Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support-01.txt

"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> Sun, 23 June 2019 00:58 UTC

Return-Path: <ginsberg@cisco.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C46F812009E; Sat, 22 Jun 2019 17:58:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=BhWjh11R; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=xyRPStpG
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XWBd0zOs0jjd; Sat, 22 Jun 2019 17:57:58 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1A35120019; Sat, 22 Jun 2019 17:57:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8502; q=dns/txt; s=iport; t=1561251478; x=1562461078; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=olnWzDlpP/KSRsiGeUxyhJo5fm77nSR4AWaoto/U78c=; b=BhWjh11RdbQU4FpaEaVW8HX7cgA3hZGCPBtgYprs1/iq5++qu8RkL9mc XB5KTehXUgepsUILJZEOt49JHPMXOM6PerCE8QDi8HNb4+Bh9jE2WPNGe kBa4Zi2KskE+KC1fDPOXtvlkmNnW9L5ebFszmbqruDhZzgT6BHIMngtFf 4=;
IronPort-PHdr: =?us-ascii?q?9a23=3AuDhscRW/2SEB26Mwuc/ihVvOprvV8LGuZFwc94?= =?us-ascii?q?YnhrRSc6+q45XlOgnF6O5wiEPSA9yJ8OpK3uzRta2oGXcN55qMqjgjSNRNTF?= =?us-ascii?q?dE7KdehAk8GIiAAEz/IuTtank1HcJZXlJ/8FmwMFNeH4D1YFiB6nA=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AJAAB/zQ5d/5RdJa1jGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAQGBVAMBAQEBAQsBgUNQA2pVIAQLKIQWg0cDjmCCW5c4gS4?= =?us-ascii?q?UgRADVAkBAQEMAQEYDQgCAQGEQAIXgkcjNQgOAQMBAQQBAQIBBW2KNwyFSgE?= =?us-ascii?q?BAQEDAQEQEREMAQEsCwELBAIBCBEEAQEBAgImAgICJQsVCAgCBAENBQgagwG?= =?us-ascii?q?BagMdAQIMmQICgTiIX3GBMYJ5AQEFgUZBgnIYghEJgQwoAYtdF4FAP4EQAUa?= =?us-ascii?q?CTD6CYQEBAgEBFoEUARIBCRgkgmQygiaOToUciDKNcQkCghSGTY0wgihrhiK?= =?us-ascii?q?OEo0mgS+GAI9UAgQCBAUCDgEBBYFRATZncXAVGiGCbAmCOAwXg02FFIU/cgy?= =?us-ascii?q?BHYw3gkMBAQ?=
X-IronPort-AV: E=Sophos;i="5.63,406,1557187200"; d="scan'208";a="287511831"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 23 Jun 2019 00:57:56 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by rcdn-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id x5N0vuvj029113 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Sun, 23 Jun 2019 00:57:56 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sat, 22 Jun 2019 19:57:55 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sat, 22 Jun 2019 19:57:55 -0500
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Sat, 22 Jun 2019 19:57:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=olnWzDlpP/KSRsiGeUxyhJo5fm77nSR4AWaoto/U78c=; b=xyRPStpG1pTzFF63XTLEz0JZEiYrfs1dt3ijqjcd7YX1S5Fi8s/SIl/2DLCnbnKVc9xnOLyDba+/4oX7p2xGBxO/9wSvCoiXJdzJ4Fa2uko03rCO14/c5tkob+gLpaSTsgyzNH2/xbbonRZzpSDxeaoMXst81dp9LNg1TcsHhSs=
Received: from BYAPR11MB3638.namprd11.prod.outlook.com (20.178.237.19) by BYAPR11MB2695.namprd11.prod.outlook.com (52.135.227.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2008.15; Sun, 23 Jun 2019 00:57:54 +0000
Received: from BYAPR11MB3638.namprd11.prod.outlook.com ([fe80::61e1:8074:976e:82b8]) by BYAPR11MB3638.namprd11.prod.outlook.com ([fe80::61e1:8074:976e:82b8%4]) with mapi id 15.20.2008.014; Sun, 23 Jun 2019 00:57:53 +0000
From: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
To: "Acee Lindem (acee)" <acee@cisco.com>, "draft-ietf-lsr-pce-discovery-security-support@ietf.org" <draft-ietf-lsr-pce-discovery-security-support@ietf.org>
CC: "lsr@ietf.org" <lsr@ietf.org>
Thread-Topic: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support-01.txt
Thread-Index: AQHVGb7XYvB2HV8clE60nbKuVn4cRaaJb0zggB7RggCAAEgfUA==
Date: Sun, 23 Jun 2019 00:57:52 +0000
Message-ID: <BYAPR11MB3638373AA6FC68382FCBE77CC1E10@BYAPR11MB3638.namprd11.prod.outlook.com>
References: <155953350234.21547.271455258761348084@ietfa.amsl.com> <BYAPR11MB3638D2C9D9D5E8AC8174ADCFC1140@BYAPR11MB3638.namprd11.prod.outlook.com> <B29B0EFC-89D3-48B0-A138-F5DB5C5733A4@cisco.com>
In-Reply-To: <B29B0EFC-89D3-48B0-A138-F5DB5C5733A4@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ginsberg@cisco.com;
x-originating-ip: [2001:420:c0c8:1007::6bf]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 98b98e14-e69c-4e99-390a-08d6f775d278
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BYAPR11MB2695;
x-ms-traffictypediagnostic: BYAPR11MB2695:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <BYAPR11MB2695D178A42DE9D4D4F01A46C1E10@BYAPR11MB2695.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 00770C4423
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(136003)(346002)(376002)(396003)(39860400002)(199004)(54094003)(15374003)(13464003)(189003)(446003)(11346002)(7696005)(86362001)(52536014)(6506007)(25786009)(2501003)(14444005)(55016002)(68736007)(6436002)(102836004)(46003)(76176011)(966005)(476003)(186003)(486006)(256004)(99286004)(478600001)(316002)(305945005)(71190400001)(110136005)(71200400001)(74316002)(8676002)(15650500001)(8936002)(4326008)(66556008)(53546011)(9686003)(6116002)(33656002)(7736002)(6246003)(73956011)(229853002)(450100002)(2906002)(5660300002)(66946007)(66574012)(53936002)(76116006)(81166006)(81156014)(66446008)(6306002)(14454004)(64756008)(66476007); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB2695; H:BYAPR11MB3638.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: /Jaa7E6ELCpF1a+U3X9j9f70tfDiEsh4jbvC+HJLwpwLbcihUIsvfgSM3w1fdBq6mpEDXidYFNXJu7p+f230WAWvwb0aQTcHaYDux+DpX5dGl5t8m7cNEzhb73KwFEfkWFar0CWCZHUoxVtNVXJRl/A1xDZ+Fpn8Uhcs4PoLegfviGvLgLLYW6VAGo+TGK1KcXTWP8SP9fXJirmgvHqmoEysGs3gb5xXCjKK8h1ZJTTRr2d1YxOxg3bY2kjvsQ1tisT/jLOIOFdYgNw/wxQ+bxAOt5vgF4FclwTqzX9V8gvSOnoTBnFrPv/2bWVv/nGlQlktXoeqnGtpTH/L+r2rrwKonSLlJdvlrqCwxaDEGXr860sTBbn2Y1SlncUgAkZInBlnhFk8gbHsX9MvTpgHVuewzN4X/N85sYAfVQBlBVY=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 98b98e14-e69c-4e99-390a-08d6f775d278
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jun 2019 00:57:53.2523 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ginsberg@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2695
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: rcdn-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/ltM67xgIvggwbH0YgEO6PLum6IE>
Subject: Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support-01.txt
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Jun 2019 00:58:01 -0000

Acee -

Thanx for reviving this thread.

In fairness, Qin did respond - and we exchanged a couple of emails on this thread - though I would not say that we had reached closure.

He also sent an email to PCE WG asking for an update on their position - but to date I have seen no response to that.

So for me - this topic is still open for further discussion - both by the authors and the LSR/PCE WGs.

  Les

> -----Original Message-----
> From: Acee Lindem (acee)
> Sent: Saturday, June 22, 2019 1:36 PM
> To: draft-ietf-lsr-pce-discovery-security-support@ietf.org
> Cc: lsr@ietf.org; Les Ginsberg (ginsberg) <ginsberg@cisco.com>;
> Subject: Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support-
> 01.txt
> 
> Authors - can you respond to Les' comments?
> Thanks,
> Acee
> 
> On 6/3/19, 2:22 AM, "Lsr on behalf of Les Ginsberg (ginsberg)" <lsr-
> bounces@ietf.org on behalf of ginsberg@cisco.com>; wrote:
> 
>     A few - somewhat tardy - concerns about this draft.
> 
>     1)During adoption call it was mentioned that PCE WG had not taken a
> position on this draft. Since I don't follow PCE WG (apologies) I need to ask -
> has that status changed??
> 
>     2)As discussed during the adoption call, the draft removes the restriction
> specified in RFC 5088/5089 of not allowing further PCE related
> advertisements in Router Capability TLV/Router Information LSA.
>     Acee had mentioned that he thought this was no longer a concern because
> in RFC 7770 multiple OSPF Router Information LSA support was introduced.
> But this is really not relevant to the reason that the restriction was originally
> introduced.
> 
>     The restriction was introduced because of general concern that using IGPs
> to advertise information not directly relevant to the operation of the IGP as a
> routing protocol is sub-optimal and negatively impacts the performance of
> the primary IGP functions.
> 
>     I am aware that this is a line that has been crossed (in modest ways) more
> than once - and I am not categorically opposing the extensions proposed -
> but I do wonder if this is the most appropriate way to advertise the new
> attributes - particularly since this does not solve the general case - it only
> applies when the PCE is also an LSR. I think a broader discussion of this issue
> is warranted.
> 
>     3)If the draft goes forward in its current form, it updates RFC 5088/5089 in a
> significant way (the removal of restriction against additional PCE related IGP
> advertisements) - in which case I wonder if it would be better to write an RFC
> 5088/89 bis document rather than an extension document.
> 
>     And, BTW, do you know why the HTML version of the document has no
> table of contents?
> 
>        Les
> 
> 
>     > -----Original Message-----
>     > From: Lsr <lsr-bounces@ietf.org>; On Behalf Of internet-drafts@ietf.org
>     > Sent: Sunday, June 02, 2019 8:45 PM
>     > To: i-d-announce@ietf.org
>     > Cc: lsr@ietf.org
>     > Subject: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support-
> 01.txt
>     >
>     >
>     > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
>     > This draft is a work item of the Link State Routing WG of the IETF.
>     >
>     >         Title           : IGP extension for PCEP security capability support in the
> PCE
>     > discovery
>     >         Authors         : Diego R. Lopez
>     >                           Qin Wu
>     >                           Dhruv Dhody
>     >                           Michael Wang
>     >                           Daniel King
>     > 	Filename        : draft-ietf-lsr-pce-discovery-security-support-01.txt
>     > 	Pages           : 10
>     > 	Date            : 2019-06-02
>     >
>     > Abstract:
>     >    When a Path Computation Element (PCE) is a Label Switching Router
>     >    (LSR) participating in the Interior Gateway Protocol (IGP), or even a
>     >    server participating in IGP, its presence and path computation
>     >    capabilities can be advertised using IGP flooding.  The IGP
>     >    extensions for PCE discovery (RFC 5088 and RFC 5089) define a method
>     >    to advertise path computation capabilities using IGP flooding for
>     >    OSPF and IS-IS respectively.  However these specifications lack a
>     >    method to advertise PCEP security (e.g., Transport Layer
>     >    Security(TLS), TCP Authentication Option (TCP-AO)) support
>     >    capability.
>     >
>     >    This document proposes new capability flag bits for PCE-CAP-FLAGS
>     >    sub-TLV that can be announced as attribute in the IGP advertisement
>     >    to distribute PCEP security support information.  In addition, this
>     >    document updates RFC 5088 and RFC 5089 to allow advertisement of
> Key
>     >    ID or Key Chain Name Sub-TLV to support TCP AO security capability.
>     >
>     >
>     > The IETF datatracker status page for this draft is:
>     > https://datatracker.ietf.org/doc/draft-ietf-lsr-pce-discovery-security-
>     > support/
>     >
>     > There are also htmlized versions available at:
>     > https://tools.ietf.org/html/draft-ietf-lsr-pce-discovery-security-support-
> 01
>     > https://datatracker.ietf.org/doc/html/draft-ietf-lsr-pce-discovery-
> security-
>     > support-01
>     >
>     > A diff from the previous version is available at:
>     > https://www.ietf.org/rfcdiff?url2=draft-ietf-lsr-pce-discovery-security-
>     > support-01
>     >
>     >
>     > Please note that it may take a couple of minutes from the time of
> submission
>     > until the htmlized version and diff are available at tools.ietf.org.
>     >
>     > Internet-Drafts are also available by anonymous FTP at:
>     > ftp://ftp.ietf.org/internet-drafts/
>     >
>     > _______________________________________________
>     > Lsr mailing list
>     > Lsr@ietf.org
>     > https://www.ietf.org/mailman/listinfo/lsr
> 
>     _______________________________________________
>     Lsr mailing list
>     Lsr@ietf.org
>     https://www.ietf.org/mailman/listinfo/lsr
>