Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ietf-lsr-pce-discovery-security-support-11: (with DISCUSS and COMMENT)
"Acee Lindem (acee)" <acee@cisco.com> Wed, 05 October 2022 11:54 UTC
Return-Path: <acee@cisco.com>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A979C14F731; Wed, 5 Oct 2022 04:54:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.605
X-Spam-Level:
X-Spam-Status: No, score=-14.605 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=DkaCP9b8; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=zwjtKtqC
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LMVzYA8c385U; Wed, 5 Oct 2022 04:54:43 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77D11C14F730; Wed, 5 Oct 2022 04:54:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=28048; q=dns/txt; s=iport; t=1664970883; x=1666180483; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=QM9C3OzQpF9gtQCz381fqkwPSagQHvSbSrCQcETnqfY=; b=DkaCP9b8WOASBEtMKBYjXU0poo1WPTdsjZvEMAKpQLOKFd5t+Dx1EiTt 9eLQLl68F15MZccijAtZabAz1Skefu1QErxE2YgcFytzu+vIKNQ4hF1u/ Dv0k0DKDcu0jNVEt7VjEfb3Cvy3pB3xGEplwRNyLu6ccTpBqeVXqYnz3F 0=;
IronPort-PHdr: A9a23:Z9b9KxUUFEEku1iKst3WppEsPtXV8K36AWYlg6HPw5pCcaWmqpLlOkGXpfBgl0TAUoiT7fVYw/HXvKbtVS1lg96BvXkOfYYKW0oDjsMbzAAlCdSOXEv8KvOiZicmHcNEAVli+XzzMUVcFMvkIVPIpXjn5j8JERK5Pg1wdYzI
IronPort-Data: A9a23:FyiQZqPbtbCnwgTvrR3DlsFynXyQoLVcMsEvi/4bfWQNrUp20mcDz2dJDW6OPPjcNDb0eNl+Ot7i8R8D75GEndBnHXM5pCpnJ55oRWUpJjg4wn8dtEp+F+WbJK5cx5hYO4CowPwcFCeG/E/wa+a59BGQ6InRLlbCIL+cUsxObVcMpBcJ0XqPqsZh6mJaqYHR7zCl4bsel/bi1GqNgFaYBI67B5Wr83uDtNyq0N8RU8dXifpj5DcynFFNZH4TyD3YEpf2fmVUNrbSq+fr1rq1+CbS+A0gT43jmbfgeUpMSbnXVeSMoiMJAO753V4T/Wprj/lT2Pk0MS+7jx2AlN184N5Mrpe3DwwuO8UgncxNCkEITnonbfUuFLjvZCLXXdao50jLaXLohe5uDVs/L4wA/fttKXlJ8e0dNDRLZRnrr+K/xrS2UcFjnMkvKMTxeooD0ll4xjzxDPs6T9bEWaqizdtDxh8xi9xAW/HEaKIxbSF1KR/AahxVIX8WBY4w2uCyiRHXfydRpk7QpKcr7S3X1xY0yLPgddbUYdeNW8hPjwODq2nb5WXlE1QBKcSHziCZ2nOhmuGJmjn0MKoTGaa33v9nnFPVwXYcYDUSXEGgifS2hUOkR5RYMUN80ightoAw6UqqVtTnGRu1vBastxIGWtNWO+o+5A2Kxezf5ECEBQA5opRpADA9nNU9STpv3ViTkpa3Qzduq7aSD3ma89+pQfqJEXB9BQc/ieUsFGPpO+Xenbw=
IronPort-HdrOrdr: A9a23:3SJhnayhlvpLpg1cL4ShKrPxjuskLtp133Aq2lEZdPULSKKlfpGV88jziyWZtN9IYgBdpTiBUJPwJU81bfZOkMYs1MSZLXbbUQyTXc9fBOrZsnHd8kjFl9K1up0QC5SWZOeAb2SSyPyKnTVQcOxQgeVvkprY/ts2pk0FJWoBBsEQjDuRSDzraHGeLzM2YqbRYaDsn/av0ADQH0j/AP7LY0UtbqzmnZnmhZjmaRkJC1oM8w+Vlw6l77b8Dlyxwgoeeykn+8ZjzUH11yjCoomzufCyzRHRk0XJ6Y5NpdfnwtxfQOSRl8kuLCn2gArAXvUjZ1TChkF2nAic0idvrDD+mWZmAy210QKWQoiBm2qp5+An6kd215at8y7BvZKpm72GeNtzMbsxuWseSGqD16Ll1+sMjZ6iGAmixsBq5Fr77VfAD5KjbWAbqmOk5XUliuIdlHpZTM8Xb6JQt5UW+AdPHI4HBz+S0vFtLABCNrCU2B9tSyLTU1nJ+m10hNC8VHU6GRmLBkAEp8yOyjBT2HR01VERysATlmoJsMtVcegI283UdqBz0L1eRM4faqxwQO8HXMusE2TIBRbBKnibL1jrHLwOf3jNt5n06rMo4/zCQu1D8LIi3JDaFF9Iv287fEzjTcWIwZ1Q6xjIBH6wWDz8o/sukaSReoeMM4YDHRfzPGzGyfHQ0cn3KverLsqOBA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ByAABDbIJi/51dJa1QBAYdAQEBAQkBEgEFBQFAgTsIAQsBgVFSB3UCWDlDAgGES4NMA4RSX4UJXYIlA5BHinGBLBSBEQNUCwEBAQ0BATkJBAEBhQICFoUoAiU0CQ4BAgQBAQESAQEFAQEBAgEHBIEJE4VoDYZCAQEBAQMSEREMAQElBwsBCwQCAQgRBAEBAQICHwcCAgIwFQgIAgQBDQUJEgeCWwGCYwMxAQ6fZwGBPgKKH3qBMYEBgggBAQYEBIE3ARVBgn8YgjgJgRAsAYMThCmDEYFfgjMXEByCDYEUAScMEIJnPoJiAQECAYEoAQcEAQUCAQgINoMwN4IulUodOwMcOIEFEoEhcQEIBgYHCgUyBgIMGBQEAhMSUx4CEwUHCgYWDhQcJBkMDwMSAxEBBwILEggVLAgDAgMIAwIDIwsCAxgJBwoDHQgKHBIQFAIEEx8LCAMaHy0JAgQOA0MICwoDEQQDExgLFggQBAYDCS8NKAsDBQ8PAQYDBgIFBQEDIAMUAwUnBwMhBwsmDQ0EHAcdAwMFJgMCAhsHAgIDAgYXBgICcQooDQgECAQcHiUTBQIHMQUELwIeBAUGEQkCFgIGBAUCBAQWAgISCAIIJxsHFhkdGQEFXQYLCSMcLAsGBQYWAyYnKwYiARsCkjyDHQiBBAkBBQstAS0CEx82BCILDggQBB4tCRsIBBlGDBgCAQEIBQEYDgM6khEGgw1GijyNRZJ7CoNMixqNaAmBBoV5BC2DdYFPim+YJJZmIIIqiA2CUJRNC4R/AgQCBAUCDgEBBoFhPGlwcBU7KgGCPQlIGQ+OIAwWFYM7hRSFSnUCCy4CBgEKAQEDCY5SASeCIAEB
X-IronPort-AV: E=Sophos;i="5.91,230,1647302400"; d="scan'208";a="810853180"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 05 Oct 2022 11:54:41 +0000
Received: from mail.cisco.com (xfe-rcd-005.cisco.com [173.37.227.253]) by rcdn-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id 295BsfL4001149 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Wed, 5 Oct 2022 11:54:41 GMT
Received: from xfe-rtp-002.cisco.com (64.101.210.232) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Wed, 5 Oct 2022 06:54:40 -0500
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-002.cisco.com (64.101.210.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Wed, 5 Oct 2022 07:54:40 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IdWkuAltu9Xd48/n+EvLK1a54c99biPK1KCfQurKk9Y2AptJ3AMCRvaEoqYSigQjVIMDpvUXdOCVr0JhUMPzV8a6wm1TX2TrhKODeR7VoYbHGiQ6v+nBnOFNE9X9be+7PvU/SOWueoBjCZk+iuiDdXGtGUgroIxJh1/zdXRhNdy9e41SxJBTdb4fQsdJx95LXFsWsHHF9RrAMfNsyobqr66U/8T1dAdjLxU/fZ6XrGsQV6391oxVgmV/+v6B/lQkBT2UckmylBt4NhriKrVs7QJ23OlEiL8/dUA8f/vek6IoZRiVOD+Vkd8ZnzBpOtXoZ5tTMIdNKr+jLFL9c4bVBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QM9C3OzQpF9gtQCz381fqkwPSagQHvSbSrCQcETnqfY=; b=kXpet6DY8R4LohmeHrhC2Hx7lJX8F+i9G5pEILY5dUDd+fdvKDtWfpIvTlBVjqsySx8ZimYtD8R5SN2cd4bp3v/tvDFOdfMT/Hc07H1url5H9C7YeqrLPfHdW8QR6QuXuANLlxTBqU43W/+StFYzQa9e13NraCzNzJpfcs3FtJx6WMB7AF+dk01E1yFXuZukk1QL6xvM8szCnw1S+Ypd4F0iD34frAUQXLO0FHU/KY+9DuzZoNEq5grX/ddWIx5Ohzye3Ry2D6pEjZ687A+dIbzWBRlHQx+IYmJhWkU++2BPm11lcyRRXzIFI5fLQPwbppBb0lVcamnlu0n7S0WPAw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QM9C3OzQpF9gtQCz381fqkwPSagQHvSbSrCQcETnqfY=; b=zwjtKtqC43wFi3g7dZKrHRKzwuRLZaVaLu2IaG89ZflTo8KecdRieDsISorzw6+JkziAwprsilBqJUJdR4Hr4uMjK7OCzoIu72V30yjvmBmV9G2SdREe2CwtEeO+WLesxb30pDioekMB9y5DO1dndh8Zk9jgBgGAqPdiQ/4estI=
Received: from BYAPR11MB2757.namprd11.prod.outlook.com (2603:10b6:a02:cb::16) by SA1PR11MB6806.namprd11.prod.outlook.com (2603:10b6:806:24d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.23; Wed, 5 Oct 2022 11:54:38 +0000
Received: from BYAPR11MB2757.namprd11.prod.outlook.com ([fe80::138f:535:2fee:84b4]) by BYAPR11MB2757.namprd11.prod.outlook.com ([fe80::138f:535:2fee:84b4%7]) with mapi id 15.20.5676.034; Wed, 5 Oct 2022 11:54:37 +0000
From: "Acee Lindem (acee)" <acee@cisco.com>
To: "adrian@olddog.co.uk" <adrian@olddog.co.uk>, "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>, 'John Scudder' <jgs@juniper.net>
CC: 'Lars Eggert' <lars@eggert.org>, 'The IESG' <iesg@ietf.org>, "draft-ietf-lsr-pce-discovery-security-support@ietf.org" <draft-ietf-lsr-pce-discovery-security-support@ietf.org>, "lsr-chairs@ietf.org" <lsr-chairs@ietf.org>, 'lsr' <lsr@ietf.org>, "pce@ietf.org" <pce@ietf.org>, 'Hannes Gredler' <hannes@gredler.at>, "JP Vasseur (jvasseur)" <jvasseur@cisco.com>, "meral.shirazipour@polymtl.ca" <meral.shirazipour@polymtl.ca>
Thread-Topic: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr-pce-discovery-security-support-11: (with DISCUSS and COMMENT)
Thread-Index: AQHY1Mf+IrMisCCzyUys/qIYKYLaD63+hBAA///DggCAAEm0gIAAEvSAgAABzwCAAAN8AIAA0Y2A///6ygA=
Date: Wed, 05 Oct 2022 11:54:37 +0000
Message-ID: <00DE2370-BEDF-4BAB-9514-9035920CDB91@cisco.com>
References: <166454083729.58860.322901814330533722@ietfa.amsl.com> <FE562068-8588-4998-965F-84B931CC3224@juniper.net> <5967FEDA-7517-45CF-89E7-C3B900CEEBB0@cisco.com> <7900217A-26D1-482D-B627-ED5FA96E13A5@juniper.net> <BY5PR11MB4337B4495047B64BFA90F733C15A9@BY5PR11MB4337.namprd11.prod.outlook.com> <59FE16A0-EBCA-4FED-8332-1231802894B8@juniper.net> <BY5PR11MB4337F631CA0E344CA0681009C15A9@BY5PR11MB4337.namprd11.prod.outlook.com> <00f601d8d892$5309b6c0$f91d2440$@olddog.co.uk>
In-Reply-To: <00f601d8d892$5309b6c0$f91d2440$@olddog.co.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.65.22091101
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BYAPR11MB2757:EE_|SA1PR11MB6806:EE_
x-ms-office365-filtering-correlation-id: efb9f936-61d5-4dc6-e5f0-08daa6c86104
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: u024rMoc4oYewEp4du5PSx8jW39DC7/5XcdEpbYmTAc7rz+GjiLWqc1pOfa4mZHAw05pLsjFAekaVYQSzWyeb42aMcFZ2DQDOY78kY0FFjIjm2OC+Q19dfg/dokUCISGL02sTCqs4ju7f/DCyio0DM/50cuPF2a1e/TPeqX0ixIPCsoAfXUvnZ0WZa6j+ZEsJhL6zzig7gJNS+eT3orkNdhOm3dM1Jdn98o/XiHHACaKDUKoUL9kv8fvb6tC3jfpENx7xuJw/LydmILg4v9noTwdJBSdTWhGoO81Wsa/hdOusTjMDlWqsy1b3ykgW2S20IEoDnsB0dRGS1Qz3G/M7BUVIIiQRka1udAXJL3QRGdCi1a5XCDYmZf3eyubIceWKnO8+5ACzcpm/GzYF0jT/FHTCgDwvT1l7sc/zFkhmPtCMHgRs1d9SYmLhsRNvPzODQXkwn6kQQZedRjN7HqtHkM4rdR3Im4GHYPKvc20GAZNE9elESHG7SMw7igTrNzQlJQqTePEKAjzOxFi8lyuPXUubrWcKdJn1a/KvWOSGc/QvzyEI+81WlxsrmyLcxl9W0WGBDs/5fm6UaGX4SVqMyHfQPZUQLqujjvzpomEyJoahFIeGrfbLEB/bGf+HYDIrWZ+yE3nxFiR/4lTKRD6CQ11muPysOa94IgPrTHWG/ZoYhGPRfIf3cgzqi2ffFWeibIZfcyat/OSzyOcYw0+qn/IBOfR1fap1aDYJvk6GlkR9XOVC/K1crxoFf8Izw2Xz31qaxYy07HcAZx9mLwH5iTHb3hM+u9aB7dKeQ7HbKOw8n9/kiF482QPOGpizAZtrDSNohVhCxYqO/qNeuvznm/QD/LGEN0ABcXngEwGtA4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB2757.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(136003)(39860400002)(366004)(376002)(396003)(346002)(451199015)(41300700001)(38070700005)(26005)(6512007)(76116006)(66946007)(66476007)(4326008)(8676002)(66446008)(91956017)(64756008)(478600001)(71200400001)(83380400001)(186003)(33656002)(86362001)(66574015)(966005)(66556008)(54906003)(110136005)(316002)(38100700002)(36756003)(122000001)(2616005)(6486002)(66899015)(7416002)(30864003)(2906002)(5660300002)(8936002)(15650500001)(6506007)(53546011)(45980500001)(579004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: RSwdnMZtIoaTyLEmKKzD/FfL1sQiNyifpROo7Y4n5gmzWhH9E18m9y1nA821yciMQHpHgPlQFVtiIIORXfrTbUebNSfeBun2O34YwtXEmK7KPTKxEDHHrvrGArOGttMjMY0vwglOKglTOMuyGE5Fp8Huy8YTeIgxH9qeULjYE2U0FosFogGOiGDrJgY0Nz+EaxpjaFJPIq+RQ5t/kZGMJNiAOEW5oIb7fBiS+IiHHXOyEpuPyxx8t64Ywa2z5tAfxf/MeuvDhmFg26gCrte37RtRe+dxgdLdJtFDJfRDqNDsk7d6fUUe59hIQJXAFYxWtZAisrWGmst6Sp+1o3iZkZtfdJZGNJUQ9dTL6nu5F0lOfy5Z7XXHLDzIbqZTjYwjjpmRCwWsmGYLBHADo3fgNjjDMv1S0IPkN1As+h95jcLoHHhPRV1I7WgPvFjrx9TIvcoduavqVKOGGB4rcr1A2md5YzxJuX5SJ5egqMpEiHdkUTsPQ9J+7TNZKOZbT/6TPlTy8Og8tj20hA/KQTHpVhJ6vOgKPIYDkBxNdqjRvvPu6a2ACdK06+ev7LwaitiRONj1A0Kfq3i+5MW5bLnouQh7jcOjCYaituQSLgTNUycSQynk4wKPbGaKfal0vovebYue261eMsK+S+BBOqotpAnxIMuKBOChNLiB2WwIUOhPRz6GN2qQ7pgUd1L/i+Avnjtzajrk0M9b1cEzWv12JZJe/oQEtWycVDNWsHbz4qUhCii8molm8LA29AZP1AHmqRI6yQ5PxIoDzFHyrQBMX8ulswVC/JcijrQywquK+bpkKUI+udfaXImTZ3mRxjUhK56lq8XnL4VgNlNv4iQWmXZh6KtC0lgQtovJ0FV2aBiJ7gmzKoWB25RvfFUTTj15yDXvBEscgXAz7xH2PznwFC9rPUOcJ97d3ikLW3wspssxNF1RUYP/Cd+6QcQfrUlY67eaUdd0YriwHr0X8hDU4BGGupr2NPWHA5HsJJ3SdkGlqHXcPTLT/Cjiqu/2fN9CFQ6eU0X14RlfqpwW2CTGjVlkZxl7r81XL4LKV5LQyxgCpbntJMEirsJf+m/nFTyIvEjO7f9uAPjaMpluE5yZoBcM7BEa2ffoTAtdX6ws0eN4FvPoCrM2NBVDBvBOriWkVI5VxrWnZ7lTXduTMmUVIr2whUVRrF1ogsHWU0UOQ4LJgNtdtd71tNFCBuIbXLO7SQAKUbqWavK+ZNN5uWOzkpfkQpjrRvnwxL0Ju1XbCqYWwwABWzN7jJSf0EQylDg2DXjvh/pJXBv/BuwKNlwsuOwqzID30KqmUGvIDPpeI6+xPptinVZKoDTHJdoY/ncDsl+bsFtUt4+RXmeEyzSQCTbBWoI4T7GFOjj3nceS4g3Tg9DCkIe3oAqYvVH7IJjwP2Z1uLY6WCNCU/J0dZKpWNlu/qqMc9HGjn+AcjbeN+e9a/VL12ONJgKWFlcQ/OjHjotURjFajb3L9HyCA8MIXkr/3ONrIb31CTmD+1O7BSuFBYQlCTi5nTCb/zwgwFUxOG+RFFeQrTKxFnxxBBUelud3ipRFTdOSVrb8OFkxhePXirhKxqgM2M4Zl5e/ENGU
Content-Type: text/plain; charset="utf-8"
Content-ID: <D7451352D4E2054A82EA8FEB9764F80D@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB2757.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: efb9f936-61d5-4dc6-e5f0-08daa6c86104
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Oct 2022 11:54:37.7258 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qTw+p7Xwvd7XcVVUkzqvpbxcpQRTNZaVrj3F+Q7Foa7mVp2EyiFZYMMklH1WNyxm
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB6806
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.227.253, xfe-rcd-005.cisco.com
X-Outbound-Node: rcdn-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/Ig2AGV3Y7M7zJiRvebw0HexIraU>
Subject: Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ietf-lsr-pce-discovery-security-support-11: (with DISCUSS and COMMENT)
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2022 11:54:49 -0000
That would be good for me as well. Given the discussion that is going on regarding YANG string lengths in NETMOD, it might also be good to limit the key-chain name to 255 characters as we did for the dynamic hostname in RFC 5301 and RFC 5642. Thanks, Acee On 10/5/22, 4:13 AM, "Adrian Farrel" <adrian@olddog.co.uk> wrote: Yeah, I like that suggestion. A -----Original Message----- From: Les Ginsberg (ginsberg) <ginsberg@cisco.com> Sent: 04 October 2022 20:43 To: John Scudder <jgs@juniper.net> Cc: Acee Lindem (acee) <acee@cisco.com>; Lars Eggert <lars@eggert.org>; The IESG <iesg@ietf.org>; draft-ietf-lsr-pce-discovery-security-support@ietf.org; lsr-chairs@ietf.org; lsr <lsr@ietf.org>; pce@ietf.org; Hannes Gredler <hannes@gredler.at>; JP Vasseur (jvasseur) <jvasseur@cisco.com>; meral.shirazipour@polymtl.ca; Adrian Farrel <adrian@olddog.co.uk> Subject: RE: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr-pce-discovery-security-support-11: (with DISCUSS and COMMENT) John - So you are suggesting that Section 4 of the draft be modified to say: "This introduction of additional sub-TLVs should be viewed as an exception to the [RFC5088][RFC5089] policy, justified by the requirement to discover the PCEP security support prior to establishing a PCEP session. The restrictions defined in [RFC5089][RFC5089] should still be considered to be in place. If in the future new advertisements are required, alternative mechanisms such as using [RFC6823] or https://datatracker.ietf.org/doc/draft-ietf-lsr-ospf-transport-instance/ should be considered." (or similar...) I am fine with that. Les > -----Original Message----- > From: John Scudder <jgs@juniper.net> > Sent: Tuesday, October 4, 2022 12:31 PM > To: Les Ginsberg (ginsberg) <ginsberg@cisco.com> > Cc: Acee Lindem (acee) <acee@cisco.com>; Lars Eggert <lars@eggert.org>; > The IESG <iesg@ietf.org>; draft-ietf-lsr-pce-discovery-security- > support@ietf.org; lsr-chairs@ietf.org; lsr <lsr@ietf.org>; pce@ietf.org; > Hannes Gredler <hannes@gredler.at>; JP Vasseur (jvasseur) > <jvasseur@cisco.com>; meral.shirazipour@polymtl.ca; Adrian Farrel > <adrian@olddog.co.uk> > Subject: Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr-pce-discovery- > security-support-11: (with DISCUSS and COMMENT) > > Hi Les, > > Thanks, that’s helpful. One comment, regarding > > > Hard for me to justify modifying RFC 5088/5089 simply to add a pointer to > GENINFO/OSPF-GT even if such an addition might be relevant. > > what I was actually suggesting was that the paragraph in draft-ietf-lsr-pce- > discovery-security-support could be updated to add the pointer. Since draft- > ietf-lsr-pce-discovery-security-support formally updates RFCs 5088/5089, > that would establish at least some mechanism less unreliable than trolling > through old mailing lists, to help a new implementor find this old history, > while still not requiring us to do the heavy lift of bis’ing 5088/5089 (which I > agree would be crazy to do just for this). > > —John > > > On Oct 4, 2022, at 3:24 PM, Les Ginsberg (ginsberg) <ginsberg@cisco.com> > wrote: > > > > John - > > > > Thanx for finding the old email thread. > > Folks also might want to look at this thread: > https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/lsr/Nhe > zQqKwIvHK_9dDUmW0iuhyjDA/__;!!NEt6yMaO-gk!BsexV0igrfCC6797R- > 5WEj654ycPt6DwvDJJ9cKMToAWSjm6GzCfKem3ylr0c4DezgdzY3N-mB2epg$ > > > > In summary, I raised these points when the draft was adopted - but > eventually agreed to allow the draft to go forward. > > > > The intent of the restrictions in RFC5088/5089 is to discourage carrying > additional "non-routing" information in the IGPs. > > The practical matter in this case is that trying to advertise the additional > information using some other mechanism is quite costly and awkward. The > fact that the additional information are sub-sub-TLVs of the PCED sub-TLV > speaks to the coupling of the new information with the existing information. > > > > I think we want to keep restrictions in place so as to discourage new > advertisements, but recognize that we compromise when it seems practical. > This isn’t ideal - and I understand why Lars would want to discuss this - but I > don't have a cleaner solution. > > The fact that we introduced PCE advertisements into the IGPs in the first > place makes it difficult to adhere to the restrictions for PCE related > advertisements. > > > > Section 4 of the draft states: > > > > "This introduction of additional sub-TLVs should be viewed as an exception > to the [RFC5088][RFC5089] policy, justified by the requirement to discover > the PCEP security support prior to establishing a PCEP session. The > restrictions defined in [RFC5089][RFC5089] should still be considered to be in > place." > > > > which is an accurate summary. > > > > Hard for me to justify modifying RFC 5088/5089 simply to add a pointer to > GENINFO/OSPF-GT even if such an addition might be relevant. > > > > Les > > > >> -----Original Message----- > >> From: John Scudder <jgs@juniper.net> > >> Sent: Tuesday, October 4, 2022 11:16 AM > >> To: Acee Lindem (acee) <acee@cisco.com> > >> Cc: Lars Eggert <lars@eggert.org>; The IESG <iesg@ietf.org>; draft-ietf- > lsr- > >> pce-discovery-security-support@ietf.org; lsr-chairs@ietf.org; lsr > >> <lsr@ietf.org>; pce@ietf.org; Hannes Gredler <hannes@gredler.at>; Les > >> Ginsberg (ginsberg) <ginsberg@cisco.com>; JP Vasseur (jvasseur) > >> <jvasseur@cisco.com>; meral.shirazipour@polymtl.ca; Adrian Farrel > >> <adrian@olddog.co.uk> > >> Subject: Re: [Lsr] Lars Eggert's Discuss on draft-ietf-lsr-pce-discovery- > >> security-support-11: (with DISCUSS and COMMENT) > >> > >> Hi Acee, > >> > >> Thanks. I have a few followups (addressed to the WG at large, not just > you). > >> > >> First, your point relates to OSPF. In the mail thread I cited, Les is talking > about > >> IS-IS. Are the concerns there similar? > >> > >> Second, you say "For non-routing information or advertising more > >> information without impacting unicast routing, I'd recommend OSPF-GT”. > >> That seems similar to Les’s advice (in > >> https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/isis- > wg/-__;!!NEt6yMaO-gk!BsexV0igrfCC6797R- > 5WEj654ycPt6DwvDJJ9cKMToAWSjm6GzCfKem3ylr0c4DezgdzY3NUtSlhyQ$ > >> YjCC5vzHkBY4aVWLJGP2w5OJHM/) to use IS-IS GENINFO (RFC 6823). I can > >> see that extending the PCED (sub-)TLV was the most obvious and > expedient > >> thing to do, but was it the right thing? I’m thinking about your advice and > >> Les’s, to use the generalized/generic transport options instead — was > that > >> option considered/discussed, or had everyone forgotten about the > “please > >> use GENINFO” suggestion by the time work on this draft began (after all, > >> more than ten years after the base document was developed)? (I don’t > see > >> evidence in a review of the mailing list archives that this was ever > considered, > >> but I might have missed something.) > >> > >> Third, if indeed the restriction in question is no longer relevant, is this > >> paragraph in the new spec really needed or even appropriate? > >> > >> This introduction of additional sub-TLVs should be viewed as an > >> exception to the [RFC5088][RFC5089] policy, justified by the > >> requirement to discover the PCEP security support prior to > >> establishing a PCEP session. The restrictions defined in > >> [RFC5089][RFC5089] should still be considered to be in place. > >> > >> Maybe it should just get rid of the restriction completely! On the other > hand, > >> if it *is* appropriate to leave that paragraph in, maybe it should be a little > >> more helpful, by mentioning IS-IS GENINFO and OSPF-GT as being the > >> preferred options for any future work, so that next time we are less likely > to > >> have the same oversight? > >> > >> Thanks, > >> > >> —John > >> > >>> On Oct 4, 2022, at 1:52 PM, Acee Lindem (acee) <acee@cisco.com> > wrote: > >>> > >>> Speaking as long-time LSR/OSPF WG Member and Co-author of RFC 4970 > >> and RFC 7770: > >>> > >>> When RFC 5088 was being standardized, there was concern over both > >> advertising non-routing information in OSPF and exceeding the maximum > >> size of an OSPF Router Information LSA which was limited to a single LSA > >> instance per OSPF router (RFC 4970). The controversial statement below > was > >> added to assuage these concerns. With the publication of RFC 7770, an > OSPF > >> router can advertise multiple Router Instance LSAs with different instance > >> IDs. At the same time, we have evolved to using Router Instance LSAs for > >> limited capability information associated with routing applications (e.g., > PCE). > >> For non-routing information or advertising more information without > >> impacting unicast routing, I'd recommend OSPF-GT > >> (https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft- > ietf- > >> lsr-ospf-transport-instance/__;!!NEt6yMaO- > >> > gk!F84pVCWbzGhoRsiBwEaOLHv7h4wykjYtXlrBXBrhnhZHtCGHtry0Z17ASBG2 > >> PUMF_yYzechg$ ). > >>> > >>> Thanks, > >>> Acee > >>> > >>> On 10/4/22, 1:29 PM, "John Scudder" <jgs@juniper.net> wrote: > >>> > >>> Hi Everyone, > >>> > >>> +Adrian since he appears to have been the shepherd for RFC 5088, > which > >> is the root of Lars’ DISCUSS. > >>> +Hannes, Les, JP, Meral as people who may have more context on the > >> question > >>> > >>> Since I haven’t seen any replies to this DISCUSS yet I did a little digging. > >> The text in question: > >>> > >>> No additional sub-TLVs will be added to the PCED TLV in the future. > >>> If a future application requires the advertisement of additional PCE > >>> information in OSPF, this will not be carried in the Router > >>> Information LSA. > >>> > >>> Was introduced in draft-ietf-pce-disco-proto-ospf-07, September 2007. > >> Checking in the archives, I see one relevant mail thread: > >> > https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/pce/UE > >> Rk8vF5e7cFQoblkDAVA74Ojh0/__;!!NEt6yMaO- > >> > gk!F84pVCWbzGhoRsiBwEaOLHv7h4wykjYtXlrBXBrhnhZHtCGHtry0Z17ASBG2 > >> PUMF_994CNrH$ is the beginning, but then it seems to have been > indexed > >> wrong so you should continue from here: > >> https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/isis- > >> wg/BpUVKsjr46ha9kbF3jwgKyymEBo/__;!!NEt6yMaO- > >> > gk!F84pVCWbzGhoRsiBwEaOLHv7h4wykjYtXlrBXBrhnhZHtCGHtry0Z17ASBG2 > >> PUMF_4C7YoXF$ to pick up Les’s reply as well. There are four relevant > >> messages in total, from Meral Shirazipour, JP Vasseur, Hannes Gredler, > and > >> Les Ginsberg. > >>> > >>> Rather than try to summarize I’m going to ask people to go look at the > >> short mail thread for themselves. Perhaps this will jog people’s memories > >> enough to allow a discussion on why we’re opening a registry for new > code > >> points that was explicitly defined as being closed. > >>> > >>> Thanks, > >>> > >>> —John > >>> > >>>> On Sep 30, 2022, at 8:27 AM, Lars Eggert via Datatracker > >> <noreply@ietf.org> wrote: > >>>> > >>>> > >>>> Lars Eggert has entered the following ballot position for > >>>> draft-ietf-lsr-pce-discovery-security-support-11: Discuss > >>>> > >>>> When responding, please keep the subject line intact and reply to all > >>>> email addresses included in the To and CC lines. (Feel free to cut this > >>>> introductory paragraph, however.) > >>>> > >>>> > >>>> Please refer to > >> > https://urldefense.com/v3/__https://www.ietf.org/about/groups/iesg/stat > >> ements/handling-ballot-positions/__;!!NEt6yMaO- > >> gk!BEvEYiZR6x7lTVrU9AA55g6M1- > >> 32P6xLCiZ537k4RWeOwmTjkSrRmf0k6fDyFPdPOpbjt8J-BPa3$ > >>>> for more information about how to handle DISCUSS and COMMENT > >> positions. > >>>> > >>>> > >>>> The document, along with other ballot positions, can be found here: > >>>> https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft- > ietf- > >> lsr-pce-discovery-security-support/__;!!NEt6yMaO- > >> gk!BEvEYiZR6x7lTVrU9AA55g6M1- > >> 32P6xLCiZ537k4RWeOwmTjkSrRmf0k6fDyFPdPOpbjt2I779yk$ > >>>> > >>>> > >>>> > >>>> ---------------------------------------------------------------------- > >>>> DISCUSS: > >>>> ---------------------------------------------------------------------- > >>>> > >>>> # GEN AD review of draft-ietf-lsr-pce-discovery-security-support-11 > >>>> > >>>> CC @larseggert > >>>> > >>>> ## Discuss > >>>> > >>>> ### Section 4, paragraph 3 > >>>> ``` > >>>> Section 4 of [RFC5088] states that no new sub-TLVs will be added to > >>>> the PCED TLV, and no new PCE information will be carried in the > >>>> Router Information LSA. This document updates [RFC5088] by > allowing > >>>> the two sub-TLVs defined in this document to be carried in the PCED > >>>> TLV advertised in the Router Information LSA. > >>>> > >>>> Section 4 of [RFC5089] states that no new sub-TLVs will be added to > >>>> the PCED TLV, and no new PCE information will be carried in the > >>>> Router CAPABLITY TLV. This document updates [RFC5089] by allowing > >>>> the two sub-TLVs defined in this document to be carried in the PCED > >>>> TLV advertised in the Router CAPABILITY TLV. > >>>> > >>>> This introduction of additional sub-TLVs should be viewed as an > >>>> exception to the [RFC5088][RFC5089] policy, justified by the > >>>> requirement to discover the PCEP security support prior to > >>>> establishing a PCEP session. The restrictions defined in > >>>> [RFC5089][RFC5089] should still be considered to be in place. > >>>> ``` > >>>> (This is mostly for discussion on the telechat, and I expect to clear > >>>> during the call.) > >>>> > >>>> Why were 5088/89 so strict on not allowing new sub-TLVs? This seems > >>>> quite unusual for IETF specs. I'm not arguing that this document > >>>> can't update those earlier RFCs to allow these new sub-TLVs, but it > >>>> seems odd to do so and in the same sentence say "the restrictions > >>>> should still be considered in place." > >>>> > >>>> ### Section 8.2, paragraph 1 > >>>> ``` > >>>> The PCED sub-TLVs were defined in [RFC5088] and [RFC5089], but they > >>>> did not create a registry for it. This document requests IANA to > >>>> create a new registry called "PCED sub-TLV type indicators" under the > >>>> "Interior Gateway Protocol (IGP) Parameters" grouping. The > >>>> registration policy for this registry is "IETF Review" [RFC8126]. > >>>> Values in this registry come from the range 0-65535. > >>>> ``` > >>>> Should the registration policy not be stricter (e.g., Standards > >>>> Action?) given that 5088/89 didn't even allow any new values? > >>>> > >>>> > >>>> ---------------------------------------------------------------------- > >>>> COMMENT: > >>>> ---------------------------------------------------------------------- > >>>> > >>>> ## Comments > >>>> > >>>> ### Inclusive language > >>>> > >>>> Found terminology that should be reviewed for inclusivity; see > >>>> https://urldefense.com/v3/__https://www.rfc- > >> editor.org/part2/*inclusive_language__;Iw!!NEt6yMaO- > >> gk!BEvEYiZR6x7lTVrU9AA55g6M1- > >> 32P6xLCiZ537k4RWeOwmTjkSrRmf0k6fDyFPdPOpbjt1fwrlFS$ for > >> background and more > >>>> guidance: > >>>> > >>>> * Term `master`; alternatives might be `active`, `central`, `initiator`, > >>>> `leader`, `main`, `orchestrator`, `parent`, `primary`, `server` > >>>> * Term `man`; alternatives might be `individual`, `people`, `person` > >>>> > >>>> ## Nits > >>>> > >>>> All comments below are about very minor potential issues that you > may > >> choose to > >>>> address in some way - or ignore - as you see fit. Some were flagged by > >>>> automated tools (via > >> https://urldefense.com/v3/__https://github.com/larseggert/ietf- > >> reviewtool__;!!NEt6yMaO-gk!BEvEYiZR6x7lTVrU9AA55g6M1- > >> 32P6xLCiZ537k4RWeOwmTjkSrRmf0k6fDyFPdPOpbjtxqHvOEf$ ), so there > >>>> will likely be some false positives. There is no need to let me know > what > >> you > >>>> did with these suggestions. > >>>> > >>>> ### URLs > >>>> > >>>> These URLs in the document can probably be converted to HTTPS: > >>>> > >>>> * > >> > https://urldefense.com/v3/__http://www.unicode.org/unicode/reports/tr3 > >> 6/__;!!NEt6yMaO-gk!BEvEYiZR6x7lTVrU9AA55g6M1- > >> 32P6xLCiZ537k4RWeOwmTjkSrRmf0k6fDyFPdPOpbjt9o1UwDk$ > >>>> > >>>> ### Grammar/style > >>>> > >>>> #### "Abstract", paragraph 1 > >>>> ``` > >>>> for OSPF and IS-IS respectively. However these specifications lack a > >> method > >>>> ^^^^^^^ > >>>> ``` > >>>> A comma may be missing after the conjunctive/linking adverb > "However". > >>>> (Also elsewhere.) > >>>> > >>>> #### Section 1, paragraph 5 > >>>> ``` > >>>> ry" instead of the "IGP registry" where as [RFC8623] and [RFC9168] > uses > >> the > >>>> ^^^^^^^^ > >>>> ``` > >>>> Did you mean "whereas"? > >>>> > >>>> #### Section 3.2.2, paragraph 3 > >>>> ``` > >>>> string to be used to identify the key chain. It MUST be encoded using > UTF- > >> 8. > >>>> ^^^^^^^^^ > >>>> ``` > >>>> This word is normally spelled as one. (Also elsewhere.) > >>>> > >>>> #### Section 5, paragraph 4 > >>>> ``` > >>>> enable a man-in-the-middle attack. Thus before advertising the PCEP > >> security > >>>> ^^^^ > >>>> ``` > >>>> A comma may be missing after the conjunctive/linking adverb "Thus". > >>>> > >>>> ## Notes > >>>> > >>>> This review is in the ["IETF Comments" Markdown format][ICMF], You > can > >> use the > >>>> [`ietf-comments` tool][ICT] to automatically convert this review into > >>>> individual GitHub issues. Review generated by the [`ietf- > reviewtool`][IRT]. > >>>> > >>>> [ICMF]: https://urldefense.com/v3/__https://github.com/mnot/ietf- > >> comments/blob/main/format.md__;!!NEt6yMaO- > >> gk!BEvEYiZR6x7lTVrU9AA55g6M1- > >> 32P6xLCiZ537k4RWeOwmTjkSrRmf0k6fDyFPdPOpbjt8uPawyE$ > >>>> [ICT]: https://urldefense.com/v3/__https://github.com/mnot/ietf- > >> comments__;!!NEt6yMaO-gk!BEvEYiZR6x7lTVrU9AA55g6M1- > >> 32P6xLCiZ537k4RWeOwmTjkSrRmf0k6fDyFPdPOpbjtxU9hxDt$ > >>>> [IRT]: > https://urldefense.com/v3/__https://github.com/larseggert/ietf- > >> reviewtool__;!!NEt6yMaO-gk!BEvEYiZR6x7lTVrU9AA55g6M1- > >> 32P6xLCiZ537k4RWeOwmTjkSrRmf0k6fDyFPdPOpbjtxqHvOEf$ > >>>> > >>> > >>> > >
- [Pce] Lars Eggert's Discuss on draft-ietf-lsr-pce… Lars Eggert via Datatracker
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… John Scudder
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… Acee Lindem (acee)
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… John Scudder
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… Les Ginsberg (ginsberg)
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… John Scudder
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… Les Ginsberg (ginsberg)
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… Adrian Farrel
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… Adrian Farrel
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… Acee Lindem (acee)
- Re: [Pce] Lars Eggert's Discuss on draft-ietf-lsr… Dhruv Dhody
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… Acee Lindem (acee)
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… John Scudder
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… Dhruv Dhody
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… John Scudder
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… John Scudder
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… Dhruv Dhody
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… John Scudder
- Re: [Pce] [Lsr] Lars Eggert's Discuss on draft-ie… Lars Eggert