IETF Logo Mail Archive

Re: [Pce] Warren Kumari's No Objection on draft-ietf-lsr-pce-discovery-security-support-11: (with COMMENT)

Dhruv Dhody <dhruv.ietf@gmail.com> Thu, 06 October 2022 13:05 UTC

Return-Path: <dhruv.ietf@gmail.com>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAF2EC14F737; Thu, 6 Oct 2022 06:05:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fMpj3H8JVsmk; Thu, 6 Oct 2022 06:05:40 -0700 (PDT)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D8F3C1524CE; Thu, 6 Oct 2022 06:05:40 -0700 (PDT)
Received: by mail-wr1-x434.google.com with SMTP id a3so2679726wrt.0; Thu, 06 Oct 2022 06:05:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=dXHHnRIEWpkGLXkGbhTbQys2+jOpQaoPg8HQfmZLck0=; b=cr1qmV4RYOZ3cbyTo/saMNqFa1Eu+kFfNQ7TmiezSNslgw6C4tD7OVHfGG0fjNQZlV msPBLj0npCJu5RC8+yb6sPUl0XaiPO0l+NpywQ22BNC82/Q2li9zp31DCR5XT/CeLBSa 4FQeSvjC488nqsFqDYq1LwjdQ+Ey+OoQ2Oj+5uOH2E1JxD1c12S++KQRHzeH70y6hXBb tap4Fi3MzunnXJ6PAEHkuftosu+6FFo6cc3o4dFA4QIDhwK0s3m4YLyyM0TIG6PPXxo/ F3/GM+1LZqdC9ClevvihgZepI09ECVCJ+4sIf4Y0E997T2Q4HBqXYbWPBKSe4nlO6Ei3 hjjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=dXHHnRIEWpkGLXkGbhTbQys2+jOpQaoPg8HQfmZLck0=; b=pvDshcPSpDhaAenQdcokbWKkitzpcuDF2eJ/FWd1GBexbR41Cya87UHJtHDGs8mHZ0 UJjDoqdJo3VxyBsorKG5jBe6pO5Ku+CF8gYdHWKRALqVF0c4KMgRQBSqDXZ/pE1Ba8EP yoGyVbDlskNUbQ0Sm1vwcEhNeCyKxe1XKC1FDbxzy12vQCba85dGytmSK5vg+mhbuJtN mUIGHfqdNxx/OB1K2wtT3vNg/fzpj/BEwA5TQXbNq5j8zj04+hzLkqx7J0JHsB7VaP4I vF10/mf3Q4nwZLGRQCPA/TmJTKl4Rh3/BFBKA8j/AU0Ft7tMveBu66noCy+NmIGcA9ZG V8Fw==
X-Gm-Message-State: ACrzQf35HAlYC8BwzebP0S3r4bRQFlyUQtlQaJx1ahANOH0UDibDA70t KqCw4SAVJfDGY9dWOAprV3z4pgF7LFLyFp5cZWM=
X-Google-Smtp-Source: AMsMyM7wsKEd1EV8p/y9H0kOcsUtgZOdzGbzeUbnxlPFvv6A9Wicjhrfjm7Yz8KsVYWZsXiXvGWk2/P/GmTLjtIdKzk=
X-Received: by 2002:a05:6000:1447:b0:22a:ea42:29f7 with SMTP id v7-20020a056000144700b0022aea4229f7mr3325314wrx.38.1665061538490; Thu, 06 Oct 2022 06:05:38 -0700 (PDT)
MIME-Version: 1.0
References: <166500792646.52178.16628668590244281657@ietfa.amsl.com>
In-Reply-To: <166500792646.52178.16628668590244281657@ietfa.amsl.com>
From: Dhruv Dhody <dhruv.ietf@gmail.com>
Date: Thu, 06 Oct 2022 18:35:01 +0530
Message-ID: <CAB75xn6=aKB2mLoxKALtVmJZJr1Tm3v_-afBmt08StS9U4bdSg@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
Cc: The IESG <iesg@ietf.org>, draft-ietf-lsr-pce-discovery-security-support@ietf.org, lsr-chairs@ietf.org, lsr@ietf.org, Acee Lindem <acee@cisco.com>, pce@ietf.org
Content-Type: multipart/alternative; boundary="00000000000087edcf05ea5d59b1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/PubVG5bF3rH4cgnhnxwJxYRud5w>
Subject: Re: [Pce] Warren Kumari's No Objection on draft-ietf-lsr-pce-discovery-security-support-11: (with COMMENT)
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2022 13:05:42 -0000

Hi Warren,

Thanks for your review. Apologies for making you sad (we definitely
don't want that :)! How about this text instead of removing ->


6.  Management Considerations

   Manageability considerations for PCE Discovery are addressed in
   Section 4.10 of [RFC4674] and Section 9 of [RFC5088] [RFC5089].

6.1.  Control of Policy and Functions

   A PCE implementation SHOULD allow the following parameters to be
   configured on the PCE:

   *  support for TCP-AO

   *  the KeyID used by TCP-AO

   *  Key Chain Name

   *  support for TLS

6.2.  Information and Data Model

   The YANG model for PCEP [I-D.ietf-pce-pcep-yang] supports PCEP
   security parameters (key, key chain and TLS).

6.3.  Liveness Detection and Monitoring

   Normal operations of the IGP meet the requirements for liveness
   detection and monitoring.

6.4.  Verify Correct Operations

   The correlation of PCEP security information advertised against
   information received can be achieved by comparing the information in
   the PCED sub-TLV received by the PCC with that stored at the PCE
   using the PCEP YANG.

6.5.  Requirements on Other Protocols and Functional Components

   There are no new requirements on other protocols.

6.6.  Impact on Network Operations

   Frequent changes in PCEP security information advertised in the PCED
   sub-TLV may have a significant impact on IGP and might destabilize
   the operation of the network by causing the PCCs to reconnect
   sessions with PCE(s).  Section 4.10.4 of [RFC4674] and Section 9.6 of
   [RFC5088] [RFC5089] list techniques that are applicable to this
   document as well.

Thanks!
Dhruv


On Thu, Oct 6, 2022 at 3:42 AM Warren Kumari via Datatracker <
noreply@ietf.org> wrote:

> Warren Kumari has entered the following ballot position for
> draft-ietf-lsr-pce-discovery-security-support-11: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
>
> https://datatracker.ietf.org/doc/draft-ietf-lsr-pce-discovery-security-support/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> I started ballotting DISCUSS on this, but, surprisingly, "You made Warren
> sad"
> isn't actually one of the DISCUSS criteria, and so I'm (grudgingly and
> with bad
> grace) balloting NoObj instead.
>
> ----
> 6.  Management Considerations
>
>    A configuration option may be provided for advertising and
>    withdrawing PCEP security capability via OSPF and IS-IS.
> ----
>
> This section seems more than pointless to me - it seems (admittedly very
> slightly!) harmful. It doesn't actually *say* anything useful, but the
> very act
> of it showing up in the index / table of contents gives the impression that
> there may be actually Management Considerations text somewhere below. This
> initially made me all excited, and set my heart a flutter -- only to be
> crushed
> when I actually read it.
>
> Please consider ripping the section out - AFAICT, it doesn't accomplish
> anything, other than leading to false hope...
>
>
>
>

v2.23.0 | Report a Bug | By Email