IETF Logo Mail Archive

[Pce] Shepherd Review of draft-ietf-pce-pceps-tls13-01

"Andrew Stone (Nokia)" <andrew.stone@nokia.com> Wed, 27 September 2023 15:02 UTC

Return-Path: <andrew.stone@nokia.com>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABA88C17CE8A; Wed, 27 Sep 2023 08:02:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nokia.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jIXxwwjF5lPE; Wed, 27 Sep 2023 08:02:24 -0700 (PDT)
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2130.outbound.protection.outlook.com [40.107.220.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0807C17CE81; Wed, 27 Sep 2023 08:02:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oYtpQubUYesZ98hh74L7iU9dn00EUKMHzZydIEXVJol2YzUJmw4BoIYWuYPvcK0INoBzOdptLNXJwELIqgupMUkF6Ittfixv6yf9CwSJJcNiwx3QlUS6CnMMBiFLFhjq75DrgHUq+/9kmNw3coAA9BVfPXLtSPJZjNoP9RQzWakgqvc+Gk8GKhXhjkSmrrk4Kz8BtM0Tdp8pDOy7s5TXLyf26wwvSnU6lumIFr/kCUjjQsnZgI3jLGiPp5gfaMTLY6MTmwEtrd/UVcw8lYZoaemu0IsW77Wg8LigVxDiVWdUaKo0a3Sg6N+QTnZP9Q5OjrBOEt8WuzhdUPFYMgXaTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oY4tSmSwICX46TmCPZn3laYS1sxZo83MJufIE6B2KE8=; b=KAQZX/Uj5z2CwSirmU7Og5eeR5R1LsdtxP7x6tdhvBxuCf4VsYemkEX9/Vb5phaz0yuTnr5vwJx37HDhEB/2ZeST1VOQhtiMy7J1r2cwd8jhyDwgjh6cpIEHZFl8zQggEZ15nt9rEW7GA3F3Gg2kXrhmIrux7AEl0V4npkU75X08DIkkciqFFtBOy4dHCBZwhfyMRQxCbjCkOAnFw8aMSdIOb5qhiMkLYuR1mZFbyLK37Zdr7QxEKYt1E2Qp+zMuTocdmyOBo5GSca3rB9ZlErdMwPrQbZUeiz3ACFCZ1RtlfXhmn9nL3bUjliaQ466zC1blJPDuroBdRx7JOIuX0g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oY4tSmSwICX46TmCPZn3laYS1sxZo83MJufIE6B2KE8=; b=bZpUXnKYnCmYq60pibVF6KUPgtlknFQcxt0y1rlUkxA2mAgyG8tr5kg/DlRtthn5fm1Vykba80r99mfcCmhNJjQ3vWkpE/Ke5AsgmRfOKVMk3waLz5wiJX+sxy4jmUwSHaBTyTeOykrQ7Rnr1ugXeQD0cpfkjrXQlxLtyMTHPmgF6RXLoSYyZBA8JTC8mcZCi1nQ+y0SQ5QgWksK/GUn8puReF5heX3O2HrINKaQpKVY4Ik9zz//yxybcQKA/5Xo7a9OxZrCR58k1dsQa4lNMZCywDTQyOlW84QVesFxzbFjfhGrdg9tHEwTd7c6s8DpF38FSdDqdCIx2w2Dt11kCw==
Received: from CH0PR08MB7353.namprd08.prod.outlook.com (2603:10b6:610:102::22) by CH0PR08MB7409.namprd08.prod.outlook.com (2603:10b6:610:f2::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.22; Wed, 27 Sep 2023 15:02:18 +0000
Received: from CH0PR08MB7353.namprd08.prod.outlook.com ([fe80::fdc4:32:ad29:7c83]) by CH0PR08MB7353.namprd08.prod.outlook.com ([fe80::fdc4:32:ad29:7c83%3]) with mapi id 15.20.6813.027; Wed, 27 Sep 2023 15:02:18 +0000
From: "Andrew Stone (Nokia)" <andrew.stone@nokia.com>
To: "draft-ietf-pce-pceps-tls13@ietf.org" <draft-ietf-pce-pceps-tls13@ietf.org>, "pce@ietf.org" <pce@ietf.org>
Thread-Topic: Shepherd Review of draft-ietf-pce-pceps-tls13-01
Thread-Index: AQHZ8VObYZih1m2QLUmf6N4To1Vthw==
Date: Wed, 27 Sep 2023 15:02:18 +0000
Message-ID: <2B797E54-1FA7-4EA4-8016-38DA84CF21FE@nokia.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.77.23091703
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR08MB7353:EE_|CH0PR08MB7409:EE_
x-ms-office365-filtering-correlation-id: 1d8ea686-69d0-42cb-f0bc-08dbbf6abe30
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Omurk9UJR0qBf4W2knTdFVmG64l3yczm51nrie4t9fAUyl0m8BX0igolslGrDR5MbXy6YHB7IdadmkhShuhdlJ0vTziGGB7R3Dwpepq5+1Y0/7O4LWvKx3FDuDkV1c6sxtpNUz8N1nhUNCjchWlOC5AuoLsAyS3Zh0T8w/dvudnLJzxDDGGZtMUg48iq+Z3sOqz4MajMvScDVWEDNaTuhQhISBDa0D6qUdVbA6hKq92c21HEHV24qgZ7t5b5bd6PJFtoAemZb4X9cEYvhUhWPBzqFafr5wfeQOqZhvepuknRBbxKGoW5u8AZqHRu7YRM3raQRSCkECPRrmeKY4eLEdl7QvUjCvKxOl70xYj2m5bjEQvgDIhrHsOsUzeHGSWP0kqRTCKio6k06u1x6ypo3RKFEmXQN3hxt71J4O+dwQGKtGz7K1u9e74VxMmn4VYn+GtpLUEDYG/6Y+Oi7dkSDhCZmJTzBHV3vGehbyy5qD2y9g36DZN/KJbR0VmwjwfKxf/cGoGCy7v4KX9gFpsgQPlgOPNqJk9u0cnhu04BcXiG/MNRgeLbxU52y+1dpVObPmtOQ+MbBje1u567uPI+jBSjjDTu0UcQ9Cu+DwATbaCo+WDrdD3NnajqGa5lbwBDistnu386Yb/aQHOe0bXBq3R+wBIrq0LtTLV6ZCPIXHU=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR08MB7353.namprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(366004)(136003)(396003)(376002)(346002)(230922051799003)(1800799009)(186009)(451199024)(2906002)(83380400001)(38070700005)(38100700002)(86362001)(36756003)(6512007)(71200400001)(33656002)(6506007)(2616005)(6486002)(966005)(478600001)(26005)(166002)(41300700001)(450100002)(8936002)(8676002)(316002)(122000001)(76116006)(110136005)(66556008)(5660300002)(66946007)(64756008)(66476007)(66446008)(82960400001)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 4OmUthtUIjQv9Jip94VTmIgoTYbjqsk8+kDFJOad+GlfO6Ur2s8ueQU4DKVgqBkqCXueu9t0veuRLcPF92AfC2LDenv/OLDRcLMAKTDUqyiiWSk1mC/N0qvYcZ32GT6Cco1AWpWc/jNYQYKBAfvsarEu752ZBdtr0+l/AKIiNGVsjgPdEZDrdMAafY7pasuczn7Uymzg4noXF53aAteOiJS3ImjzF5qDp14BNWQNiw0LKyg6OZCIfjc4vfzYdj+xmUFFYeDIBhYSBEp8LvU6nvLk/8xh+x8DRralq7/rP0296jfUemnRmRC4mGB9qvWRHpZzUSrIHffEjg9wlpyoIXR3k9t1ksnps67LoxfYUs/ay6XEud78PSY48wDmCL+OtIxzETVagO+zuVd4cff8rTPYINoq3Shp9eaIZfRJM7Kwju++GlSlL1d7R6CkbZe9FUAWukm/bhs0wU+Kbukhapc4Mjq6ANWUS4dTyHPzT1Rf8MZIn7yORJtK5vLM3MzKDAjHMpDZnFocxIr/OBGId/5LorDh80hsxQvbLRJefUDTorgSsrsXv/jbOHYbSOfznRAOn4bCq0oMowVIlrMcOlBaCkmzPAG31X5XtSrAzNufytsWGGMJuSHT+FLLfFXCNhp64V/Rebe02bY+gPauxCUbeYrAVDLjD5ax05ukZ0hE5mjiljMy2C4fmrpia+MDdbe1gBYOJjgqxV6mTdT+KMr0RciXJxucFkg7TNWBC3Jf1JgDZbqK1a8bSBmaKwi9D0oP0oRVkkrWHApuYpw4c+rq7iLiRLaewMTV6sGGc1q5YS1PdJYQrFVHVvj6MX3bRSM+WFrs79+LPQWlb5//1nvj5GL5lhBv1tMI8VFtRf06QHYZpPHtHvO8DzsZneqMggI/i/n491/hQLQqnSkzByKGArKsSUre0qe4Zpp2U9SK5m9YtS9C/zbChjXdhxPN/qqB6G/m+Djo+dGhGY2pyER1SuPSwx7IS3WZHYGrC5FJkqMoV96MFcr2w0nKaDlNjYAml4+07zamre225ZYH6e2lnbxkkmGxUjEc8ArTPcfqfNPrQcQuvXTqPa2MPBZxNt7/wvsxv2Eps3pJoG0Bo45phjmDY8S+AzdHCtdX5EeWDffOzrxASP1PRXIJRgKagEpHIFaiEF+t4eyMmFjokrwEq9hXPkZ4uCkg0tgKdtrsUIirk307TOpmKazt6W4RrJd+hLRLYZR113eyYFLrPUh4FfqT2ryCLSMeRgR4E14bfnha8+YWC22MIOek/n9L/h5jFvoaP7mA/0eZa+f1hRI+NDTqbRLLiMAs7B4XTDLCVcOEmI05AJf9+TJVu10b5nbJjWSBMgtRDcKSXhEcooQOZpdsBikm0psLVDZ/QesRPnirhwgvJzwpr3C+92vAuwc+jNrgoK0+661YmrlIkMe+xJeIkSyJiHkqNdrcHCcNFh5Hdt8ljSjOflB+HF8Ykt1NjGOcBgZO/GS0Nan9hVC0dfVrfTlQROaohnP5PNluHDwqrClaPYcVA8S+dc9uve1n8xFjKBe20F851r/EOTIKrJvh4zbFtSfUld0bEYQmpWDE6CB/DGeW+gGKgrP7Zi/VP0/XGu1ODioabQbIwQ==
Content-Type: multipart/alternative; boundary="_000_2B797E541FA74EA4801638DA84CF21FEnokiacom_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR08MB7353.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1d8ea686-69d0-42cb-f0bc-08dbbf6abe30
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Sep 2023 15:02:18.1244 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8iIFGVTQ2XwI/e6Wsfp+SaBFUmU2DJ7z0Ji1Hwleh4cG/42N7xblyC7oLCv9NPX3MTg25mfsqX+RZO2PAAKUwA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR08MB7409
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/6QpUfKCNokDDiCkDHzzM7wWJHMU>
Subject: [Pce] Shepherd Review of draft-ietf-pce-pceps-tls13-01
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Sep 2023 15:02:27 -0000

Hi authors of draft-ietf-pce-pceps-tls13,

I’ve been selected as the document shepherd for this draft.

Thank you for the work on this document. The direct references to draft-ietf-tls-rfc8446bis sections were useful and the document is well written.

From a quick peak at messages from [1], it seems like WGLC consensus was reached on draft-ietf-tls-rfc8446bis + some follow up discussions which appear to be resolved(?) thus draft-ietf-tls-rfc8446bis is also pending a Shepherd writeup. It seems both documents are in similar same state (?).  Given the size and complexity differences I assume draft-ietf-tls-rfc8446bis will progress slower than this document (as hinted by editor note in the introduction as well), is the plan to still continue with the bis as a normative reference?

Taking into consideration the outstanding review comments [2], [3], some additional comments/questions from reading -01:

# From ID NITS:


  *   >Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446)
     *   (Considering the use inside the document and what is intended by referencing it I believe this is okay, but still wanted to point it out that it’s been picked up by the tool)


# Comments:


  *   Abstract: uses "TLS" abbreviation, should be changed to: "..PCEP messages with Transport Layer Security (TLS) 1.2..."


  *   I was similarly unclear as Stephane regarding what does this document update for TLS 1.2 on RFC8253, but after going over it a few times, concluded this updates RFC8253 by bringing in RFC9325 recommendations and applying it to TLS 1.2 in the RFC8253 context. Is that the case? If so, it would be clearer in the introduction to make the point that RFC8253 TLS. 1.2 usage is being updated with recommendations from RFC5246.



  *   Editor Note in the Introduction should remark also updating appendix references in the document if draft-ietf-tls-rfc8446bis normative referenced is reduced to RFC8446



  *   Section 3 paragraph 2 – Replace E.5 with F.5 for the bis reference (…not use early data without a profile..). E.5 is correct for rfc8446, but is F.5 in draft-ietf-tls-rfc8446bis.


  *   Similar question to Stephanes regarding why no reference to RFC8253 in the security considerations? is one required and does this actually update RFC8253 security considerations? As well, the second paragraph seems like it can be removed as all it seems to dop is re-describe what PCE/PCEP is without discussing the security considerations or any explicit consideration updates.


# Suggestion:

OLD:
Note that TLS 1.3 can be used without early data as per Appendix F.5 of [I-D.ietf-tls-rfc8446bis]. In fact, early data is permitted by TLS 1.3 only when the client and server share a Pre-Shared Key (PSK), either obtained externally or via a previous handshake.

NEW:
TLS 1.3 can be used without early data as per Appendix F.5 of [I-D.ietf-tls-rfc8446bis], and allows early data only if both the client and server possess a shared Pre-Shared Key (PSK) obtained externally or from a previous handshake.


Thanks
Andrew


[1] https://mailarchive.ietf.org/arch/browse/tls/?q=draft-ietf-tls-rfc8446bis
[2] https://mailarchive.ietf.org/arch/msg/pce/JmSlc7PT-ms120LXfrldyenG7Bc/
[3] https://mailarchive.ietf.org/arch/msg/pce/SCyLmChul8v27cf-C7EdwNqxfoQ/

v2.23.0 | Report a Bug | By Email