[Pce] Eric Rescorla's Discuss on draft-ietf-pce-rfc6006bis-03: (with DISCUSS)
Eric Rescorla <ekr@rtfm.com> Wed, 30 August 2017 23:41 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: pce@ietf.org
Delivered-To: pce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6874F1321B9; Wed, 30 Aug 2017 16:41:44 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Eric Rescorla <ekr@rtfm.com>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-pce-rfc6006bis@ietf.org, Jonathan Hardwick <jonathan.hardwick@metaswitch.com>, pce-chairs@ietf.org, jonathan.hardwick@metaswitch.com, pce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.59.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <150413650442.16888.3965748412519528441.idtracker@ietfa.amsl.com>
Date: Wed, 30 Aug 2017 16:41:44 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/D06qc1gd4ed3jwrswSpig918lSg>
Subject: [Pce] Eric Rescorla's Discuss on draft-ietf-pce-rfc6006bis-03: (with DISCUSS)
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Aug 2017 23:41:44 -0000
Eric Rescorla has entered the following ballot position for draft-ietf-pce-rfc6006bis-03: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-pce-rfc6006bis/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- The Security Considerations is worrisome, as it points to RFC 5440; Section 10.2, which basically recommends TCP-MD5: At the time of writing, TCP-MD5 [RFC2385] is the only available security mechanism for securing the TCP connections that underly PCEP sessions. As explained in [RFC2385], the use of MD5 faces some limitations and does not provide as high a level of security as was once believed. A PCEP implementation supporting TCP-MD5 SHOULD be designed so that stronger security keying techniques or algorithms that may be specified for TCP can be easily integrated in future releases. The TCP Authentication Option [TCP-AUTH] (TCP-AO) specifies new security procedures for TCP, but is not yet complete. Since it is believed that [TCP-AUTH] will offer significantly improved security for applications using TCP, implementers should expect to update their implementation as soon as the TCP Authentication Option is published as an RFC. Implementations MUST support TCP-MD5 and should make the security function available as a configuration option. TCP-AO has now been published as an RFC for quite some time, so it's probably not really appropriate to just point to a document which recommends TCP-MD5.
- [Pce] Eric Rescorla's Discuss on draft-ietf-pce-r… Eric Rescorla
- Re: [Pce] Eric Rescorla's Discuss on draft-ietf-p… Dhruv Dhody
- Re: [Pce] Eric Rescorla's Discuss on draft-ietf-p… Eric Rescorla
- Re: [Pce] Eric Rescorla's Discuss on draft-ietf-p… Dhruv Dhody