IETF Logo Mail Archive

Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support-02.txt

"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> Mon, 30 September 2019 04:34 UTC

Return-Path: <ginsberg@cisco.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B90B51200FF for <lsr@ietfa.amsl.com>; Sun, 29 Sep 2019 21:34:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=msJsKkRh; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=jazWaqJg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BixhZc6GwWO5 for <lsr@ietfa.amsl.com>; Sun, 29 Sep 2019 21:34:20 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BADD120019 for <lsr@ietf.org>; Sun, 29 Sep 2019 21:34:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7140; q=dns/txt; s=iport; t=1569818060; x=1571027660; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=zAt2dwZAMHewIoBabOYAu4VDLNryW4TZxskFw2DTnRM=; b=msJsKkRhkYM9xqT1lQtXeiU/u1VfigPhmg+TUS7SealRl7iBPz+EqunX /aDEQa2HN4RsXMRDuSBt970J10Nj9JYYUe2+c0Ob5+hVeJPgvrwBmdhXx yH1YLXO7Utrr5d05bgKGqoqs8pfVOByPr1z+RCBafsgW+BMqFf6Hq+40j M=;
IronPort-PHdr: 9a23:ajLMQhyHonDhxf/XCy+N+z0EezQntrPoPwUc9psgjfdUf7+++4j5YhWN/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A1RJKa5lQT1kAgMQSkRYnBZuKCEvgJvPwYAQxHd9JUxlu+HToeUU=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AmAAAUhZFd/4YNJK1mGwEBAQEDAQEBDAMBAQGBVAUBAQELAYFKUANtViAECyqEIoNHA4pWTYIPl3aBLoEkA1QJAQEBDAEBGA0IAgEBhEACF4MgIzUIDgIDCQEBBAEBAQIBBQRthS0MhUsBAQEBAwEBEBERDAEBJQcMCwQCAQYCDgMEAQEDAhkKAwICAiULFAEICAEBBAESCAEZgwGBagMdAQIMj26QYQKBOIhhdYEygn0BAQWBNAEDAg5BgnYYghcJgQwoAYwNGIFAP4EQAUaCTD6CVgsBAQEBAQEWgTEYJIJlMoImj12FUZdtCoIihwWOIYI3coZcjzGOIYE9hluEe4wMAgQCBAUCDgEBBYFUATWBWHAVGiGCbAlHEBSBToNyhRSFP3QBC4Edj2UBAQ
X-IronPort-AV: E=Sophos;i="5.64,565,1559520000"; d="scan'208";a="341212449"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 30 Sep 2019 04:34:18 +0000
Received: from XCH-RCD-010.cisco.com (xch-rcd-010.cisco.com [173.37.102.20]) by alln-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id x8U4YIGf008948 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 30 Sep 2019 04:34:18 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-RCD-010.cisco.com (173.37.102.20) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 29 Sep 2019 23:34:17 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 30 Sep 2019 00:34:17 -0400
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 30 Sep 2019 00:34:16 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aqMP1cLztQk5A+OzOFfgCXSI0oxaJm6dHj5D7X/sqKnnr9zYflMKUpd53Eigz5wrrpqGGjAbE4vY4+K0US+VGpa5sUyGcaQ7v6J5327GhtCu2GwfGreFDD6CLfgFanFU3++pD+klGMypkCj8XLerLRLdR3RFwf/nzar1BwQWT1l0sEA83JXwbEXh2xPFqy0b5Z+4tm6eNEGmN3hYG6ouLWtmnBSmDqjDhefxl7m/ip3kNeWGy7NxCB7GvEpnG9aVvRNJkbIFKCXsNJ33LSEgM6dVOnzVxIPzv6RfLopBkRlwvE8+3LzlWPFJ/WEHKx+7W7qqyui5lC7iNLf8UqYrTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zAt2dwZAMHewIoBabOYAu4VDLNryW4TZxskFw2DTnRM=; b=PSl52TSyyn9GkyMqIa+O7gU0plQG3ZjJ6X6ZvEEYOj2t3sKhKbE0CdX68aWr8YV6A70VjFuFZhVJB5zJd5fDD9pneGnDuIlMs/6TYfef4fUF8K4MPetGP1SqMpLS/mpDWk4F2HV/In9eE8bJY2ycCGh3OPBe/rFCdM1Ic3MGBzlGHvBeaarexBGda8cDSbqg47osEB8hlBmXFMfXpWV8+o78HauO+48fanBf7hwm74//LGLK6Hiwox5bTzDN3rKWdt53pT+CjEC1OhH19XUmjxJDVvIjRbZNk5x1EcqABSbWk69PXzrvDH3ITpXcHDX6N0WGRWTychMGReknYzy34g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zAt2dwZAMHewIoBabOYAu4VDLNryW4TZxskFw2DTnRM=; b=jazWaqJgCuwhbVy0mcfxaFL9QLufrnutxQWqDEh2b3I5EU4PkdYFM0keO/f2zSZBZK+R0yiuDn1khz+ri2id1LTndVpfxgrI+ElJs6/JlnyTXe75eCLrLIeEem5/gwNkZPuyObNmRve8aIevmNzADFY06UTq/UXNg/KFS0hmXsU=
Received: from BYAPR11MB3638.namprd11.prod.outlook.com (20.178.237.19) by BYAPR11MB3351.namprd11.prod.outlook.com (20.177.186.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.16; Mon, 30 Sep 2019 04:34:15 +0000
Received: from BYAPR11MB3638.namprd11.prod.outlook.com ([fe80::8042:c109:5baa:69f1]) by BYAPR11MB3638.namprd11.prod.outlook.com ([fe80::8042:c109:5baa:69f1%7]) with mapi id 15.20.2305.017; Mon, 30 Sep 2019 04:34:15 +0000
From: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
To: Qin Wu <bill.wu@huawei.com>, "lsr@ietf.org" <lsr@ietf.org>
Thread-Topic: I-D Action: draft-ietf-lsr-pce-discovery-security-support-02.txt
Thread-Index: AdViRrD6b+TFP1saQH6PevLpwQAFQgU/7a2g
Date: Mon, 30 Sep 2019 04:34:15 +0000
Message-ID: <BYAPR11MB3638F8A3C90A20C5450701A9C1820@BYAPR11MB3638.namprd11.prod.outlook.com>
References: <B8F9A780D330094D99AF023C5877DABAA92CEBF2@dggeml511-mbx.china.huawei.com>
In-Reply-To: <B8F9A780D330094D99AF023C5877DABAA92CEBF2@dggeml511-mbx.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ginsberg@cisco.com;
x-originating-ip: [2001:420:c0c8:1005::65e]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c0ef2b76-d39b-44ff-4c8b-08d7455f7350
x-ms-traffictypediagnostic: BYAPR11MB3351:
x-ms-exchange-purlcount: 7
x-microsoft-antispam-prvs: <BYAPR11MB3351678E15F918EDCC9BC416C1820@BYAPR11MB3351.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 01762B0D64
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(346002)(39860400002)(376002)(136003)(366004)(13464003)(199004)(189003)(110136005)(8936002)(2420400007)(15650500001)(316002)(6506007)(53546011)(52536014)(46003)(102836004)(76116006)(2906002)(966005)(256004)(478600001)(25786009)(7110500001)(6116002)(14454004)(99286004)(74316002)(5660300002)(7736002)(305945005)(81156014)(81166006)(33656002)(486006)(229853002)(8676002)(7696005)(11346002)(64756008)(66556008)(186003)(66446008)(446003)(6436002)(14444005)(476003)(71190400001)(71200400001)(66946007)(66476007)(76176011)(86362001)(6306002)(9686003)(55016002)(2501003)(6246003)(66574012); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB3351; H:BYAPR11MB3638.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: prkN4v+yJyOhiLOXWtexdRkSLIDxuitNHSTYLWtHR9/3LnPeHbYxC6rjnHZhsPFLgZGrh19oEtU26Iul0+jh8yVHLzR7LjiKRXBzohSN6wX248OEqQMtExUKWDx0iR7sxwJZN35FsLtmRqOooPQfLS9ItnXtFqkrGjkWaWco/AOigSxQzfvDiwmd+7BRRdmB1m3At0gV3BLR5nkI3Ki8R2KrJP0aywyChBKKaCUtpQlVD8pM7U3/m/IKOum/eTHRZh2j8RHapK3n8ExYiRid5zRoL6BQeeJ3gy39AxqVWKzEhniDWT7O4eY23TcumcBRzRhfWJGkvLf2+5COxd+roc3k2eQLyRQ5ccYuXuftWBDENCbdcMzwagnHeFTg9yE7eenQqgMa0+dYy/SnqW7Yuymefe73r6terXyZWn2SaVKV8ukaDysvBSq9yDAjZGVoP6efhoP7ruj/ODkIPDAgZg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c0ef2b76-d39b-44ff-4c8b-08d7455f7350
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Sep 2019 04:34:15.4137 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vWCoWkBs4tM4/HE5GjudduUT95q2p35NvVqPuVZ+v4asnBbJRWJeOqnNqn8mVnZF8PIWUiCfiALGvjevqY37/g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3351
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.20, xch-rcd-010.cisco.com
X-Outbound-Node: alln-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/wIyqKctiNMueBo8qx6ZkH3Hqe4Y>
Subject: Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support-02.txt
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Sep 2019 04:34:23 -0000

Qin -

Apologies for the tardy response. I was on vacation when you sent the update - and it has taken me a while to catch up.

I would agree with Adrian that the new version is a significant improvement - but there are still two points of concern for me.

1)Although you now mention the restrictions in RFC 5088/5089 against further IGP extensions, you do not reinforce that this restriction should still be considered to be in place after the allowance of the two additional exceptions. Something to the effect:

OLD

" Section 4 of [RFC5089] states that no new sub-TLVs will be added to
   the PCED TLV, and no new PCE information will be carried in the
   Router CAPABLITY TLV.  This document updates [RFC5089] by allowing
   the two new sub-TLVs defined in this document to be carried in the
   PCED TLV of the for use in the Router CAPABILITY TLV."

NEW

" Section 4 of [RFC5089] states that no new sub-TLVs will be added to
   the PCED sub-TLV, and no new PCE information will be carried in the
   Router CAPABLITY TLV.  This document updates [RFC5089] by allowing
   the two new sub-TLVs defined in this document to be carried in the
   PCED TLV of the for use in the Router CAPABILITY TLV. The introduction of
  the additional sub-TLVs should be viewed as an exception to the [RFC5089] policy
  justified by the need to know the new information prior to establishing a PCEP session.
  The restrictions defined in  [RFC5089] should still
  be considered  to be in place."

2)I still do not know what position the PCE WG has regarding this work.

   Les


> -----Original Message-----
> From: Lsr <lsr-bounces@ietf.org> On Behalf Of Qin Wu
> Sent: Tuesday, September 03, 2019 4:03 AM
> To: lsr@ietf.org
> Subject: Re: [Lsr] I-D Action: draft-ietf-lsr-pce-discovery-security-support-
> 02.txt
> 
> The v-02 is posted to address remaining comments on the list, thanks Adrain,
> Aijun, Les for comments and input.
> The diff is:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-lsr-pce-discovery-security-
> support-02
> 
> -Qin
> -----邮件原件-----
> 发件人: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] 代表
> internet-drafts@ietf.org
> 发送时间: 2019年9月3日 18:58
> 收件人: i-d-announce@ietf.org
> 抄送: lsr@ietf.org
> 主题: I-D Action: draft-ietf-lsr-pce-discovery-security-support-02.txt
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Link State Routing WG of the IETF.
> 
>         Title           : IGP extension for PCEP security capability support in the PCE
> discovery
>         Authors         : Diego R. Lopez
>                           Qin Wu
>                           Dhruv Dhody
>                           Michael Wang
>                           Daniel King
> 	Filename        : draft-ietf-lsr-pce-discovery-security-support-02.txt
> 	Pages           : 9
> 	Date            : 2019-09-03
> 
> Abstract:
>    When a Path Computation Element (PCE) is a Label Switching Router
>    (LSR) participating in the Interior Gateway Protocol (IGP), or even a
>    server participating in IGP, its presence and path computation
>    capabilities can be advertised using IGP flooding.  The IGP
>    extensions for PCE discovery (RFC 5088 and RFC 5089) define a method
>    to advertise path computation capabilities using IGP flooding for
>    OSPF and IS-IS respectively.  However these specifications lack a
>    method to advertise PCEP security (e.g., Transport Layer
>    Security(TLS), TCP Authentication Option (TCP-AO)) support
>    capability.
> 
>    This document proposes new capability flag bits for PCE-CAP-FLAGS
>    sub-TLV that can be announced as attribute in the IGP advertisement
>    to distribute PCEP security support information.  In addition, this
>    document updates RFC 5088 and RFC 5089 to allow advertisement of Key
>    ID or Key Chain Name Sub-TLV to support TCP AO security capability.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-lsr-pce-discovery-security-
> support/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-lsr-pce-discovery-security-support-02
> https://datatracker.ietf.org/doc/html/draft-ietf-lsr-pce-discovery-security-
> support-02
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-lsr-pce-discovery-security-
> support-02
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html or
> ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> _______________________________________________
> Lsr mailing list
> Lsr@ietf.org
> https://www.ietf.org/mailman/listinfo/lsr

v2.23.0 | Report a Bug | By Email