[Pce] Eric Rescorla's No Objection on draft-ietf-pce-pceps-17: (with COMMENT)
Eric Rescorla <ekr@rtfm.com> Tue, 05 September 2017 03:12 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: pce@ietf.org
Delivered-To: pce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3140B13218E; Mon, 4 Sep 2017 20:12:19 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Eric Rescorla <ekr@rtfm.com>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-pce-pceps@ietf.org, Cyril Margaria <cmargaria@juniper.net>, pce-chairs@ietf.org, cmargaria@juniper.net, pce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.59.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <150458113919.28560.11919292423873157447.idtracker@ietfa.amsl.com>
Date: Mon, 04 Sep 2017 20:12:19 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/IiNvP7Pb5XlV7Q5Ci2PkgzzZXCQ>
Subject: [Pce] Eric Rescorla's No Objection on draft-ietf-pce-pceps-17: (with COMMENT)
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Sep 2017 03:12:19 -0000
Eric Rescorla has entered the following ballot position for draft-ietf-pce-pceps-17: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-pce-pceps/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- This document needs a significant editorial pass. I found a number of writing errors, e.g., "Securing via TLS of an existing PCEP session is not permitted," S 1. defining their application in depth. Moreover, [RFC6952] remarks the importance of ensuring PCEP communication privacy, especially when The term here is "confidentiality" S 3.2. The whole description of how you can race StartTLS iff you know you are TLS only is really hard to understand until you get to the diagrams. I would write something like: The PCC initiates the use of TLS by sending a StartTLS message The PCE agrees to the use of TLS by responding with its own StartTLS message. If the PCE is configured to only do TLS, it may send the StartTLS message immediately upon TCP connection establishment; otherwise it MUST wait for the PCC's first message to see whether it is an Open or StartTLS message. S 3.4. + Implementations SHOULD indicate their trusted CAs. For TLS 1.2, this is done using [RFC5246], Section 7.4.4, "certificate_authorities" (server side) and [RFC6066], Section 6 "Trusted CA Indication" (client side). Do common stacks do this? I know NSS does not. To support TLS re-negotiation both peers MUST support the mechanism described in [RFC5746]. Any attempt to initiate a TLS handshake to establish new cryptographic parameters not aligned with [RFC5746] SHALL be considered a TLS negotiation failure. Is there a reason to allow renegotiation at all? S 3.5 [I-D.ietf-pce-stateful-sync-optimizations] specify a Speaker Entity Identifier TLV (SPEAKER-ENTITY-ID), as an optional TLV that MAY be included in the OPEN Object. It contains a unique identifier for the node that does not change during the lifetime of the PCEP speaker. An implementation would thus expose the speaker entity identifier as part of the X509v3 certificate, so that an implementation could use this identifier for the peer identification trust model. This seems underspecified. Is there an OID assigned? S 4.1. DANE [RFC6698] defines a secure method to associate the certificate that is obtained from a TLS server with a domain name using DNS, i.e., using the TLSA DNS resource record (RR) to associate a TLS server certificate or public key with the domain name where the record is found, thus forming a "TLSA certificate association". The DNS information needs to be protected by DNS Security (DNSSEC). A PCC willing to apply DANE to verify server identity MUST conform to the rules defined in section 4 of [RFC6698]. The server's domain name must be authorized separately, as TLSA does not provide any useful authorization guarantees. This is also underspecified. Which DANE types are you suggesting you use? S 7. Some TLS ciphersuites only provide integrity validation of their payload, and provide no encryption. This specification does not forbid the use of such ciphersuites, but administrators must weight carefully the risk of relevant internal data leakage that can occur in such a case, as explicitly stated by [RFC6952]. Why don't you forbid it?
- [Pce] Eric Rescorla's No Objection on draft-ietf-… Eric Rescorla