmDnYsFqpvhwPKX9nOIrwBYzStZDnQO 8NWOp/yDNx0OM556XxKl3Y6WIdKkYw7Ine421UjrvPcWSpOi1tfdUqw4yaG3pB97MmBy hrgE+bWVatBZNlv6YsDiIFYQg52T2pc79MAIrqmyQvKCkY9bw4LtF77IgKAQnN/JEQcI 7zgZaaS1cJcs0Xb2b0NBVtejViPlGIg9zbfrwEb/lW8vYqKcgg+nhsIfC33VtM+MEH7o iYNg==
X-Gm-Message-State: ACrzQf0ku9ITH9nScceKjI+uw+b7FyR9OPbkFHCiJerQ5437GkZg1XRH uRGMFOmNQOlTAwgc+J7H3ofRdGdklWlPN6uzgdconZeffr8=
X-Google-Smtp-Source: AMsMyM6hcnmHKMQqZNn+c8B6xjdlrB4gvRrE3nRPQdYZGUvv4kRwyfErecX7OC255EB8kSdRXJ0nel2kuid4o+o0oLA=
X-Received: by 2002:a19:f24b:0:b0:4ab:cd12:d282 with SMTP id d11-20020a19f24b000000b004abcd12d282mr3655940lfk.74.1666700761327; Tue, 25 Oct 2022 05:26:01 -0700 (PDT)
MIME-Version: 1.0
From: tirumal reddy <kondtir@gmail.com>
Date: Tue, 25 Oct 2022 17:55:50 +0530
Message-ID: <CAFpG3gdYxDAsTi_5TTKQsjKpxBbHutVOcu3-biR=BMiGEjwKcw@mail.gmail.com>
To: secdir@ietf.org
Cc: draft-ietf-pce-vn-association.all@ietf.org, pce@ietf.org, last-call@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d36f3e05ebdb02f8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/2aTFsXmrUTg6Du0AmeKTyux7D9M>
Subject: [Last-Call] Secdir last call review of draft-ietf-pce-vn-association
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Oct 2022 12:26:08 -0000
Reviewer: Tirumaleswar Reddy Review result: Ready with issues I apologize for missing the deadline for this review. This document relies on [RFC5440], [RFC8231], [RFC8281] and [RFC8697] for security considerations. RFC5440 discusses the use of TCP-MD5 (obsoleted), TCP Authentication Option and TLS 1.2. Further, RFC5440 refers to RFC7525 for TLS recommendations. draft-ietf-pce-vn-association says use of TLS is recommended. My comments below: 1. Any specific reason for using "SHOULD" instead of using "MUST" for TLS. If TLS is not used in certain scenarios, how is a malicious PCEP speaker detected ? 2. Do you see any challenges encouraging the use of TLS 1.3 ? 3. You may want to make it clear that this document does not rely on TCP-MD5. 4. If existing implementations are using TLS 1.2, I suggest referring to the recommendations in draft-ietf-uta-rfc7525bis instead of rfc7525. Please see Appendix A in draft-ietf-uta-rfc7525bis, it highlights the differences with rfc7525. Cheers, -Tiru
- [Last-Call] Secdir last call review of draft-ietf… tirumal reddy
- Re: [Last-Call] Secdir last call review of draft-… Dhruv Dhody
- Re: [Last-Call] Secdir last call review of draft-… tirumal reddy