IETF Logo Mail Archive

[Pce] PCE WG Last Call - draft-ietf-pce-pceps-04

t.p. <daedulus@btconnect.com> Wed, 04 November 2015 17:57 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECFAC1A1BF4 for <pce@ietfa.amsl.com>; Wed, 4 Nov 2015 09:57:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.799
X-Spam-Level:
X-Spam-Status: No, score=0.799 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qu1v9E4PzQNI for <pce@ietfa.amsl.com>; Wed, 4 Nov 2015 09:57:50 -0800 (PST)
Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3on0733.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe04::733]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1935F1A1C00 for <pce@ietf.org>; Wed, 4 Nov 2015 09:57:50 -0800 (PST)
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=daedulus@btconnect.com;
Received: from pc6 (86.185.87.133) by DB3PR07MB0521.eurprd07.prod.outlook.com (10.160.44.154) with Microsoft SMTP Server (TLS) id 15.1.306.13; Wed, 4 Nov 2015 17:57:26 +0000
Message-ID: <00bb01d1172a$1fcc4100$4001a8c0@gateway.2wire.net>
From: "t.p." <daedulus@btconnect.com>
To: Dhruv Dhody <dhruv.dhody@huawei.com>, DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com>, Dhruv Dhody <dhruv.ietf@gmail.com>
References: <23CE718903A838468A8B325B80962F9B8C435C02@BLREML509-MBX.china.huawei.com>
Date: Wed, 04 Nov 2015 17:55:14 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [86.185.87.133]
X-ClientProxiedBy: HE1PR05CA0057.eurprd05.prod.outlook.com (25.164.28.25) To DB3PR07MB0521.eurprd07.prod.outlook.com (25.160.44.154)
X-Microsoft-Exchange-Diagnostics: 1; DB3PR07MB0521; 2:h/rMNvy6Eg7jDW6N2HJxGT45aT8x0J9mGa0siYTDiDlqSVMEjgWdPsDrLEJFULJQAnGC9yr6aNP2n20LkQI8kiBrHVhyDx5C2QpYJXsUg9QMxx014Yb91efr4tzlQpbr4cf9TAVWBZZy+casKYcXXAU47U1PqOTzASdUdNhwpPo=; 3:Sycu32e3dZvZl+qcUsUpkVfH69rasSFov7SY4LKMFQpZgs3g3CCkbHkm07vDDOA6Ah9tEcYPpXqYr4nQNERNjAAilSy5hyKWKEC2P8KGSthpbtB8WszIRSxJXX9sNH7xyUgNSNtSzEViokDj8tYtxQ==; 25:1vX8o/YKnSukILkBbXOniOnC8hBcB412UKIRehnnCZjJhkSTi1RFJxr6RRLlRNds2luzvKMDuOVlkazt71PtXSULStF5ciRjbkvsAUlWhunKTIH6shhyeYHPsisLnU2et+zWmHjNcxLprdgnT1sy7j5qvNOloypqTyS+ZRenIYSYnysgPSlPWfjgIaAFzj80TSOFblI2sxSaY7GX573Pnc2HnzJVpWhbORbpOLhIlXq0BUTpyI1dxonmU/sFalv1; 4:RBbhl7klLRvqrHktM7qPUB7gvQhPjRG9089A/oJjAnCpeyZRnP2+HwwTJhizTNn5ALOLxCZyajIFVZEUH1C2piP4/JQPUmb0YbaeU0hOVedIoeARY7GdrA/7M9+GQshFkhoHVoR5NjufmfRzCHOxC3KLL6iJ0UGlKMnORUBdUVb0CYuEjGdp5xuXoneSb3Y3tJFBmeWDNII9zTZN8Z0rfeJbudKfZ44Bfr3cZmt8CXjTB4H7cUbusu5ChaqHYDsBtbf8B7Vyg0t/dfxopWMhWeUoZDtb7f7n3Vh/xs4p5kjzW1KWzs0MsfGqgGg76/Dy6MfvdcQc0G05J2YOHtKFLzUDBNkiCQD570da75eA4zWLIOwkiwqGXv/AFqAkFOWn
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB3PR07MB0521;
X-Microsoft-Antispam-PRVS: <DB3PR07MB05217DF324F6B680A56A72C8C62A0@DB3PR07MB0521.eurprd07.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(95692535739014);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(520078)(8121501046)(3002001)(10201501046); SRVR:DB3PR07MB0521; BCL:0; PCL:0; RULEID:; SRVR:DB3PR07MB0521;
X-Forefront-PRVS: 0750463DC9
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6009001)(189002)(24454002)(13464003)(199003)(229853001)(5008740100001)(1456003)(230700001)(50986999)(44736004)(61296003)(81156007)(77096005)(19580395003)(101416001)(81816999)(76176999)(50466002)(23676002)(81686999)(116806002)(42186005)(47776003)(230783001)(66066001)(92566002)(62236002)(19580405001)(44716002)(5001920100001)(14496001)(5007970100001)(106356001)(122386002)(5004730100002)(87976001)(40100003)(86362001)(189998001)(105586002)(5001770100001)(5001960100002)(97736004)(1556002)(33646002)(50226001)(84392001)(74416001)(7726001); DIR:OUT; SFP:1102; SCL:1; SRVR:DB3PR07MB0521; H:pc6; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:0; LANG:en;
Received-SPF: None (protection.outlook.com: btconnect.com does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1;DB3PR07MB0521;23:9cps+4PVL0zLzK8gTryFoOe64/5O+8X1bQo3WCacxopAEJ6oVmfHX5gKChLognR2BBxNe+3KkXtUEuiw8XwDwgImsyvcHpAFZn01THQ6XxjLaDziQ2ogJ0hIccsJD9MJrogl8AEQrxi9jnLi1I2d2wlx1B4GvWuYmqbui3IIQwSM2AcCrgqus8O2xfT7lkdpvxPYdTJkdM/QI5gII7tnteGa2Q2Zp5aYX+BsiSTw5VLjvMWlWZUiDe5WMg+6zFG+Bu1VPjovlRlqaz6ETxTMBYfg9U9V/cGt2mTaeCSuTFdk1V6PkZOAbrDFrrtRQX0mGDQ0XxUCppuxWSiPoAuEmkdldkSPefeOSwRq2m4tz0vXIKnXwWRaavYQeH5QzCrNlG2h+XP/FOWCnhOF5wn1JqsDlnPgyRnuO3ZtR7loGFIuEAvTNlbUt/laTDWwV88ck98D/D2RanZ2+nzuX010VG3q21k7fFs148iAzjSs3WvMh+EO/OkJg4mWD9nAgddUWahCZ+5YF5QF2hnzxQmj+Kbexc7PKAEGfPgIkTm9Q/ECTVkAAF1mlSmxVfjhJEXI5ZUF59KMEgh0YZp1wP5Ehp4MBAJsMJesBjsPgdBDA+kEJKnDHhxnawtRiC1lslWo4Djw4gLctSR3YsIwdocSLPhW2vGSWCU1aNAidQ5eXwnIl2P1jADl4w7AvK7U5UZwII0M82djpARBJMNV0Q0GcHJZVlGMYx1B3IGH1Y+of3ajgSYLzSPFAUa0WrynDale5SJ4OFeudlHI1QvsV9t+5VEe4SmoDWSkEIxVaHxeLP9CUM2QEGVFwFEDUaMWTVG6ouddLzd6/L7R+FYAuMlrJcwPEijdxvjIwRVDWLUQ53WYmpjx9MPBA0PMBY/szeBVmVjuTdhlqJ68P5UW0lPW6xlSTph1jLcR/kLuM/zt/yI+QcG1unjwZQ9InmJfg2dir6rTtWd0mlgu/2KmP8t++qulivgi5TKcirBT2q61L77RLZGR61UDLFmPSvtrqeo6I7Bq8Mm1SY7jmgaoF6iNhCGAPAz2Z4V7WRtH1EbFVMGnohyDKy1Kz4N1xT5LVxoqgSWqF4b8wenxgc0bUGS0GggIgSIwGmJRxzjN6jDJP1zOJqd/K/SA9dQWTOWS86pOtk3nujXynJzWnaD7NDQ5rmLnaDzq21OPih+Qf4Xob0MKtjpRgoLn9lnoh3Qmpbsu8Y2n6/FSEunFymZlcVjt7wdY0wixh891yTHM9n6KPJtf/r9480oOwCN06y4Hs4C57yeN3UYJ+DFdrukf6t+dGw==
X-Microsoft-Exchange-Diagnostics: 1; DB3PR07MB0521; 5:89e2TTGni9SUrkkySVqwn0BskAju/h1GI7vi+vC4oAX0+W7gIddd1qTQqgOLGGOBcb8HPvtm6zSeUoR9oHCPbbn5ABYtS6EgM3bLPnpoFZvGjvLYBezwdUNHQGP5UulxkB6ogDS4pjTwT2ywO3hNBA==; 24:ng2qaX6deVLw4mEFych3rEwtAFJ1n6j62JUaMFqiVOUOhSKGFnimgrhFEP0odnM5gHmiDPwMIFin2VEW5w6m9bXJvR4QqDB00ukFZIyiDsI=; 20:Kj129QgPg37d39YLtODUmvRJPx8wmwI0v7sgwuenyXiioXQjxlBXySV2jzlLHC0YajxuZwOKxfCYF4s5FYNlCg==
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Nov 2015 17:57:26.9427 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR07MB0521
Archived-At: <http://mailarchive.ietf.org/arch/msg/pce/57INzsFig8qlk9lyfx4E74A51uA>
X-Mailman-Approved-At: Wed, 04 Nov 2015 16:16:58 -0800
Cc: pce@ietf.org
Subject: [Pce] PCE WG Last Call - draft-ietf-pce-pceps-04
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2015 17:57:54 -0000

s.3 At first, I was unsure whether or not both parties sent a StartTLS.
"The StartTLS message is a PCEP message sent by a PCC to a PCE and by
   a PCE to a PCC " suggests both
"Once the TCP connection has been successfully established, the first
   message sent by the PCC to the PCE or  by the PCE to the PCC MUST be
a
   StartTLS message " suggests only one.
Section 3.3 makes it clearer that both send it.  This is fine but I am
unaware of any other protocol where this happens so I would suggest
/or/and/ in that second sentence and expanding the earlier sentence
OLD
   2.  Initiating the TLS Procedures by the StartTLS message.
NEW
   2.  Initiating the TLS Procedures by the StartTLS message from PCE to
PCC and from PCC to PCE.

I focus on this because I was also looking to see which became TLS
Client.  TLS is asymmetric, designed to authenticate a (HTTP) server to
a client.  Netconf (and SNMP), which I know better, struggled with this
because the key for Netconf is to authenticate the client to the server,
which TLS does not do so well. Posts on the TLS list suggest that there
are very few implementations of TLS client authentication, rather
something else is done once the secure channel has been established.

So, do you care who is TLS client and who TLS server?  It will be
interesting to see a security review of this.

In passing, RFC7465 prohibits RC4 with TLS so I would think it unlikely
that
"SHOULD support  TLS_RSA_WITH_RC4_128_SHA"  will be acceptable.

Tom Petch

----- Original Message -----
> On Oct 8, 2015 18:57, "JP Vasseur (jvasseur)"
<jvasseur@cisco.com<mailto:jvasseur@cisco.com>> wrote:
> Dear WG,
>
> This starts a 2-week WG Last Call on draft-ietf-pce-pceps-04, ending
on Oct 23 at noon ET. Please send your comments to the authors and copy
the list.
>
>

v2.23.0 | Report a Bug | By Email