Re: [Pce] Roman Danyliw's Discuss on draft-ietf-pce-gmpls-pcep-extensions-14: (with DISCUSS and COMMENT)
Cyril Margaria <cyril.margaria@gmail.com> Mon, 01 July 2019 08:56 UTC
Return-Path: <cyril.margaria@gmail.com>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82048120099; Mon, 1 Jul 2019 01:56:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CsPnfzxcnOLv; Mon, 1 Jul 2019 01:55:58 -0700 (PDT)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 942281201FA; Mon, 1 Jul 2019 01:55:58 -0700 (PDT)
Received: by mail-ed1-x533.google.com with SMTP id z25so22131836edq.9; Mon, 01 Jul 2019 01:55:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IOnCT5k+Q8z4T7MRNZbHWH4sZ6yOE4wJT2+HlrlrPF4=; b=ctOIYjwY8DxkCkmv/vHXu+8Ia/ZFM9u8swRSkHRYDcdQOP+evvHqzuEOG3rewkEhGU PVdMMTRc5jBKSQj/jWBr5GApDPXjFia7u2qnsnRoi6fGGaiacy2FZ0LhYlJlHFztNQlT tAjTIruFg6D0cdcc/Bh3i1jswCpa1JXlX1sOaGLsuWNbUjiAZU4EiM+cZCNoDXNyV39r sGcHulSC/jE5gffk4uONnA4jjM2jMmves7u0bFjsZooXkMsJ7//T8QUEiaAXl6asd5x/ 4VpAi4U6YM17ufQ8PPxC0r+j7wIBuyHtLnvhq2PFj2ku/y4Xg/Ya62oyMlKNpRUhChDL OwYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IOnCT5k+Q8z4T7MRNZbHWH4sZ6yOE4wJT2+HlrlrPF4=; b=ogY3YxVSTAh7vbGXaZjJGxOYvTIbMI/xtbuc2BCVyxLXg+HlUS1qTIIqLLqxlb8mlQ jHn+g+ZNkpqZFSiXN/HGRUnw40q1uaJbncegmTHYDTV2oZrQiDSUxub0awzBO7Rr3Jcb +BVSXq4FpswF7dEP29GGIUgX20gtsqbkNOM0o4sfvb8VNNhKz/AfNSq6DJKOR9CwbPxo lnaNhYqF346nTE8ArfEdTkOd5fjRCoo8ZPqof7AHopIinDITJ6X/IkwUQaq9ew6oiTAW U0LRdWaMoG8J1V8N+tD/CvDa+ujWX0QHF5I+6VzwKErPrMOLt4IEzFyatOuoD1M9gmsn 8T3Q==
X-Gm-Message-State: APjAAAUtAUIypve1xLTz6RJ/5ZlYtDiRV2Xw8vEhQAxXpmVWMSyWd5k5 r71rzr+tDy0M/k+haV+RGw1jMh2FwiPafFA2MzWZKNQyi+Y=
X-Google-Smtp-Source: APXvYqwKl/rMDGo/RRKeMP9WeqO4vuZASRF6y1wx5/LkT1eG1nEU/f758BAFVs6ZpJNl7S7WamOTjqFCQC5Ux3UAJsI=
X-Received: by 2002:a50:bdc2:: with SMTP id z2mr27455618edh.245.1561971356963; Mon, 01 Jul 2019 01:55:56 -0700 (PDT)
MIME-Version: 1.0
References: <155493437653.22640.5917609495933403034.idtracker@ietfa.amsl.com>
In-Reply-To: <155493437653.22640.5917609495933403034.idtracker@ietfa.amsl.com>
From: Cyril Margaria <cyril.margaria@gmail.com>
Date: Mon, 01 Jul 2019 10:55:46 +0200
Message-ID: <CADOd8-si-1PJ5FSmQ9j38fQGLGyZduJzzqZVXNu_-c4CMqqKEA@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-pce-gmpls-pcep-extensions@ietf.org, pce@ietf.org, pce-chairs@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e19667058c9acb3b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/Yw0Uy3LHeOpSPLyPb3ecCnKZIeo>
Subject: Re: [Pce] Roman Danyliw's Discuss on draft-ietf-pce-gmpls-pcep-extensions-14: (with DISCUSS and COMMENT)
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jul 2019 08:56:02 -0000
Thanks for the review, please see inline Best Regards, Cyril On Thu, 11 Apr 2019 at 00:13, Roman Danyliw via Datatracker < noreply@ietf.org> wrote: > Roman Danyliw has entered the following ballot position for > draft-ietf-pce-gmpls-pcep-extensions-14: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-pce-gmpls-pcep-extensions/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > (1) Section 6, Per “The answer can make that the LSP traverses some > geographical place known to the attacker where some sniffing devices could > be > installed”, this is a concern. Good that it is here. However, it seems > like > the consequences could be even more expansive – confidentiality (sniffing), > integrity (modifying the traffic) or availability (choose to drop it). > > Would the following change cover those consequences: NEW: PCE Identity theft: A legitimate PCC could request a path for a GMPLS LSP to a malicious PCE, which poses as a legitimate PCE. The answer can make that the LSP traverses some geographical place known to the attacker where confidentiality (sniffing), integrity (traffic modification) or availability (traffic drop) attacks could be performed by use of an attacker-controlled device. (2) Section 6, [RFC8253] is mentioned a few times as having a variety of > capabilities to mitigate the described threats. This is the right > reference. > However, the current text doesn’t explicitly state whether and how this > guidance should be followed (should, must, is recommended?) > > > Would the following be appropriate? NEW: The document [RFC8253] describes the usage of Transport Layer Security (TLS) to enhance PCEP security. The document describes the initiation of the TLS procedures, the TLS handshake mechanisms, the TLS methods for peer authentication, the applicable TLS ciphersuites for data exchange, and the handling of errors in the security checks. PCE and PCC SHOULD use [RFC8253] mechanism to protect against malicious PCC and PCE. > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > (1) Section 2.3, Nit (missing commas and periods), > s/(SDH/SONET, G.709, ATM, MEF etc)/ > (SDH/SONET, G.709, ATM, MEF, etc.)/ > > (2) In a few section. Typo (duplicate “section Section”). Recommend > global > s/section Section/Section/g > > Thanks for catching those, I did not find the duplicated against though. > (3) Section 6. Duplicate word. s/against against/against/ > > > > _______________________________________________ > Pce mailing list > Pce@ietf.org > https://www.ietf.org/mailman/listinfo/pce >
- [Pce] Roman Danyliw's Discuss on draft-ietf-pce-g… Roman Danyliw via Datatracker
- Re: [Pce] Roman Danyliw's Discuss on draft-ietf-p… Cyril Margaria