Re: [Pce] Mirja Kühlewind's No Objection on draft-ietf-pce-inter-layer-ext-12: (with COMMENT)
"Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net> Tue, 14 March 2017 17:25 UTC
Return-Path: <ietf@kuehlewind.net>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29B581329E1 for <pce@ietfa.amsl.com>; Tue, 14 Mar 2017 10:25:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8rEXkhaFKLgO for <pce@ietfa.amsl.com>; Tue, 14 Mar 2017 10:25:12 -0700 (PDT)
Received: from kuehlewind.net (kuehlewind.net [83.169.45.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA6BC1329DE for <pce@ietf.org>; Tue, 14 Mar 2017 10:25:11 -0700 (PDT)
Received: (qmail 19676 invoked from network); 14 Mar 2017 18:18:29 +0100
Received: from p5dec2824.dip0.t-ipconnect.de (HELO ?192.168.178.33?) (93.236.40.36) by kuehlewind.net with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 14 Mar 2017 18:18:29 +0100
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>
In-Reply-To: <050801d29ce5$ab5c4340$0214c9c0$@olddog.co.uk>
Date: Tue, 14 Mar 2017 18:18:28 +0100
Cc: The IESG <iesg@ietf.org>, pce@ietf.org, draft-ietf-pce-inter-layer-ext@ietf.org, pce-chairs@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <B24A6CFA-82B7-4258-927D-D0A530AF7E47@kuehlewind.net>
References: <148949292925.12701.6850378178949921553.idtracker@ietfa.amsl.com> <050801d29ce5$ab5c4340$0214c9c0$@olddog.co.uk>
To: adrian@olddog.co.uk
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/MY4tdZVTUa_ESDd2_lh8dvwIsWw>
Subject: Re: [Pce] Mirja Kühlewind's No Objection on draft-ietf-pce-inter-layer-ext-12: (with COMMENT)
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Mar 2017 17:25:13 -0000
Hi Adrian, comments below. > Am 14.03.2017 um 18:08 schrieb Adrian Farrel <adrian@olddog.co.uk>: > > Hej Mirja, > Thanks for the review. > >> Minor comments: >> 1) I guess the I flag in the INTER-LAYER Object is actually not needed as >> the present of the INTER-LAYER Object already indicates that inter-layer >> information is requested, but that is not an issue. > > I think that this is true in a PCReq, but it may be helpful for an implementation to always include the object but toggle the flag. > But in a PCRep the difference (while semantically the same) can have different inference. Thus... > If a PCReq has the object with I=1 and the PCRep has the object with I=0 we know that the responder considered providing an interlayer path, but did not. If, instead, the object is absent from the PCRep we can't be sure how seriously the responder considered the request (although the result is still a mono-layer path). Okay. > >> 2) Is the INTER-LAYER Object Flags registry really needed, given the >> limited amount of flag space??? > > I think so, yes. > The registry is to stop collisions. > I don't see how the size of the range makes much (any) difference. > If you don't have a registry, anyone can grab any bit and there is a requirement that everyone reads every draft to avoid collisions. Given the flag field in this document is specified as reserved, any new doc that specifies a new flag must update this document. Hopefully the process works well enough to not cause collisions (I’m confident of that). The size matters, as I would expect that the number of documents that update this part is rather limited and therefore this is a viable and scalable approach. However, if you’d decide to keep the registry, you should not specify the remaining flag part as reserved (otherwise you still have to update this document even if you have a registry). I would still recommend not to use a registry. > >> 3) Security Consideration: "Inter-layer traffic engineering with PCE may >> raise new security >> issues when PCE-PCE communication is done between different layer >> networks for inter-layer path computation." >> This text is not very helpful as this section is meant to be used to >> document these new issues. > > I'm trying to avoid saying "this should be obvious to one skilled in the art" since that always annoys me when the US patent office says it to me. > > We could fill this out as... > > OLD > Inter-layer traffic engineering with PCE may raise new security > issues when PCE-PCE communication is done between different layer > networks for inter-layer path computation. Security issues may also > exist when a single PCE is granted full visibility of TE information > that applies to multiple layers. > > Path-Key-based mechanism defined in [RFC5520] MAY be applied to > address the topology confidentiality between different layers. > NEW > Inter-layer traffic engineering with PCE may raise new security > issues when PCE-PCE communication is done between different layer > networks for inter-layer path computation because information about > the networks at different layers will necessarily be exposed in > computation results. Furthermore, a PCE in one layer might use > computation requests to "probe" for information about the network > in the other layer. > > Security issues may also exist when a single PCE is granted full > visibility of TE information that applies to multiple layers. > > In both cases cited here, the security concerns are to do with > exposure of information about a network to parties outside that > network. These concerns relate to the privacy of the commercial > details of a network, but it should also be understood that > distributing information about networks extends the attack surface > for those networks. > > Path-Key-based mechanism defined in [RFC5520] MAY be applied to > address the topology confidentiality between different layers. > END Thanks! Much better! Mirja > > Thanks, > Adrian >
- [Pce] Mirja Kühlewind's No Objection on draft-iet… Mirja Kühlewind
- Re: [Pce] Mirja Kühlewind's No Objection on draft… Adrian Farrel
- Re: [Pce] Mirja Kühlewind's No Objection on draft… Mirja Kuehlewind (IETF)
- Re: [Pce] Mirja Kühlewind's No Objection on draft… Adrian Farrel