Re: [Lsr] New Version Notification for draft-wu-lsr-pce-discovery-security-support-00.txt
"Acee Lindem (acee)" <acee@cisco.com> Fri, 24 August 2018 14:23 UTC
Return-Path: <acee@cisco.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84122128B14 for <lsr@ietfa.amsl.com>; Fri, 24 Aug 2018 07:23:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s5aK9BiJx4ka for <lsr@ietfa.amsl.com>; Fri, 24 Aug 2018 07:23:13 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A3C612008A for <lsr@ietf.org>; Fri, 24 Aug 2018 07:23:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4750; q=dns/txt; s=iport; t=1535120593; x=1536330193; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=gnIXGfpyAPMUiHFK3iFRfOO9Zb8CPzk7yLx6EAwSHiU=; b=TTnnsX8eVG5+qL+6nt3fo8rd76DWTHLKoxwLKTYIjOjLMUf57e+nvWj7 H8bn7mC/IWafZdMS3jd3+MP0WabvxCT6TsNE+6kS7iO7zjuFj7BzM9Xcq WnO3ifI2SnwAJ0xyPnxDcQtn0k2yTuAqwtqQBMhOaYL5LWN0gdz4rbxG6 I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BJAQC5E4Bb/4oNJK1aGQEBAQEBAQEBAQEBAQcBAQEBAYNPZX8oCoNliA2MIIFog2KSZYF6CyWERwIXgnchNBgBAgEBAgEBAm0cDIU4BiMRQxICAQYCDgwCIwMCAgIwFAEQAgQBEoMhAYIBD4d4m0uBLoRqhXyBC4gVF4IAgREBJwwTgkyDGwEBAgEBgUeDFzGCJgKNF44MCQKGMYk8F4E+SINoiFWLGYgEAhEUgSQdOIFScBUaSwGCPgmCHBcRiEiFPm8BC45AgRwBAQ
X-IronPort-AV: E=Sophos;i="5.53,281,1531785600"; d="scan'208";a="442729106"
Received: from alln-core-5.cisco.com ([173.36.13.138]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Aug 2018 14:23:12 +0000
Received: from XCH-RTP-012.cisco.com (xch-rtp-012.cisco.com [64.101.220.152]) by alln-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id w7OENClO026154 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 24 Aug 2018 14:23:12 GMT
Received: from xch-rtp-015.cisco.com (64.101.220.155) by XCH-RTP-012.cisco.com (64.101.220.152) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 24 Aug 2018 10:23:11 -0400
Received: from xch-rtp-015.cisco.com ([64.101.220.155]) by XCH-RTP-015.cisco.com ([64.101.220.155]) with mapi id 15.00.1320.000; Fri, 24 Aug 2018 10:23:11 -0400
From: "Acee Lindem (acee)" <acee@cisco.com>
To: Qin Wu <bill.wu@huawei.com>, "lsr@ietf.org" <lsr@ietf.org>
Thread-Topic: New Version Notification for draft-wu-lsr-pce-discovery-security-support-00.txt
Thread-Index: AQHUO1Yg+5jLq2ECyU+LSXY1AXR5QKTONaOQgAC/qYA=
Date: Fri, 24 Aug 2018 14:23:11 +0000
Message-ID: <5111BA63-43CD-4341-BA11-E439A4C3E54F@cisco.com>
References: <B8F9A780D330094D99AF023C5877DABA9AFD7A4C@nkgeml513-mbx.china.huawei.com>
In-Reply-To: <B8F9A780D330094D99AF023C5877DABA9AFD7A4C@nkgeml513-mbx.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.116.152.204]
Content-Type: text/plain; charset="utf-8"
Content-ID: <B4870BB7EB1006498135040C93B26A36@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Outbound-SMTP-Client: 64.101.220.152, xch-rtp-012.cisco.com
X-Outbound-Node: alln-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/Wtq88ToCpgBjd16Wx6uUMVWIcU4>
Subject: Re: [Lsr] New Version Notification for draft-wu-lsr-pce-discovery-security-support-00.txt
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Aug 2018 14:23:15 -0000
Hi Qin, On 8/23/18, 11:03 PM, "Qin Wu" <bill.wu@huawei.com> wrote: Hi, Folks: draft-wu-pce-discovery-pceps-support-07 has been resubmitted to LSR as draft-wu-lsr-pce-discovery-security-support-00 based on Chairs' suggestion. https://tools.ietf.org/html/draft-wu-lsr-pce-discovery-security-support-00 This draft define IGP extension for PCEP security support, 1.TCP AO which has been published as RFC5295. 2.PCEP over TLS which has been published as RFC8253 recently. One issue raised by chair is shared key support for TCP-AO, how do you get shared key? I guess my point was is that if you are distributing shared keys, you probably know whether or not TCP-AO is supported. Having said that, possibly the draft should include some sort of key-id for TCP-AO or TLS usage. For example, the key-chain name from RFC 8177. We don't need to decide now. Thanks, Acee we believe to support TCP-AO, RFC5296 should also be implemented, which provide PSK and associated ciphersuit. Let us know if you have any other opinion? -Qin -----邮件原件----- 发件人: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] 发送时间: 2018年8月24日 10:57 收件人: Daniel King; wangzitao; Dhruv Dhody; wangzitao; Diego R. Lopez; Diego Lopez; Qin Wu 主题: New Version Notification for draft-wu-lsr-pce-discovery-security-support-00.txt A new version of I-D, draft-wu-lsr-pce-discovery-security-support-00.txt has been successfully submitted by Qin Wu and posted to the IETF repository. Name: draft-wu-lsr-pce-discovery-security-support Revision: 00 Title: IGP extension for PCEP security capability support in the PCE discovery Document date: 2018-08-23 Group: Individual Submission Pages: 6 URL: https://www.ietf.org/internet-drafts/draft-wu-lsr-pce-discovery-security-support-00.txt Status: https://datatracker.ietf.org/doc/draft-wu-lsr-pce-discovery-security-support/ Htmlized: https://tools.ietf.org/html/draft-wu-lsr-pce-discovery-security-support-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-wu-lsr-pce-discovery-security-support Abstract: When a Path Computation Element (PCE) is a Label Switching Router (LSR) participating in the Interior Gateway Protocol (IGP), or even a server participating in IGP, its presence and path computation capabilities can be advertised using IGP flooding. The IGP extensions for PCE discovery (RFC 5088 and RFC 5089) define a method to advertise path computation capabilities using IGP flooding for OSPF and IS-IS respectively. However these specifications lack a method to advertise PCEP security (e.g., Transport Layer Security(TLS),TCP Authentication Option (TCP-AO)) support capability. This document proposes new capability flag bits for PCE-CAP-FLAGS sub-TLV that can be announced as attribute in the IGP advertisement to distribute PCEP security support information. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- Re: [Lsr] New Version Notification for draft-wu-l… Qin Wu
- Re: [Lsr] New Version Notification for draft-wu-l… Acee Lindem (acee)
- Re: [Lsr] New Version Notification for draft-wu-l… Qin Wu
- Re: [Lsr] New Version Notification for draft-wu-l… Acee Lindem (acee)
- Re: [Lsr] New Version Notification for draft-wu-l… Qin Wu
- Re: [Lsr] New Version Notification for draft-wu-l… Jeff Tantsura