Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support-01.txt
"Acee Lindem (acee)" <acee@cisco.com> Sat, 22 June 2019 20:36 UTC
Return-Path: <acee@cisco.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F23F9120046; Sat, 22 Jun 2019 13:36:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=WSP0L/mw; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=wZK+IzRP
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z7AEfpD5mvcb; Sat, 22 Jun 2019 13:36:24 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF9F012001E; Sat, 22 Jun 2019 13:36:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7190; q=dns/txt; s=iport; t=1561235784; x=1562445384; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=/8MpPH05QyUFT6yu00XZykuUGo6OP643/zAThaTfr+Q=; b=WSP0L/mwmZ2xRvM7Pw9rAmumfeccyQYpW/phJm4f5B/We7NHILdb9j+z VaqotISOpZG9YSX4xe0KxCocHdVxC8Sj81nKBeeqjy8j6FZsRknOLVcTo d/zHMEuiXrFsDEJBNesJOrp2EzzA2PPLw0ppVVwWTv/toKmYRreAx5fM4 A=;
IronPort-PHdr: 9a23:NHWkchx5poLdHqPXCy+N+z0EezQntrPoPwUc9psgjfdUf7+++4j5YRGN/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A+GsHbIQKUhYEjcsMmAl1CcWIBGXwLeXhaGoxG8ERHFI=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AUAAASkA5d/4QNJK1iGgEBAQEBAgEBAQEHAgEBAQGBVQMBAQEBCwGBQyQsA2pVIAQLKIQWg0cDjmCCW5c4gS6BJANUCQEBAQwBARgNCAIBAYRAAheCRyM2Bw4BAwEBBAEBAgEFbYo3AQuFSgEBAQEDAQEQEREMAQEsCwELBAIBCBEEAQEDAiYCAgIlCxUICAIEDgUigwABgWoDHQEOmHoCgTiIX3GBMYJ5AQEFgTYCDkGCchiCEQmBDCgBi10XgX+BEAEnH4JMPoJhAQECAQEWgTEWJoJkMoImjk6FHJYjCQKCFIZNjRUbgihrhiKOEo0mhy+PVAIEAgQFAg4BAQWBVwEwgVhwFRohKgGCQQmCOINwhRSFP3IMgR2OegEB
X-IronPort-AV: E=Sophos;i="5.63,405,1557187200"; d="scan'208";a="567655895"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Jun 2019 20:36:22 +0000
Received: from XCH-RCD-020.cisco.com (xch-rcd-020.cisco.com [173.37.102.30]) by alln-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id x5MKaM8s022968 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Sat, 22 Jun 2019 20:36:22 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-RCD-020.cisco.com (173.37.102.30) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sat, 22 Jun 2019 15:36:21 -0500
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sat, 22 Jun 2019 15:36:21 -0500
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Sat, 22 Jun 2019 15:36:21 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/8MpPH05QyUFT6yu00XZykuUGo6OP643/zAThaTfr+Q=; b=wZK+IzRPXRwmmhoqIbtKENjrqFM60BT5cNVHVCGm/Fg120nvykIXVDr4It4YndHhdHu3ASUqHafeUdodBtZ3OKC810evTNabeto+82d2Gscq1krjwHHlCFppewYTnPSO6LPu0EKkhfhxZlffJGinqoVgdyRi1Z8cRsioZzbKyfA=
Received: from CY4PR11MB1895.namprd11.prod.outlook.com (10.175.81.7) by CY4PR11MB1894.namprd11.prod.outlook.com (10.175.61.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.15; Sat, 22 Jun 2019 20:36:20 +0000
Received: from CY4PR11MB1895.namprd11.prod.outlook.com ([fe80::304c:e9fd:8386:ef80]) by CY4PR11MB1895.namprd11.prod.outlook.com ([fe80::304c:e9fd:8386:ef80%7]) with mapi id 15.20.2008.014; Sat, 22 Jun 2019 20:36:20 +0000
From: "Acee Lindem (acee)" <acee@cisco.com>
To: "draft-ietf-lsr-pce-discovery-security-support@ietf.org" <draft-ietf-lsr-pce-discovery-security-support@ietf.org>
CC: "lsr@ietf.org" <lsr@ietf.org>, "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
Thread-Topic: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support-01.txt
Thread-Index: AQHVGb7XXzYiaVuTBkaEvdJy4XBQtaaJdb8AgB6IAIA=
Date: Sat, 22 Jun 2019 20:36:20 +0000
Message-ID: <B29B0EFC-89D3-48B0-A138-F5DB5C5733A4@cisco.com>
References: <155953350234.21547.271455258761348084@ietfa.amsl.com> <BYAPR11MB3638D2C9D9D5E8AC8174ADCFC1140@BYAPR11MB3638.namprd11.prod.outlook.com>
In-Reply-To: <BYAPR11MB3638D2C9D9D5E8AC8174ADCFC1140@BYAPR11MB3638.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=acee@cisco.com;
x-originating-ip: [2001:420:c0c8:1008::842]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f1f961ad-9b69-4b2e-84b4-08d6f75148a1
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:CY4PR11MB1894;
x-ms-traffictypediagnostic: CY4PR11MB1894:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <CY4PR11MB1894CDDC2F926BA776DE130EC2E60@CY4PR11MB1894.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0076F48C8A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(396003)(366004)(136003)(39860400002)(376002)(189003)(54094003)(199004)(13464003)(15374003)(66946007)(91956017)(450100002)(966005)(66556008)(76116006)(64756008)(107886003)(66446008)(4326008)(46003)(186003)(2616005)(446003)(476003)(478600001)(66476007)(71190400001)(8676002)(53936002)(229853002)(6436002)(25786009)(73956011)(71200400001)(11346002)(66574012)(305945005)(7736002)(5640700003)(6486002)(68736007)(14454004)(8936002)(6916009)(486006)(86362001)(33656002)(6512007)(6116002)(6306002)(53546011)(36756003)(76176011)(316002)(6506007)(14444005)(5660300002)(81166006)(54906003)(256004)(81156014)(2351001)(6246003)(2501003)(102836004)(2906002)(99286004)(15650500001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR11MB1894; H:CY4PR11MB1895.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: dt6PzywWSY+5FQodc7m8tRET1vh1MhSEizvfQzTEbjnezc+qgy1aJvV6bkjtxGK2Z6YcmkF4GCHnGqSshTTmyGIOZeHdoVuqRfbHQpodN/AxdNJT+9QSbRHG/MBTykDD4dsMpKYeYt6wtXtYG912r403mvbZ47ILV3SS/5TSWMBcPPffd9lgfSuZ2pC43mROwwUng/OkiTudOok0diDzvt6XH3bXMfZfLjFgw6OipG7ClIf9EFWZ9/oDx9/RBI2xVjwMDQ7YDRDXcKqxf1LaqbvOXap2gSCMIrekrKRKqIaGqlU7LnVHsTEKpqZvRHj4kW/x0yOxglnOSd+4VMlV7UWhnxp537Pa6Ne7kEmLopEzehTgU1oFThQZmOfQ6xinTtCD4sBfEaVSHrvmjnd/G+HUHruMh/WPjb8eTnt3xLQ=
Content-Type: text/plain; charset="utf-8"
Content-ID: <614B381A0DB3ED46BF651BF9386004B6@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: f1f961ad-9b69-4b2e-84b4-08d6f75148a1
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jun 2019 20:36:20.1689 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: acee@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1894
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.30, xch-rcd-020.cisco.com
X-Outbound-Node: alln-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/Bv2cJPAEcVoqT5Ywbnwm6Rq6E6U>
Subject: Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support-01.txt
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Jun 2019 20:36:26 -0000
Authors - can you respond to Les' comments? Thanks, Acee On 6/3/19, 2:22 AM, "Lsr on behalf of Les Ginsberg (ginsberg)" <lsr-bounces@ietf.org on behalf of ginsberg@cisco.com> wrote: A few - somewhat tardy - concerns about this draft. 1)During adoption call it was mentioned that PCE WG had not taken a position on this draft. Since I don't follow PCE WG (apologies) I need to ask - has that status changed?? 2)As discussed during the adoption call, the draft removes the restriction specified in RFC 5088/5089 of not allowing further PCE related advertisements in Router Capability TLV/Router Information LSA. Acee had mentioned that he thought this was no longer a concern because in RFC 7770 multiple OSPF Router Information LSA support was introduced. But this is really not relevant to the reason that the restriction was originally introduced. The restriction was introduced because of general concern that using IGPs to advertise information not directly relevant to the operation of the IGP as a routing protocol is sub-optimal and negatively impacts the performance of the primary IGP functions. I am aware that this is a line that has been crossed (in modest ways) more than once - and I am not categorically opposing the extensions proposed - but I do wonder if this is the most appropriate way to advertise the new attributes - particularly since this does not solve the general case - it only applies when the PCE is also an LSR. I think a broader discussion of this issue is warranted. 3)If the draft goes forward in its current form, it updates RFC 5088/5089 in a significant way (the removal of restriction against additional PCE related IGP advertisements) - in which case I wonder if it would be better to write an RFC 5088/89 bis document rather than an extension document. And, BTW, do you know why the HTML version of the document has no table of contents? Les > -----Original Message----- > From: Lsr <lsr-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org > Sent: Sunday, June 02, 2019 8:45 PM > To: i-d-announce@ietf.org > Cc: lsr@ietf.org > Subject: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support-01.txt > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Link State Routing WG of the IETF. > > Title : IGP extension for PCEP security capability support in the PCE > discovery > Authors : Diego R. Lopez > Qin Wu > Dhruv Dhody > Michael Wang > Daniel King > Filename : draft-ietf-lsr-pce-discovery-security-support-01.txt > Pages : 10 > Date : 2019-06-02 > > Abstract: > When a Path Computation Element (PCE) is a Label Switching Router > (LSR) participating in the Interior Gateway Protocol (IGP), or even a > server participating in IGP, its presence and path computation > capabilities can be advertised using IGP flooding. The IGP > extensions for PCE discovery (RFC 5088 and RFC 5089) define a method > to advertise path computation capabilities using IGP flooding for > OSPF and IS-IS respectively. However these specifications lack a > method to advertise PCEP security (e.g., Transport Layer > Security(TLS), TCP Authentication Option (TCP-AO)) support > capability. > > This document proposes new capability flag bits for PCE-CAP-FLAGS > sub-TLV that can be announced as attribute in the IGP advertisement > to distribute PCEP security support information. In addition, this > document updates RFC 5088 and RFC 5089 to allow advertisement of Key > ID or Key Chain Name Sub-TLV to support TCP AO security capability. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-lsr-pce-discovery-security- > support/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-lsr-pce-discovery-security-support-01 > https://datatracker.ietf.org/doc/html/draft-ietf-lsr-pce-discovery-security- > support-01 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-lsr-pce-discovery-security- > support-01 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > Lsr mailing list > Lsr@ietf.org > https://www.ietf.org/mailman/listinfo/lsr _______________________________________________ Lsr mailing list Lsr@ietf.org https://www.ietf.org/mailman/listinfo/lsr
- [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-se… internet-drafts
- Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discover… Les Ginsberg (ginsberg)
- Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discover… Qin Wu
- Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discover… Les Ginsberg (ginsberg)
- Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discover… Qin Wu
- Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discover… Acee Lindem (acee)
- Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discover… Les Ginsberg (ginsberg)
- Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discover… Qin Wu
- [Lsr] 答复: I-D Action: draft-ietf-lsr-pce-discover… Aijun Wang