Re: [mpls] MPLS-RT review of draft-farrelll-mpls-opportunistic-encrypt-04.txt
"Lizhong Jin" <lizho.jin@gmail.com> Sun, 17 May 2015 16:09 UTC
Return-Path: <lizho.jin@gmail.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FED81A1A55 for <mpls@ietfa.amsl.com>; Sun, 17 May 2015 09:09:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.3
X-Spam-Level: *
X-Spam-Status: No, score=1.3 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, J_CHICKENPOX_32=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7zulFVk9Z1wn for <mpls@ietfa.amsl.com>; Sun, 17 May 2015 09:09:03 -0700 (PDT)
Received: from mail-pa0-x22e.google.com (mail-pa0-x22e.google.com [IPv6:2607:f8b0:400e:c03::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6BFE1A0277 for <mpls@ietf.org>; Sun, 17 May 2015 09:09:03 -0700 (PDT)
Received: by padbw4 with SMTP id bw4so113350774pad.0 for <mpls@ietf.org>; Sun, 17 May 2015 09:09:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-type:content-transfer-encoding:thread-index :content-language; bh=NMkKSmTG7AjkNugf8aMQt0nHbKXAuiNt6cVTsn6lNTk=; b=zCnVqY6gQUIEnI/tKsEYCg5rv0BCSHS6Ooxun4bqNrJFVQu5JWg7rLu8B5J6nMxPnW eq+JuCcxG6epUx8iV+dbiolBvq3sCU2K5mjrFMTm02d5BnnAaE79iYWln0hZKC3R+OhF 0hcg7Cy1QvDYKXop4x/IAO3UZgygPqK573wGaLBirZG+RSbeOWPJx2iVtNuMc+G3rscD S840oeuBMrMc1NDpE4pS47PIkGnM8p4rST33sTqp/wua3HzTUAuaItmL/mvBP+uz6LI6 9TMkuNo9mswloC0V59cBd9spvFkgSEBXPPQRemsKhwPWztvBBSwU1N7HUiCWv+mFM/q+ jcHw==
X-Received: by 10.66.117.233 with SMTP id kh9mr37393150pab.103.1431878943146; Sun, 17 May 2015 09:09:03 -0700 (PDT)
Received: from LIZHONGJ ([122.225.109.176]) by mx.google.com with ESMTPSA id a6sm7542204pas.28.2015.05.17.09.09.00 (version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 17 May 2015 09:09:01 -0700 (PDT)
From: Lizhong Jin <lizho.jin@gmail.com>
To: draft-farrelll-mpls-opportunistic-encrypt@tools.ietf.org
References: <55466B95.3090502@pi.nu>
In-Reply-To: <55466B95.3090502@pi.nu>
Date: Mon, 18 May 2015 00:08:50 +0800
Message-ID: <083701d090bb$c957c140$5c0743c0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQGz4G/Z8WDc12OyEErwtiokYHgKjp25pmdA
Content-Language: zh-cn
Archived-At: <http://mailarchive.ietf.org/arch/msg/mpls/K7ueFcotRV2h_58Gb5SLieS69pI>
Cc: mpls@ietf.org, mpls-chairs@tools.ietf.org
Subject: Re: [mpls] MPLS-RT review of draft-farrelll-mpls-opportunistic-encrypt-04.txt
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 May 2015 16:09:05 -0000
Hi all, I reviewed draft-farrelll-mpls-opportunistic-encrypt-04 as the member of MPLS Review Team. I am not an security expert, so I review the draft from the MPLS feasibility point of view, and think the document is useful and technically sound. I have several questions, and would appreciate to resolve them before WG adoption. Section 2.1, the scale of configuration that is needed for a full set of SAs between all communicating parties [Lizhong] need to expand acronym "SA", security association? Section 3, Everything that follows the control word is the entire original MPLS packet encrypted. [Lizhong] also for Figure1, in the PHP case, the original MPLS packet will not have label, then if the packet is also encrypted and encapsulated after control work, then how to parse the packet correctly? The control word will not tell the following payload is MPLS or IP. Section 3, The payload is the data carried by the MPLS packet (such as IP) and may be prefixed by a control word. [Lizhong] if the control word is optional, then do we need any negotiation mechanism to enable control word or not? When decryption at the egress LER, the TTL&TC processing of the first decrypted label should be A bit different with previous mechanism. The TTL&TC value may need to inherit from the label before MEL in uniform mode. Regards Lizhong > -----Original Message----- > From: Loa Andersson [mailto:loa@pi.nu] > Sent: 2015年5月4日 2:40 > To: David Allan I; Mach Chen; Lizhong Jin; Kamran Raza (skraza) > Cc: draft-farrelll-mpls-opportunistic-encrypt@tools.ietf.org; > mpls-chairs@tools.ietf.org > Subject: MPLS-RT review of draft-farrelll-mpls-opportunistic-encrypt-04.txt > > Dave, Mach, Lizhong and Kamran, > > > You have be selected as MPLS-RT reviewers for > draft-farrelll-mpls-opportunistic-encrypt. > > Note to authors: You have been CC'd on this email so that you can know that > this review is going on. However, please do not review your own document. > > Note to the reviewers: I understand that this document is very much on the > "security side of the house", however I will also reach out to the Sec-Dir for a > more security biased review. > This should not stop you from commenting on security aspects of the draft, but > if you feel like it I'm comfortable with a "normal MPLS-RT review", responding > to questions below. > > Reviews should comment on whether the document is coherent, is it useful (ie, > is it likely to be actually useful in operational networks), and is the document > technically sound? We are interested in knowing whether the document is > ready to be considered for WG adoption (ie, it doesn't have to be perfect at this > point, but should be a good start). > > Reviews should be sent to the document authors, WG co-chairs and WG > secretary, and CC'd to the MPLS WG email list. If necessary, comments may be > sent privately to only the WG chairs. > > If you have technical comments you should try to be explicit about what > *really* need to be resolved before adopting it as a working group document, > and what can wait until the document is a working group document and the > working group has the revision control. > > Are you able to review this draft by May 17, 2015? Please respond in a timely > fashion. > > > Thanks, Loa > (as MPLS WG chair) > > > -- > > > Loa Andersson email: loa@mail01.huawei.com > Senior MPLS Expert loa@pi.nu > Huawei Technologies (consultant) phone: +46 739 81 21 64
- Re: [mpls] MPLS-RT review of draft-farrelll-mpls-… Lizhong Jin
- Re: [mpls] MPLS-RT review of draft-farrelll-mpls-… Adrian Farrel
- Re: [mpls] MPLS-RT review of draft-farrelll-mpls-… Lizhong Jin
- Re: [mpls] MPLS-RT review of draft-farrelll-mpls-… Adrian Farrel
- Re: [mpls] MPLS-RT review of draft-farrelll-mpls-… Lizhong Jin