Re: [Pce] Roman Danyliw's No Objection on draft-ietf-pce-applicability-actn-11: (with COMMENT)
Dhruv Dhody <dhruv.dhody@huawei.com> Thu, 16 May 2019 05:08 UTC
Return-Path: <dhruv.dhody@huawei.com>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D011D120077; Wed, 15 May 2019 22:08:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o1tgBaGX7BqK; Wed, 15 May 2019 22:08:33 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2E2312006D; Wed, 15 May 2019 22:08:32 -0700 (PDT)
Received: from lhreml705-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id E75436FCB2CF88FF0703; Thu, 16 May 2019 06:08:30 +0100 (IST)
Received: from BLREML702-CAH.china.huawei.com (10.20.4.171) by lhreml705-cah.china.huawei.com (10.201.108.46) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 16 May 2019 06:08:30 +0100
Received: from BLREML503-MBX.china.huawei.com ([169.254.9.86]) by blreml702-cah.china.huawei.com ([::1]) with mapi id 14.03.0439.000; Thu, 16 May 2019 10:38:19 +0530
From: Dhruv Dhody <dhruv.dhody@huawei.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-pce-applicability-actn@ietf.org" <draft-ietf-pce-applicability-actn@ietf.org>, "pce@ietf.org" <pce@ietf.org>, "pce-chairs@ietf.org" <pce-chairs@ietf.org>
Thread-Topic: [Pce] Roman Danyliw's No Objection on draft-ietf-pce-applicability-actn-11: (with COMMENT)
Thread-Index: AQHVC1Y/gGcQ8k6oYEe+KqrNQGcgtqZtLWlw
Date: Thu, 16 May 2019 05:08:19 +0000
Message-ID: <23CE718903A838468A8B325B80962F9B8DA743EC@BLREML503-MBX.china.huawei.com>
References: <155794925207.30668.13964494723213698440.idtracker@ietfa.amsl.com>
In-Reply-To: <155794925207.30668.13964494723213698440.idtracker@ietfa.amsl.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.18.149.39]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/I7WUYrRkeQ5wo8snPqrtixIGCOk>
Subject: Re: [Pce] Roman Danyliw's No Objection on draft-ietf-pce-applicability-actn-11: (with COMMENT)
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 May 2019 05:08:35 -0000
Hi Roman, Thanks for your comments. > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I appreciate all of the references to the various security considerations > in Section 7. My primary question in reading this section was “Does the > use of PCE in an ACTN introduce any additional > vulnerabilities/threats/residual risk and how is this addressed?” as this > document was focused on the applicability of PCE in ACTN. > > (1) I wasn’t sure how [RFC5440] and [RFC6952] were applying specifically > to the ACTN use case. > [[Dhruv Dhody]] RFC5440 talks about various attack vectors, access policies to PCEP which applies to ACTN as well. RFC6952 can be removed. How about this - Various security considerations for PCEP are described in [RFC5440] and [RFC8253]. Security considerations as stated in Section 10.1, Section 10.6, and Section 10.7 of [RFC5440] continue to apply on PCEP when used as ACTN interface. Further, this document lists various extensions of PCEP that are applicable, each of them specify various security considerations which continue to apply here. > (2) I wasn’t sure how to use the guidance in the third paragraph, “As per > [RFC8453] …”. It notes that [RFC8453] outlines both needed security > properties and threats; and reiterates that [RFC8453] states that ACTN > should have “rich security features”. The link and relevance to PCE was > not evident. > [[Dhruv Dhody]] The next paragraph has - When PCEP is used as an ACTN interface, the security of PCEP provided by Transport Layer Security (TLS) [RFC8253], as per the recommendations and best current practices in [RFC7525], is used. I will merge this with the previous paragraph to link it and highlight the PCEP security feature. Working Copy: https://raw.githubusercontent.com/dhruvdhody-huawei/ietf/master/draft-ietf-pce-applicability-actn-12.txt Diff: https://tools.ietf.org/rfcdiff?url1=draft-ietf-pce-applicability-actn-11&url2=https://raw.githubusercontent.com/dhruvdhody-huawei/ietf/master/draft-ietf-pce-applicability-actn-12.txt Thanks! Dhruv > > _______________________________________________ > Pce mailing list > Pce@ietf.org > https://www.ietf.org/mailman/listinfo/pce
- [Pce] Roman Danyliw's No Objection on draft-ietf-… Roman Danyliw via Datatracker
- Re: [Pce] Roman Danyliw's No Objection on draft-i… Dhruv Dhody