Re: [Pce] Mirja Kühlewind's No Objection on draft-ietf-pce-inter-layer-ext-12: (with COMMENT)
"Adrian Farrel" <adrian@olddog.co.uk> Tue, 14 March 2017 17:09 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D26B513299F; Tue, 14 Mar 2017 10:09:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ei96vTzaK48V; Tue, 14 Mar 2017 10:08:59 -0700 (PDT)
Received: from asmtp3.iomartmail.com (asmtp3.iomartmail.com [62.128.201.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 995B11329A2; Tue, 14 Mar 2017 10:08:58 -0700 (PDT)
Received: from asmtp3.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp3.iomartmail.com (8.13.8/8.13.8) with ESMTP id v2EH8tx0026980; Tue, 14 Mar 2017 17:08:55 GMT
Received: from 950129200 ([176.241.251.4]) (authenticated bits=0) by asmtp3.iomartmail.com (8.13.8/8.13.8) with ESMTP id v2EH8pBu026946 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 14 Mar 2017 17:08:54 GMT
Reply-To: adrian@olddog.co.uk
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Mirja Kühlewind' <ietf@kuehlewind.net>, 'The IESG' <iesg@ietf.org>
Cc: pce@ietf.org, draft-ietf-pce-inter-layer-ext@ietf.org, pce-chairs@ietf.org
References: <148949292925.12701.6850378178949921553.idtracker@ietfa.amsl.com>
In-Reply-To: <148949292925.12701.6850378178949921553.idtracker@ietfa.amsl.com>
Date: Tue, 14 Mar 2017 17:08:53 -0000
Message-ID: <050801d29ce5$ab5c4340$0214c9c0$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJSXX0Bu+iu2Bc3eFbD7mnSL8i0S6CVC5CQ
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1679-8.1.0.1062-22942.001
X-TM-AS-Result: No--7.624-10.0-31-10
X-imss-scan-details: No--7.624-10.0-31-10
X-TMASE-MatchedRID: vEvJ7Rh1lGgtDLX17eHj6OYAh37ZsBDCC/ExpXrHizyYfLu5qIysvizs QurLskPGD/gYyqVMntmsBs95l0gCuR2P280ZiGmRf9ZzOyEuzmgUkWvaqUqLH27KnFvLjRh/i54 tFjy4TOADTDGMzJypOdIriLLTJFyci5WS7jKSSdFIRA38P/dwbiTzSFehhfJrUNzg/KvQ9bDLJp EAS0wAVsSGf3BWU6o0JAM20RFs/ZtEKOCB2yjJK3BRIrj8R47FQrO4XR6BRQMV1ftQZOqqL1gaJ 4K2OZueJrhQBA4SrAELpvH8JohUjBMI+YRurTF4ZvOUKDbiir4Zj1j4BNp7XPgnJH5vm2+g02TS vqRko5CggyGbhdV9xKU9XNQ4nII7o585keZI4UF8orCXAPNkJH0tCKdnhB581kTfEkyaZdz6C0e Ps7A07SAhra4zm6Tyz09iYaKqUple6WoSIk7yShUNRHYc9rhKlDygXh6zAtDQYNb5ClGHoUMMpr cbiest
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/W3JD_gGXZNyk_tJ_Js7FPq4KIWQ>
Subject: Re: [Pce] Mirja Kühlewind's No Objection on draft-ietf-pce-inter-layer-ext-12: (with COMMENT)
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Mar 2017 17:09:01 -0000
Hej Mirja, Thanks for the review. > Minor comments: > 1) I guess the I flag in the INTER-LAYER Object is actually not needed as > the present of the INTER-LAYER Object already indicates that inter-layer > information is requested, but that is not an issue. I think that this is true in a PCReq, but it may be helpful for an implementation to always include the object but toggle the flag. But in a PCRep the difference (while semantically the same) can have different inference. Thus... If a PCReq has the object with I=1 and the PCRep has the object with I=0 we know that the responder considered providing an interlayer path, but did not. If, instead, the object is absent from the PCRep we can't be sure how seriously the responder considered the request (although the result is still a mono-layer path). > 2) Is the INTER-LAYER Object Flags registry really needed, given the > limited amount of flag space??? I think so, yes. The registry is to stop collisions. I don't see how the size of the range makes much (any) difference. If you don't have a registry, anyone can grab any bit and there is a requirement that everyone reads every draft to avoid collisions. > 3) Security Consideration: "Inter-layer traffic engineering with PCE may > raise new security > issues when PCE-PCE communication is done between different layer > networks for inter-layer path computation." > This text is not very helpful as this section is meant to be used to > document these new issues. I'm trying to avoid saying "this should be obvious to one skilled in the art" since that always annoys me when the US patent office says it to me. We could fill this out as... OLD Inter-layer traffic engineering with PCE may raise new security issues when PCE-PCE communication is done between different layer networks for inter-layer path computation. Security issues may also exist when a single PCE is granted full visibility of TE information that applies to multiple layers. Path-Key-based mechanism defined in [RFC5520] MAY be applied to address the topology confidentiality between different layers. NEW Inter-layer traffic engineering with PCE may raise new security issues when PCE-PCE communication is done between different layer networks for inter-layer path computation because information about the networks at different layers will necessarily be exposed in computation results. Furthermore, a PCE in one layer might use computation requests to "probe" for information about the network in the other layer. Security issues may also exist when a single PCE is granted full visibility of TE information that applies to multiple layers. In both cases cited here, the security concerns are to do with exposure of information about a network to parties outside that network. These concerns relate to the privacy of the commercial details of a network, but it should also be understood that distributing information about networks extends the attack surface for those networks. Path-Key-based mechanism defined in [RFC5520] MAY be applied to address the topology confidentiality between different layers. END Thanks, Adrian
- [Pce] Mirja Kühlewind's No Objection on draft-iet… Mirja Kühlewind
- Re: [Pce] Mirja Kühlewind's No Objection on draft… Adrian Farrel
- Re: [Pce] Mirja Kühlewind's No Objection on draft… Mirja Kuehlewind (IETF)
- Re: [Pce] Mirja Kühlewind's No Objection on draft… Adrian Farrel