Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support-01.txt
"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> Sun, 23 June 2019 00:58 UTC
Return-Path: <ginsberg@cisco.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C46F812009E; Sat, 22 Jun 2019 17:58:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=BhWjh11R; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=xyRPStpG
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XWBd0zOs0jjd; Sat, 22 Jun 2019 17:57:58 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1A35120019; Sat, 22 Jun 2019 17:57:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8502; q=dns/txt; s=iport; t=1561251478; x=1562461078; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=olnWzDlpP/KSRsiGeUxyhJo5fm77nSR4AWaoto/U78c=; b=BhWjh11RdbQU4FpaEaVW8HX7cgA3hZGCPBtgYprs1/iq5++qu8RkL9mc XB5KTehXUgepsUILJZEOt49JHPMXOM6PerCE8QDi8HNb4+Bh9jE2WPNGe kBa4Zi2KskE+KC1fDPOXtvlkmNnW9L5ebFszmbqruDhZzgT6BHIMngtFf 4=;
IronPort-PHdr: 9a23:uDhscRW/2SEB26Mwuc/ihVvOprvV8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSA9yJ8OpK3uzRta2oGXcN55qMqjgjSNRNTFdE7KdehAk8GIiAAEz/IuTtank1HcJZXlJ/8FmwMFNeH4D1YFiB6nA=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AJAAB/zQ5d/5RdJa1jGQEBAQEBAQEBAQEBAQcBAQEBAQGBVAMBAQEBAQsBgUNQA2pVIAQLKIQWg0cDjmCCW5c4gS4UgRADVAkBAQEMAQEYDQgCAQGEQAIXgkcjNQgOAQMBAQQBAQIBBW2KNwyFSgEBAQEDAQEQEREMAQEsCwELBAIBCBEEAQEBAgImAgICJQsVCAgCBAENBQgagwGBagMdAQIMmQICgTiIX3GBMYJ5AQEFgUZBgnIYghEJgQwoAYtdF4FAP4EQAUaCTD6CYQEBAgEBFoEUARIBCRgkgmQygiaOToUciDKNcQkCghSGTY0wgihrhiKOEo0mgS+GAI9UAgQCBAUCDgEBBYFRATZncXAVGiGCbAmCOAwXg02FFIU/cgyBHYw3gkMBAQ
X-IronPort-AV: E=Sophos;i="5.63,406,1557187200"; d="scan'208";a="287511831"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 23 Jun 2019 00:57:56 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by rcdn-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id x5N0vuvj029113 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Sun, 23 Jun 2019 00:57:56 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sat, 22 Jun 2019 19:57:55 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sat, 22 Jun 2019 19:57:55 -0500
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Sat, 22 Jun 2019 19:57:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=olnWzDlpP/KSRsiGeUxyhJo5fm77nSR4AWaoto/U78c=; b=xyRPStpG1pTzFF63XTLEz0JZEiYrfs1dt3ijqjcd7YX1S5Fi8s/SIl/2DLCnbnKVc9xnOLyDba+/4oX7p2xGBxO/9wSvCoiXJdzJ4Fa2uko03rCO14/c5tkob+gLpaSTsgyzNH2/xbbonRZzpSDxeaoMXst81dp9LNg1TcsHhSs=
Received: from BYAPR11MB3638.namprd11.prod.outlook.com (20.178.237.19) by BYAPR11MB2695.namprd11.prod.outlook.com (52.135.227.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2008.15; Sun, 23 Jun 2019 00:57:54 +0000
Received: from BYAPR11MB3638.namprd11.prod.outlook.com ([fe80::61e1:8074:976e:82b8]) by BYAPR11MB3638.namprd11.prod.outlook.com ([fe80::61e1:8074:976e:82b8%4]) with mapi id 15.20.2008.014; Sun, 23 Jun 2019 00:57:53 +0000
From: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
To: "Acee Lindem (acee)" <acee@cisco.com>, "draft-ietf-lsr-pce-discovery-security-support@ietf.org" <draft-ietf-lsr-pce-discovery-security-support@ietf.org>
CC: "lsr@ietf.org" <lsr@ietf.org>
Thread-Topic: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support-01.txt
Thread-Index: AQHVGb7XYvB2HV8clE60nbKuVn4cRaaJb0zggB7RggCAAEgfUA==
Date: Sun, 23 Jun 2019 00:57:52 +0000
Message-ID: <BYAPR11MB3638373AA6FC68382FCBE77CC1E10@BYAPR11MB3638.namprd11.prod.outlook.com>
References: <155953350234.21547.271455258761348084@ietfa.amsl.com> <BYAPR11MB3638D2C9D9D5E8AC8174ADCFC1140@BYAPR11MB3638.namprd11.prod.outlook.com> <B29B0EFC-89D3-48B0-A138-F5DB5C5733A4@cisco.com>
In-Reply-To: <B29B0EFC-89D3-48B0-A138-F5DB5C5733A4@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ginsberg@cisco.com;
x-originating-ip: [2001:420:c0c8:1007::6bf]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 98b98e14-e69c-4e99-390a-08d6f775d278
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BYAPR11MB2695;
x-ms-traffictypediagnostic: BYAPR11MB2695:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <BYAPR11MB2695D178A42DE9D4D4F01A46C1E10@BYAPR11MB2695.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 00770C4423
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(136003)(346002)(376002)(396003)(39860400002)(199004)(54094003)(15374003)(13464003)(189003)(446003)(11346002)(7696005)(86362001)(52536014)(6506007)(25786009)(2501003)(14444005)(55016002)(68736007)(6436002)(102836004)(46003)(76176011)(966005)(476003)(186003)(486006)(256004)(99286004)(478600001)(316002)(305945005)(71190400001)(110136005)(71200400001)(74316002)(8676002)(15650500001)(8936002)(4326008)(66556008)(53546011)(9686003)(6116002)(33656002)(7736002)(6246003)(73956011)(229853002)(450100002)(2906002)(5660300002)(66946007)(66574012)(53936002)(76116006)(81166006)(81156014)(66446008)(6306002)(14454004)(64756008)(66476007); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB2695; H:BYAPR11MB3638.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: /Jaa7E6ELCpF1a+U3X9j9f70tfDiEsh4jbvC+HJLwpwLbcihUIsvfgSM3w1fdBq6mpEDXidYFNXJu7p+f230WAWvwb0aQTcHaYDux+DpX5dGl5t8m7cNEzhb73KwFEfkWFar0CWCZHUoxVtNVXJRl/A1xDZ+Fpn8Uhcs4PoLegfviGvLgLLYW6VAGo+TGK1KcXTWP8SP9fXJirmgvHqmoEysGs3gb5xXCjKK8h1ZJTTRr2d1YxOxg3bY2kjvsQ1tisT/jLOIOFdYgNw/wxQ+bxAOt5vgF4FclwTqzX9V8gvSOnoTBnFrPv/2bWVv/nGlQlktXoeqnGtpTH/L+r2rrwKonSLlJdvlrqCwxaDEGXr860sTBbn2Y1SlncUgAkZInBlnhFk8gbHsX9MvTpgHVuewzN4X/N85sYAfVQBlBVY=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 98b98e14-e69c-4e99-390a-08d6f775d278
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jun 2019 00:57:53.2523 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ginsberg@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2695
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: rcdn-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/ltM67xgIvggwbH0YgEO6PLum6IE>
Subject: Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support-01.txt
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Jun 2019 00:58:01 -0000
Acee - Thanx for reviving this thread. In fairness, Qin did respond - and we exchanged a couple of emails on this thread - though I would not say that we had reached closure. He also sent an email to PCE WG asking for an update on their position - but to date I have seen no response to that. So for me - this topic is still open for further discussion - both by the authors and the LSR/PCE WGs. Les > -----Original Message----- > From: Acee Lindem (acee) > Sent: Saturday, June 22, 2019 1:36 PM > To: draft-ietf-lsr-pce-discovery-security-support@ietf.org > Cc: lsr@ietf.org; Les Ginsberg (ginsberg) <ginsberg@cisco.com> > Subject: Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support- > 01.txt > > Authors - can you respond to Les' comments? > Thanks, > Acee > > On 6/3/19, 2:22 AM, "Lsr on behalf of Les Ginsberg (ginsberg)" <lsr- > bounces@ietf.org on behalf of ginsberg@cisco.com> wrote: > > A few - somewhat tardy - concerns about this draft. > > 1)During adoption call it was mentioned that PCE WG had not taken a > position on this draft. Since I don't follow PCE WG (apologies) I need to ask - > has that status changed?? > > 2)As discussed during the adoption call, the draft removes the restriction > specified in RFC 5088/5089 of not allowing further PCE related > advertisements in Router Capability TLV/Router Information LSA. > Acee had mentioned that he thought this was no longer a concern because > in RFC 7770 multiple OSPF Router Information LSA support was introduced. > But this is really not relevant to the reason that the restriction was originally > introduced. > > The restriction was introduced because of general concern that using IGPs > to advertise information not directly relevant to the operation of the IGP as a > routing protocol is sub-optimal and negatively impacts the performance of > the primary IGP functions. > > I am aware that this is a line that has been crossed (in modest ways) more > than once - and I am not categorically opposing the extensions proposed - > but I do wonder if this is the most appropriate way to advertise the new > attributes - particularly since this does not solve the general case - it only > applies when the PCE is also an LSR. I think a broader discussion of this issue > is warranted. > > 3)If the draft goes forward in its current form, it updates RFC 5088/5089 in a > significant way (the removal of restriction against additional PCE related IGP > advertisements) - in which case I wonder if it would be better to write an RFC > 5088/89 bis document rather than an extension document. > > And, BTW, do you know why the HTML version of the document has no > table of contents? > > Les > > > > -----Original Message----- > > From: Lsr <lsr-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org > > Sent: Sunday, June 02, 2019 8:45 PM > > To: i-d-announce@ietf.org > > Cc: lsr@ietf.org > > Subject: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support- > 01.txt > > > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > This draft is a work item of the Link State Routing WG of the IETF. > > > > Title : IGP extension for PCEP security capability support in the > PCE > > discovery > > Authors : Diego R. Lopez > > Qin Wu > > Dhruv Dhody > > Michael Wang > > Daniel King > > Filename : draft-ietf-lsr-pce-discovery-security-support-01.txt > > Pages : 10 > > Date : 2019-06-02 > > > > Abstract: > > When a Path Computation Element (PCE) is a Label Switching Router > > (LSR) participating in the Interior Gateway Protocol (IGP), or even a > > server participating in IGP, its presence and path computation > > capabilities can be advertised using IGP flooding. The IGP > > extensions for PCE discovery (RFC 5088 and RFC 5089) define a method > > to advertise path computation capabilities using IGP flooding for > > OSPF and IS-IS respectively. However these specifications lack a > > method to advertise PCEP security (e.g., Transport Layer > > Security(TLS), TCP Authentication Option (TCP-AO)) support > > capability. > > > > This document proposes new capability flag bits for PCE-CAP-FLAGS > > sub-TLV that can be announced as attribute in the IGP advertisement > > to distribute PCEP security support information. In addition, this > > document updates RFC 5088 and RFC 5089 to allow advertisement of > Key > > ID or Key Chain Name Sub-TLV to support TCP AO security capability. > > > > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-lsr-pce-discovery-security- > > support/ > > > > There are also htmlized versions available at: > > https://tools.ietf.org/html/draft-ietf-lsr-pce-discovery-security-support- > 01 > > https://datatracker.ietf.org/doc/html/draft-ietf-lsr-pce-discovery- > security- > > support-01 > > > > A diff from the previous version is available at: > > https://www.ietf.org/rfcdiff?url2=draft-ietf-lsr-pce-discovery-security- > > support-01 > > > > > > Please note that it may take a couple of minutes from the time of > submission > > until the htmlized version and diff are available at tools.ietf.org. > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > _______________________________________________ > > Lsr mailing list > > Lsr@ietf.org > > https://www.ietf.org/mailman/listinfo/lsr > > _______________________________________________ > Lsr mailing list > Lsr@ietf.org > https://www.ietf.org/mailman/listinfo/lsr >
- [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-se… internet-drafts
- Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discover… Les Ginsberg (ginsberg)
- Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discover… Qin Wu
- Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discover… Les Ginsberg (ginsberg)
- Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discover… Qin Wu
- Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discover… Acee Lindem (acee)
- Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discover… Les Ginsberg (ginsberg)
- Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discover… Qin Wu
- [Lsr] 答复: I-D Action: draft-ietf-lsr-pce-discover… Aijun Wang