Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr-pce-discovery-security-support-11: (with DISCUSS and COMMENT)
"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> Tue, 04 October 2022 19:43 UTC
Return-Path: <ginsberg@cisco.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19779C1522AD; Tue, 4 Oct 2022 12:43:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.603
X-Spam-Level:
X-Spam-Status: No, score=-9.603 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=kXtWbzH2; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=S26lXRpU
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5xl0m4jGTMth; Tue, 4 Oct 2022 12:43:20 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CE49C14CE3C; Tue, 4 Oct 2022 12:43:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=24378; q=dns/txt; s=iport; t=1664912600; x=1666122200; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=IBmilTF7pNdaq5g0YAMmOrmatfdfYST1xIjfQcAQ4wM=; b=kXtWbzH2vtA6gLbpoGpPSaOFXFBidwXAwZ5zzhmk101z8h5YZvJdp0ow ATIfKiYonujbVbhhYpJr9D+Wu+cWNPTOU7UWSKT9enuGLhUbkMCzhaAFx FSw1olKegTWItYjSk+eyqqFe8RkAt9je1P7xpdChYeiA+RBTlj5I72QYN 0=;
IronPort-PHdr: A9a23:k5EAEhV1+mi0mrM/UCysCSg72abV8K36AWYlg6HPw5pCcaWmqpLlOkGXpfBgl0TAUoiT7fVYw/HXvKbtVS1lg96BvXkOfYYKW0oDjsMbzAAlCdSOXEv8KvOiZicmHcNEAVli+XzzMUVcFMvkIVPIpXjn5j8JERK5Pg1wdYzI
IronPort-Data: A9a23:1Ceg06jAZLA2CEmya5cOqtm8X161AhEKZh0ujC45NGQN5FlHY01jehtvXmyAPf+NMTHyKtt+Oo/l9U1Tvp7Sz4RnTQFkqChjRSJjpJueD7x1DKtf0wB+jyH7ockOA/w2MrEsF+hpCC6FzvuRGuK59yMkiPjWHuOU5NPsY0ideyc1EE/Ntjo78wIJqtYAbemRW2thi/uryyHsEAfNNwpPD44hw/nrRCWDExjFkGhwUlQWPZintbJF/pUfJMp3yaqZdxMUTmTId9NWSdovzJnhlo/Y1w0mBtXgmbHhfwhXBLXTJgOJzHFRXsBOgDAb+Xd0ifl9ZaFaMBoJ49mKt4gZJNFlup22Ug0kJKLkk+UGWB4eGCZ7VUFD0O6Xfibv7pzJkiUqdFOpmZ2CFnoeNIEC++9xKWZK+fAfJ3YGaVaehIqexb+hQ+0qncQiNsD5PZsYp2tI1TbdHPM6RdbISs3i5dZe2jorrs9UEPraatBfYCYHRAzLbjVON0sZTpUkk4+AgmLlWzxVtFzTorA4i0DX1xY027jkMcDOUt2HWcsTmVyXzkrK5W33HlQbOcCRjD6e6De0jeKKkSLgU4UMGaeps+Vni0CJx3ACTQYLTUO8u+WRi0OiVZRYMUN80isjtqca9UG3QJ/6RRLQiHqNpAU0VtVfHvcmrgaXxcL84QmCLmoZSD9ZZcZgssIqLQHGfHfhc8jBHzdjtvieTmiQs+rSpjKpMi9TJmgHDRLohDAtu7HLyLzfRDqWJjq7LJOIsw==
IronPort-HdrOrdr: A9a23:TBVPKaNn1LNOIsBcT3X155DYdb4zR+YMi2TDiHoedfUFSKOlfp6V8MjzjSWE9Ar4WBkb6LS90dq7MAzhHPlOkMUs1NaZLUTbUQ6TTb2KgrGSuwEIdxeOlNK1kJ0QDpSWa+eAQmSS7/yKmzVQeuxIqLLsncDY5ts2jU0dNz2CAJsQiDuRfzzra3GeMzM2Y6bReqDsg/Zvln6FQzA6f867Dn4KU6zovNvQjq/rZhYAGloO9BSOpSnA0s+1LzGomjMlFx9fy7Yr9mbI1ybj4L+4jv29whjAk0fO8pVtnsf7wNcrPr3MtiFVEESttu+bXvUiZ1SwhkFxnAhp0idvrDD4mWZiAy200QKXQoj6m2qq5+Cq6kdR15ar8y7ovZKkm72heNr/YPAx3r6wtXDimhIdVZhHodJ29nPcuJxNARzamiPho9DOShFxj0Kx5WEviOgJkhVkIMMjgZJq3PoiFXluYd49NTO/7JpiHPhlDcna6voTeVSGb2rBtm0qxNC3RHw8EhqPX0BH46WuonJrtWE8y1FdyN0Un38G+p54Q55Y5/7cOqAtkL1VVMcZYa90Ge9ES8qqDW7GRw7KLQupUB/aPbBCP2iIp4/84b0z6u3vcJsUzIEqkJCES19cvX5aQTOYNSRP5uw+zvngehTJYd228LAs23FQgMyPeIbW
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ByAADea4Ji/5xdJa1QBAYdAQEBAQkBEgEFBQFAgTsIAQsBgVFSB3UCWDlDAgGES4NMA4RSX4UJXYIlA5BHinGBLBSBEQNUCwEBAQ0BATkJBAEBhQICFoUoAiU0CQ4BAgQBAQESAQEFAQEBAgEHBIEJE4VoDYZCAQEBAQMSEREMAQElBwsBCwQCAQgOAwQBAQECAh8HAgICMBUICAIEDgUIARIHglyCYwMxAQ6fZwGBPgKKH3qBMYEBgggBAQYEBIE3ARVBgn8YgjgJgRAsAYMThCmDEYFfgjMXEByBSUSBFAFDgmc+gmIBAQIBgSgBBwQGAgEICBIkgzA3gi6VSh07A1SBBRKBIXEBCAYGBwoFMgYCDBgUBAITElMeAhMMChwOVBkMDwMSAxEBBwILEggVLAgDAgMIAwIDIwsCAxgJBwoDHQgKHBIQFAIEEx8LCAMaHy0JAgQOA0MICwoDEQQDExgLFggQBAYDCS8NKAsDFA8BBgMGAgUFAQMgAxQDBScHAyEHCyYNDQQcBx0DAwUmAwICGwcCAgMCBhcGAgJxCigNCAQIBBweJRMFAgcxBQQvAh4EBQYRCQIWAgYEBQIEBBYCAhIIAggnGwcWNhkBBV0GCwkjHCwLBgUGFgMmJysFBB8BG5I+gx0IgQQJAQULLQEtAhMfNgQiCw4YBB4tCRsIBBlGDBgCAQEIBQEYDgM6khEGgw1GmAGSewqDTIsajWgJgQaGFRWDdYFPim+YJJZmgkqIDYJQlE0LhH8CBAIEBQIOAQEGgWE8aXBwFTuCaAlIGQ+OIAwWFYM7hRSFSnUCCy4CBgEKAQEDCY5SgkgBAQ
X-IronPort-AV: E=Sophos;i="5.91,230,1647302400"; d="scan'208";a="987687825"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 04 Oct 2022 19:43:17 +0000
Received: from mail.cisco.com (xfe-aln-002.cisco.com [173.37.135.122]) by rcdn-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id 294JhHCF005235 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Tue, 4 Oct 2022 19:43:18 GMT
Received: from xfe-rtp-002.cisco.com (64.101.210.232) by xfe-aln-002.cisco.com (173.37.135.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Tue, 4 Oct 2022 14:43:17 -0500
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-002.cisco.com (64.101.210.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Tue, 4 Oct 2022 15:43:17 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dErWMvMd2tfIS0WmIy/84GEgU7wqHZlPTF0ioSiT4rlt2EvMQTl1vuxqjMhmXR95Hl+gkiLdMcpMRj8ICIiXXQ822SH41oL939alQfZhDKPAtB883xGQhdZyh0sTB3zMq+OpyvNP0YLJUEsZfyCgjT11EFsNdTFccNIFAGULAP0Znpp4x+gGOY+oxkJBAqlg5J4npoi6N8b8LlcMK3kkIeV8VbZt15bAKFc2fiCE9IlSlKf4yqbgPqx5uc+3mI1RBnEzSOzq+l5kP93y/FBVk8omInvxRsEWnqxWePFR/XV5AxAY5gV69HesYUN1cV4TeaeqLZQJcyGckOxMGzJ4sA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IBmilTF7pNdaq5g0YAMmOrmatfdfYST1xIjfQcAQ4wM=; b=D+BllhCr9f70dQ70zqBbkKitefSy3lQyAjHANf7zRdj/t4Wh10Y3zLqEO/vsfQfFdhGvMoiAvqbl6Vq8PEWyB2Lt1PNeknZ/oKOOV8zxKDGihwYWEVXKBGNxLKMDm3SP3y0YdiFFUebtEZWvKotiChgNTaSfwFjw5B8m5+bWGMJ9+4QxyQQsrdBh4GNn9sIg9llx87JNo70S3GGxLqPrcNjJu/mDPs/mdxXCw7LIyB31kIa6nSf0abteSD6geD30dV0luxeGdLKEj4jG0+8Wn/lC4nqgh7TPImPxcrXsvUj295R76zx4QDbPA+p9ZGlmCzDecBR/XIFq6lzU9OW2mw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IBmilTF7pNdaq5g0YAMmOrmatfdfYST1xIjfQcAQ4wM=; b=S26lXRpUqrfuFg8KRhW87O0ZxNgNVbIbj5++OjTJaoVBlTIrvHMQcGVo8A0RGepbDEVPS4DpjsXPrcchKNKgOL5b8wJQuBaUQemDJwlbbBIU4BKaegJSWTpv+0FDVcjilM2RbX34N1hxLv6YQ8MeJbaxqkYUZF1E+LMYBEsymRI=
Received: from BY5PR11MB4337.namprd11.prod.outlook.com (2603:10b6:a03:1c1::14) by SJ0PR11MB5679.namprd11.prod.outlook.com (2603:10b6:a03:303::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.24; Tue, 4 Oct 2022 19:43:15 +0000
Received: from BY5PR11MB4337.namprd11.prod.outlook.com ([fe80::fec3:18a0:dc1e:db46]) by BY5PR11MB4337.namprd11.prod.outlook.com ([fe80::fec3:18a0:dc1e:db46%7]) with mapi id 15.20.5676.028; Tue, 4 Oct 2022 19:43:14 +0000
From: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
To: John Scudder <jgs@juniper.net>
CC: "Acee Lindem (acee)" <acee@cisco.com>, Lars Eggert <lars@eggert.org>, The IESG <iesg@ietf.org>, "draft-ietf-lsr-pce-discovery-security-support@ietf.org" <draft-ietf-lsr-pce-discovery-security-support@ietf.org>, "lsr-chairs@ietf.org" <lsr-chairs@ietf.org>, lsr <lsr@ietf.org>, "pce@ietf.org" <pce@ietf.org>, Hannes Gredler <hannes@gredler.at>, "JP Vasseur (jvasseur)" <jvasseur@cisco.com>, "meral.shirazipour@polymtl.ca" <meral.shirazipour@polymtl.ca>, Adrian Farrel <adrian@olddog.co.uk>
Thread-Topic: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr-pce-discovery-security-support-11: (with DISCUSS and COMMENT)
Thread-Index: AQHY1MgG/croTtySg0Kka1d7vjPpfq3+hBAAgAAGkwCAAAajgIAADVswgAAHaACAAAIPgA==
Date: Tue, 04 Oct 2022 19:43:14 +0000
Message-ID: <BY5PR11MB4337F631CA0E344CA0681009C15A9@BY5PR11MB4337.namprd11.prod.outlook.com>
References: <166454083729.58860.322901814330533722@ietfa.amsl.com> <FE562068-8588-4998-965F-84B931CC3224@juniper.net> <5967FEDA-7517-45CF-89E7-C3B900CEEBB0@cisco.com> <7900217A-26D1-482D-B627-ED5FA96E13A5@juniper.net> <BY5PR11MB4337B4495047B64BFA90F733C15A9@BY5PR11MB4337.namprd11.prod.outlook.com> <59FE16A0-EBCA-4FED-8332-1231802894B8@juniper.net>
In-Reply-To: <59FE16A0-EBCA-4FED-8332-1231802894B8@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BY5PR11MB4337:EE_|SJ0PR11MB5679:EE_
x-ms-office365-filtering-correlation-id: 293ec900-6e0a-4a65-993f-08daa640adb7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: rg6tVH2iUOJi4jLOre59e6wnjd3P+zXl99khYjmzBLJzaugvri5irt9Jk8G1MA5+uRbJlgBYRyqla2C0gesf5O/Wxy3noEol2sLK/TyLOzERYQ8IVYSKJ3GMO1bWZdG6qqtwg06Y7ztA9g6dqBE1EgNSgs7todYvFmVT5vUhSwki/L/zOUE8mBpZcX4/OLHFYEY+aD1eFXar5EmAyIWR8trE9UKbtcjV2HUq7Jys6A7ey5Rp2Melrv/4nU4e+LvEmPZHeI0B+EQiVfi/zhEo7Wx+7e3fhUcSk8M5di6N9UIIY7f20PedBAX85lOLC6kaEfpMDCxiOB3taOf3pH4b15tYAVPXAF4r4uxKiwHMTfYqbAb3UtWp0R2fOpci/LeSoNqov/Uu71aafpvPn5r2tgpEDrs8QHpXVz1mcg282Na0Dzsv+LVblNV85eo71aFCuUBnB11qFv4mUnRUTiWXJty0afw5uvM3YRM7MxbTliBCN+zDUmllq6VTmPPVhnBtlN6XvK/AQ3nsimOAfyRd0+DU4JX7NmpcpPDlDa9agS3kPcytHsyGSPOoy+lBxR93CM2xjodMHMk4sBKisxhgaeUdIEVcDAT7QHKfvM/5MpoyN0by4rj3SuTUwyADnKFpTrs4MIUtcQDJgkHNIKaQJiCN+/DY+9faWRxCXDev/xz4Qfjz/DuzZBeaELx3vb1O+GP4q+0y/zBUhAkzpRm/fY1we6z/AYMOMILckJTOcCQxtuxZuq5YTR4kKL1zlWP/cG9QK+83F/iS9EEgZnqLvZIYJJvdDR8WGMWnFFViCPZFbOPck9cjhPfRDdpPdLaw5qGttacK+eHkF8B84JF4Qw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR11MB4337.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(376002)(366004)(396003)(39860400002)(346002)(136003)(451199015)(478600001)(966005)(54906003)(76116006)(66446008)(66476007)(64756008)(71200400001)(4326008)(8676002)(66556008)(66946007)(66899015)(5660300002)(186003)(52536014)(122000001)(30864003)(15650500001)(6506007)(9686003)(66574015)(7696005)(7416002)(2906002)(53546011)(8936002)(41300700001)(83380400001)(86362001)(55016003)(38100700002)(316002)(6916009)(38070700005)(33656002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Cd/MV5QN5+9CGG8PXZMP3PtoVgd85O551RGCXqoSNZL3sY+hdhYMM7mLRXDvLJBliI6f+P/U8Xf3BUArK1TiwORcbNLWIqn6ouOQTMRW857DpAFAhD0LJS/OlFIbk2mTh6SiRS9zi4D2SjOTu71oyw5o2v4DPdXwbUH6D6trQqYxO/0A933ovUZdhG3dEuy4+aHybSnJiSmoaCg4s+Uhsm5oJk/a+MqbMCmBUA/2KrT4pKC1nM9CytuQNIrag3mSvOAzsKYlcdohqCtKHOEbDvYe2mEZkM0+qk6b+Yu+9i4sCmo11e8nTg16thUquzbuxWJiS/teozQPThAcjmbxyStYUHpM145S/tJQnBm7aSdYzGb+5pCtNukb9y43AZpOhBsgE74or/u2UvH0Lu37HF7VGpzjlbs9p35eiEuAwr582GmGv5gtZi54J+21a4MycqpN0dRBJ8Eosq2JLm5iYWWavLkjMlWO+/eGzgyxXh/0fWSn8SaNsHJQzLGcYe+vXETNjpy4j2fQxw5nxEiqx89hfToVq0DRbpUu07gJx1TC/v2tnwfIq14a+A/Qu1yA8NOgPuf58x8rnfhIXktxZ4uoZyjc2Fj6iLK+d4GxeSaO3sbUK0nRgES9ohpTgGy1D6/34AtgQYtCO2RORvmevp7lrgp+8amedjY53fGs+70qt3lkheCa2IaEoVLS9cI9fP0SdX9M7BM8RNQeGgre0TyFhQb+3o0tWDVVhky3GK+cH0onfMaBcoHb440nCvi31ngUHVE/vodzb2i1Y2rTfIHBZwU80b1OIpuBHQPfIe00kxCESuUOGtC8dAMLazc03gRClG9Fr7pet371Quq75vTv1I6Cr3849rRKJ2DXCla4JzX/zBHIadRWUBJ5YDYexT0WEpJsSn4f4zgfU5rJRGAwLq2zD7lbCQULmr2DROzamEPM1PaLyVEV1TLIh+LkjKczStcnPQRv+b0q08nPLDJ/JPHR4fyffoLdbnBXic4pRic/76GHiSgYJM5Sjb65fZKD+wBbWotQufV/7eB2tFe2BZKHYBZ+2xPktHGfC1PekovLqyxpTXR+PzCcBiWWIFxBtLZaFK73KTe7vVxHTWcrJfthdaAaCnsUSX7/p5JTlEae3q2C6K2GVjYbUFVFYhYFrpNqvCv4xHveBiTrNWcwGhmCjd93llKhCDy5f5rNJj3S9jOdKqbN70cfqjE3GNtTzunsPd3BBZ1dvMBH6mRVhrSLPA6egJncrJNk3+pxpODt8Q2Op1GSf9SCUnrp/gtN6yAt92cClKjeYoOl2YvxEQpSy2x49qh5sSu56hoVWXgu5Mt7Ou+T82ymXhPk+SbuQ2Sb2wHA/RFuAVNA1Hco1MDnGc9obKzqiTcHCvCndO4Gdu+EpJDlz8VUIQxGbJ+toUkmPltWIYBYmukHpuQI6ecTdfHS7dgJ+JVjI+JLAofNtKD+tAFswp7m4xeX0uMEvr8Mfz8xtWJ+LsNKFB0pXwJpZFdreQPAGmHruyJzFaJbP2PAEDJ9IZnOCw1xme/nItqESDtvA7RsGvfH5F7wrwzQYjulvvs+sE/EWJa8YcAm7AwKJaMOvg5VeNtJLafEmdfFg62pHvp6OS0OEXVyyPvOJqoYVxADczTPVbnUIGf2pazBn4rjeRualcf0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4337.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 293ec900-6e0a-4a65-993f-08daa640adb7
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Oct 2022 19:43:14.8329 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: fff7C1xQxzfamlO04wZWIBULz2inKXWS15qPPJfwo62BnK432400TpV5wBR+JdYW56S1CDg9yIBnea/WZ4mE7g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB5679
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.135.122, xfe-aln-002.cisco.com
X-Outbound-Node: rcdn-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/pggEpa527uv0-C1YZRjA5lmnuvQ>
Subject: Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr-pce-discovery-security-support-11: (with DISCUSS and COMMENT)
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2022 19:43:26 -0000
John - So you are suggesting that Section 4 of the draft be modified to say: "This introduction of additional sub-TLVs should be viewed as an exception to the [RFC5088][RFC5089] policy, justified by the requirement to discover the PCEP security support prior to establishing a PCEP session. The restrictions defined in [RFC5089][RFC5089] should still be considered to be in place. If in the future new advertisements are required, alternative mechanisms such as using [RFC6823] or https://datatracker.ietf.org/doc/draft-ietf-lsr-ospf-transport-instance/ should be considered." (or similar...) I am fine with that. Les > -----Original Message----- > From: John Scudder <jgs@juniper.net> > Sent: Tuesday, October 4, 2022 12:31 PM > To: Les Ginsberg (ginsberg) <ginsberg@cisco.com> > Cc: Acee Lindem (acee) <acee@cisco.com>; Lars Eggert <lars@eggert.org>; > The IESG <iesg@ietf.org>; draft-ietf-lsr-pce-discovery-security- > support@ietf.org; lsr-chairs@ietf.org; lsr <lsr@ietf.org>; pce@ietf.org; > Hannes Gredler <hannes@gredler.at>; JP Vasseur (jvasseur) > <jvasseur@cisco.com>; meral.shirazipour@polymtl.ca; Adrian Farrel > <adrian@olddog.co.uk> > Subject: Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr-pce-discovery- > security-support-11: (with DISCUSS and COMMENT) > > Hi Les, > > Thanks, that’s helpful. One comment, regarding > > > Hard for me to justify modifying RFC 5088/5089 simply to add a pointer to > GENINFO/OSPF-GT even if such an addition might be relevant. > > what I was actually suggesting was that the paragraph in draft-ietf-lsr-pce- > discovery-security-support could be updated to add the pointer. Since draft- > ietf-lsr-pce-discovery-security-support formally updates RFCs 5088/5089, > that would establish at least some mechanism less unreliable than trolling > through old mailing lists, to help a new implementor find this old history, > while still not requiring us to do the heavy lift of bis’ing 5088/5089 (which I > agree would be crazy to do just for this). > > —John > > > On Oct 4, 2022, at 3:24 PM, Les Ginsberg (ginsberg) <ginsberg@cisco.com> > wrote: > > > > John - > > > > Thanx for finding the old email thread. > > Folks also might want to look at this thread: > https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/lsr/Nhe > zQqKwIvHK_9dDUmW0iuhyjDA/__;!!NEt6yMaO-gk!BsexV0igrfCC6797R- > 5WEj654ycPt6DwvDJJ9cKMToAWSjm6GzCfKem3ylr0c4DezgdzY3N-mB2epg$ > > > > In summary, I raised these points when the draft was adopted - but > eventually agreed to allow the draft to go forward. > > > > The intent of the restrictions in RFC5088/5089 is to discourage carrying > additional "non-routing" information in the IGPs. > > The practical matter in this case is that trying to advertise the additional > information using some other mechanism is quite costly and awkward. The > fact that the additional information are sub-sub-TLVs of the PCED sub-TLV > speaks to the coupling of the new information with the existing information. > > > > I think we want to keep restrictions in place so as to discourage new > advertisements, but recognize that we compromise when it seems practical. > This isn’t ideal - and I understand why Lars would want to discuss this - but I > don't have a cleaner solution. > > The fact that we introduced PCE advertisements into the IGPs in the first > place makes it difficult to adhere to the restrictions for PCE related > advertisements. > > > > Section 4 of the draft states: > > > > "This introduction of additional sub-TLVs should be viewed as an exception > to the [RFC5088][RFC5089] policy, justified by the requirement to discover > the PCEP security support prior to establishing a PCEP session. The > restrictions defined in [RFC5089][RFC5089] should still be considered to be in > place." > > > > which is an accurate summary. > > > > Hard for me to justify modifying RFC 5088/5089 simply to add a pointer to > GENINFO/OSPF-GT even if such an addition might be relevant. > > > > Les > > > >> -----Original Message----- > >> From: John Scudder <jgs@juniper.net> > >> Sent: Tuesday, October 4, 2022 11:16 AM > >> To: Acee Lindem (acee) <acee@cisco.com> > >> Cc: Lars Eggert <lars@eggert.org>; The IESG <iesg@ietf.org>; draft-ietf- > lsr- > >> pce-discovery-security-support@ietf.org; lsr-chairs@ietf.org; lsr > >> <lsr@ietf.org>; pce@ietf.org; Hannes Gredler <hannes@gredler.at>; Les > >> Ginsberg (ginsberg) <ginsberg@cisco.com>; JP Vasseur (jvasseur) > >> <jvasseur@cisco.com>; meral.shirazipour@polymtl.ca; Adrian Farrel > >> <adrian@olddog.co.uk> > >> Subject: Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr-pce-discovery- > >> security-support-11: (with DISCUSS and COMMENT) > >> > >> Hi Acee, > >> > >> Thanks. I have a few followups (addressed to the WG at large, not just > you). > >> > >> First, your point relates to OSPF. In the mail thread I cited, Les is talking > about > >> IS-IS. Are the concerns there similar? > >> > >> Second, you say "For non-routing information or advertising more > >> information without impacting unicast routing, I'd recommend OSPF-GT”. > >> That seems similar to Les’s advice (in > >> https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/isis- > wg/-__;!!NEt6yMaO-gk!BsexV0igrfCC6797R- > 5WEj654ycPt6DwvDJJ9cKMToAWSjm6GzCfKem3ylr0c4DezgdzY3NUtSlhyQ$ > >> YjCC5vzHkBY4aVWLJGP2w5OJHM/) to use IS-IS GENINFO (RFC 6823). I can > >> see that extending the PCED (sub-)TLV was the most obvious and > expedient > >> thing to do, but was it the right thing? I’m thinking about your advice and > >> Les’s, to use the generalized/generic transport options instead — was > that > >> option considered/discussed, or had everyone forgotten about the > “please > >> use GENINFO” suggestion by the time work on this draft began (after all, > >> more than ten years after the base document was developed)? (I don’t > see > >> evidence in a review of the mailing list archives that this was ever > considered, > >> but I might have missed something.) > >> > >> Third, if indeed the restriction in question is no longer relevant, is this > >> paragraph in the new spec really needed or even appropriate? > >> > >> This introduction of additional sub-TLVs should be viewed as an > >> exception to the [RFC5088][RFC5089] policy, justified by the > >> requirement to discover the PCEP security support prior to > >> establishing a PCEP session. The restrictions defined in > >> [RFC5089][RFC5089] should still be considered to be in place. > >> > >> Maybe it should just get rid of the restriction completely! On the other > hand, > >> if it *is* appropriate to leave that paragraph in, maybe it should be a little > >> more helpful, by mentioning IS-IS GENINFO and OSPF-GT as being the > >> preferred options for any future work, so that next time we are less likely > to > >> have the same oversight? > >> > >> Thanks, > >> > >> —John > >> > >>> On Oct 4, 2022, at 1:52 PM, Acee Lindem (acee) <acee@cisco.com> > wrote: > >>> > >>> Speaking as long-time LSR/OSPF WG Member and Co-author of RFC 4970 > >> and RFC 7770: > >>> > >>> When RFC 5088 was being standardized, there was concern over both > >> advertising non-routing information in OSPF and exceeding the maximum > >> size of an OSPF Router Information LSA which was limited to a single LSA > >> instance per OSPF router (RFC 4970). The controversial statement below > was > >> added to assuage these concerns. With the publication of RFC 7770, an > OSPF > >> router can advertise multiple Router Instance LSAs with different instance > >> IDs. At the same time, we have evolved to using Router Instance LSAs for > >> limited capability information associated with routing applications (e.g., > PCE). > >> For non-routing information or advertising more information without > >> impacting unicast routing, I'd recommend OSPF-GT > >> (https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft- > ietf- > >> lsr-ospf-transport-instance/__;!!NEt6yMaO- > >> > gk!F84pVCWbzGhoRsiBwEaOLHv7h4wykjYtXlrBXBrhnhZHtCGHtry0Z17ASBG2 > >> PUMF_yYzechg$ ). > >>> > >>> Thanks, > >>> Acee > >>> > >>> On 10/4/22, 1:29 PM, "John Scudder" <jgs@juniper.net> wrote: > >>> > >>> Hi Everyone, > >>> > >>> +Adrian since he appears to have been the shepherd for RFC 5088, > which > >> is the root of Lars’ DISCUSS. > >>> +Hannes, Les, JP, Meral as people who may have more context on the > >> question > >>> > >>> Since I haven’t seen any replies to this DISCUSS yet I did a little digging. > >> The text in question: > >>> > >>> No additional sub-TLVs will be added to the PCED TLV in the future. > >>> If a future application requires the advertisement of additional PCE > >>> information in OSPF, this will not be carried in the Router > >>> Information LSA. > >>> > >>> Was introduced in draft-ietf-pce-disco-proto-ospf-07, September 2007. > >> Checking in the archives, I see one relevant mail thread: > >> > https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/pce/UE > >> Rk8vF5e7cFQoblkDAVA74Ojh0/__;!!NEt6yMaO- > >> > gk!F84pVCWbzGhoRsiBwEaOLHv7h4wykjYtXlrBXBrhnhZHtCGHtry0Z17ASBG2 > >> PUMF_994CNrH$ is the beginning, but then it seems to have been > indexed > >> wrong so you should continue from here: > >> https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/isis- > >> wg/BpUVKsjr46ha9kbF3jwgKyymEBo/__;!!NEt6yMaO- > >> > gk!F84pVCWbzGhoRsiBwEaOLHv7h4wykjYtXlrBXBrhnhZHtCGHtry0Z17ASBG2 > >> PUMF_4C7YoXF$ to pick up Les’s reply as well. There are four relevant > >> messages in total, from Meral Shirazipour, JP Vasseur, Hannes Gredler, > and > >> Les Ginsberg. > >>> > >>> Rather than try to summarize I’m going to ask people to go look at the > >> short mail thread for themselves. Perhaps this will jog people’s memories > >> enough to allow a discussion on why we’re opening a registry for new > code > >> points that was explicitly defined as being closed. > >>> > >>> Thanks, > >>> > >>> —John > >>> > >>>> On Sep 30, 2022, at 8:27 AM, Lars Eggert via Datatracker > >> <noreply@ietf.org> wrote: > >>>> > >>>> > >>>> Lars Eggert has entered the following ballot position for > >>>> draft-ietf-lsr-pce-discovery-security-support-11: Discuss > >>>> > >>>> When responding, please keep the subject line intact and reply to all > >>>> email addresses included in the To and CC lines. (Feel free to cut this > >>>> introductory paragraph, however.) > >>>> > >>>> > >>>> Please refer to > >> > https://urldefense.com/v3/__https://www.ietf.org/about/groups/iesg/stat > >> ements/handling-ballot-positions/__;!!NEt6yMaO- > >> gk!BEvEYiZR6x7lTVrU9AA55g6M1- > >> 32P6xLCiZ537k4RWeOwmTjkSrRmf0k6fDyFPdPOpbjt8J-BPa3$ > >>>> for more information about how to handle DISCUSS and COMMENT > >> positions. > >>>> > >>>> > >>>> The document, along with other ballot positions, can be found here: > >>>> https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft- > ietf- > >> lsr-pce-discovery-security-support/__;!!NEt6yMaO- > >> gk!BEvEYiZR6x7lTVrU9AA55g6M1- > >> 32P6xLCiZ537k4RWeOwmTjkSrRmf0k6fDyFPdPOpbjt2I779yk$ > >>>> > >>>> > >>>> > >>>> ---------------------------------------------------------------------- > >>>> DISCUSS: > >>>> ---------------------------------------------------------------------- > >>>> > >>>> # GEN AD review of draft-ietf-lsr-pce-discovery-security-support-11 > >>>> > >>>> CC @larseggert > >>>> > >>>> ## Discuss > >>>> > >>>> ### Section 4, paragraph 3 > >>>> ``` > >>>> Section 4 of [RFC5088] states that no new sub-TLVs will be added to > >>>> the PCED TLV, and no new PCE information will be carried in the > >>>> Router Information LSA. This document updates [RFC5088] by > allowing > >>>> the two sub-TLVs defined in this document to be carried in the PCED > >>>> TLV advertised in the Router Information LSA. > >>>> > >>>> Section 4 of [RFC5089] states that no new sub-TLVs will be added to > >>>> the PCED TLV, and no new PCE information will be carried in the > >>>> Router CAPABLITY TLV. This document updates [RFC5089] by allowing > >>>> the two sub-TLVs defined in this document to be carried in the PCED > >>>> TLV advertised in the Router CAPABILITY TLV. > >>>> > >>>> This introduction of additional sub-TLVs should be viewed as an > >>>> exception to the [RFC5088][RFC5089] policy, justified by the > >>>> requirement to discover the PCEP security support prior to > >>>> establishing a PCEP session. The restrictions defined in > >>>> [RFC5089][RFC5089] should still be considered to be in place. > >>>> ``` > >>>> (This is mostly for discussion on the telechat, and I expect to clear > >>>> during the call.) > >>>> > >>>> Why were 5088/89 so strict on not allowing new sub-TLVs? This seems > >>>> quite unusual for IETF specs. I'm not arguing that this document > >>>> can't update those earlier RFCs to allow these new sub-TLVs, but it > >>>> seems odd to do so and in the same sentence say "the restrictions > >>>> should still be considered in place." > >>>> > >>>> ### Section 8.2, paragraph 1 > >>>> ``` > >>>> The PCED sub-TLVs were defined in [RFC5088] and [RFC5089], but they > >>>> did not create a registry for it. This document requests IANA to > >>>> create a new registry called "PCED sub-TLV type indicators" under the > >>>> "Interior Gateway Protocol (IGP) Parameters" grouping. The > >>>> registration policy for this registry is "IETF Review" [RFC8126]. > >>>> Values in this registry come from the range 0-65535. > >>>> ``` > >>>> Should the registration policy not be stricter (e.g., Standards > >>>> Action?) given that 5088/89 didn't even allow any new values? > >>>> > >>>> > >>>> ---------------------------------------------------------------------- > >>>> COMMENT: > >>>> ---------------------------------------------------------------------- > >>>> > >>>> ## Comments > >>>> > >>>> ### Inclusive language > >>>> > >>>> Found terminology that should be reviewed for inclusivity; see > >>>> https://urldefense.com/v3/__https://www.rfc- > >> editor.org/part2/*inclusive_language__;Iw!!NEt6yMaO- > >> gk!BEvEYiZR6x7lTVrU9AA55g6M1- > >> 32P6xLCiZ537k4RWeOwmTjkSrRmf0k6fDyFPdPOpbjt1fwrlFS$ for > >> background and more > >>>> guidance: > >>>> > >>>> * Term `master`; alternatives might be `active`, `central`, `initiator`, > >>>> `leader`, `main`, `orchestrator`, `parent`, `primary`, `server` > >>>> * Term `man`; alternatives might be `individual`, `people`, `person` > >>>> > >>>> ## Nits > >>>> > >>>> All comments below are about very minor potential issues that you > may > >> choose to > >>>> address in some way - or ignore - as you see fit. Some were flagged by > >>>> automated tools (via > >> https://urldefense.com/v3/__https://github.com/larseggert/ietf- > >> reviewtool__;!!NEt6yMaO-gk!BEvEYiZR6x7lTVrU9AA55g6M1- > >> 32P6xLCiZ537k4RWeOwmTjkSrRmf0k6fDyFPdPOpbjtxqHvOEf$ ), so there > >>>> will likely be some false positives. There is no need to let me know > what > >> you > >>>> did with these suggestions. > >>>> > >>>> ### URLs > >>>> > >>>> These URLs in the document can probably be converted to HTTPS: > >>>> > >>>> * > >> > https://urldefense.com/v3/__http://www.unicode.org/unicode/reports/tr3 > >> 6/__;!!NEt6yMaO-gk!BEvEYiZR6x7lTVrU9AA55g6M1- > >> 32P6xLCiZ537k4RWeOwmTjkSrRmf0k6fDyFPdPOpbjt9o1UwDk$ > >>>> > >>>> ### Grammar/style > >>>> > >>>> #### "Abstract", paragraph 1 > >>>> ``` > >>>> for OSPF and IS-IS respectively. However these specifications lack a > >> method > >>>> ^^^^^^^ > >>>> ``` > >>>> A comma may be missing after the conjunctive/linking adverb > "However". > >>>> (Also elsewhere.) > >>>> > >>>> #### Section 1, paragraph 5 > >>>> ``` > >>>> ry" instead of the "IGP registry" where as [RFC8623] and [RFC9168] > uses > >> the > >>>> ^^^^^^^^ > >>>> ``` > >>>> Did you mean "whereas"? > >>>> > >>>> #### Section 3.2.2, paragraph 3 > >>>> ``` > >>>> string to be used to identify the key chain. It MUST be encoded using > UTF- > >> 8. > >>>> ^^^^^^^^^ > >>>> ``` > >>>> This word is normally spelled as one. (Also elsewhere.) > >>>> > >>>> #### Section 5, paragraph 4 > >>>> ``` > >>>> enable a man-in-the-middle attack. Thus before advertising the PCEP > >> security > >>>> ^^^^ > >>>> ``` > >>>> A comma may be missing after the conjunctive/linking adverb "Thus". > >>>> > >>>> ## Notes > >>>> > >>>> This review is in the ["IETF Comments" Markdown format][ICMF], You > can > >> use the > >>>> [`ietf-comments` tool][ICT] to automatically convert this review into > >>>> individual GitHub issues. Review generated by the [`ietf- > reviewtool`][IRT]. > >>>> > >>>> [ICMF]: https://urldefense.com/v3/__https://github.com/mnot/ietf- > >> comments/blob/main/format.md__;!!NEt6yMaO- > >> gk!BEvEYiZR6x7lTVrU9AA55g6M1- > >> 32P6xLCiZ537k4RWeOwmTjkSrRmf0k6fDyFPdPOpbjt8uPawyE$ > >>>> [ICT]: https://urldefense.com/v3/__https://github.com/mnot/ietf- > >> comments__;!!NEt6yMaO-gk!BEvEYiZR6x7lTVrU9AA55g6M1- > >> 32P6xLCiZ537k4RWeOwmTjkSrRmf0k6fDyFPdPOpbjtxU9hxDt$ > >>>> [IRT]: > https://urldefense.com/v3/__https://github.com/larseggert/ietf- > >> reviewtool__;!!NEt6yMaO-gk!BEvEYiZR6x7lTVrU9AA55g6M1- > >> 32P6xLCiZ537k4RWeOwmTjkSrRmf0k6fDyFPdPOpbjtxqHvOEf$ > >>>> > >>> > >>> > >
- [Lsr] Lars Eggert's Discuss on draft-ietf-lsr-pce… Lars Eggert via Datatracker
- Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr… John Scudder
- Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr… Acee Lindem (acee)
- Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr… John Scudder
- Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr… Les Ginsberg (ginsberg)
- Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr… John Scudder
- Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr… Les Ginsberg (ginsberg)
- Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr… Adrian Farrel
- Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr… Adrian Farrel
- Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr… Acee Lindem (acee)
- Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr… Dhruv Dhody
- Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr… Acee Lindem (acee)
- Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr… John Scudder
- Re: [Lsr] [Pce] Lars Eggert's Discuss on draft-ie… Dhruv Dhody
- Re: [Lsr] [Pce] Lars Eggert's Discuss on draft-ie… John Scudder
- Re: [Lsr] [Pce] Lars Eggert's Discuss on draft-ie… John Scudder
- Re: [Lsr] [Pce] Lars Eggert's Discuss on draft-ie… Dhruv Dhody
- Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr… John Scudder
- Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr… Lars Eggert