Re: [Pce] Mirja Kühlewind's No Objection on draft-ietf-pce-inter-layer-ext-12: (with COMMENT)
"Adrian Farrel" <adrian@olddog.co.uk> Tue, 14 March 2017 17:48 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 064B5121A4E; Tue, 14 Mar 2017 10:48:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.62
X-Spam-Level:
X-Spam-Status: No, score=-2.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id omSICGaR4QYF; Tue, 14 Mar 2017 10:48:36 -0700 (PDT)
Received: from asmtp4.iomartmail.com (asmtp4.iomartmail.com [62.128.201.175]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D5D11213F8; Tue, 14 Mar 2017 10:48:35 -0700 (PDT)
Received: from asmtp4.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id v2EHmYx8025940; Tue, 14 Mar 2017 17:48:34 GMT
Received: from 950129200 ([176.241.250.4]) (authenticated bits=0) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id v2EHmR2T025900 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 14 Mar 2017 17:48:31 GMT
Reply-To: adrian@olddog.co.uk
From: Adrian Farrel <adrian@olddog.co.uk>
To: "'Mirja Kuehlewind (IETF)'" <ietf@kuehlewind.net>
Cc: 'The IESG' <iesg@ietf.org>, pce@ietf.org, draft-ietf-pce-inter-layer-ext@ietf.org, pce-chairs@ietf.org
References: <148949292925.12701.6850378178949921553.idtracker@ietfa.amsl.com> <050801d29ce5$ab5c4340$0214c9c0$@olddog.co.uk> <B24A6CFA-82B7-4258-927D-D0A530AF7E47@kuehlewind.net>
In-Reply-To: <B24A6CFA-82B7-4258-927D-D0A530AF7E47@kuehlewind.net>
Date: Tue, 14 Mar 2017 17:48:30 -0000
Message-ID: <052d01d29ceb$34c52a70$9e4f7f50$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJSXX0Bu+iu2Bc3eFbD7mnSL8i0SwJ+XrLSAyjVRrmgZ9+6QA==
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1679-8.1.0.1062-22942.001
X-TM-AS-Result: No--17.532-10.0-31-10
X-imss-scan-details: No--17.532-10.0-31-10
X-TMASE-MatchedRID: 9d2LtCNB3NLFPjpj+KrQKfHkpkyUphL94+ZcrqvCDkFbkEkbM1T7y242 Q6gP826QzKFxRzy/yjyOMDjZHc3LHaC0aaspfVux2DrYMLc1SE9Aq6/y5AEOOrrfxlRjqBJ3EGJ Ca/oTwlmoh31FHtwN8AWjdQRVNqGGoNQxMWUln01hHpATwph+yJ2lNATqz9zPseONmEIl6cJReD 6gNYbuko5QJnWdA+oBCjCvKeSuT46uyr/sGF0bIIxVBvj1jbcjvioP2AtQrfdrMbakJN8OeWS3E R2lnaX2Sk67Wm2PpK0kAzbREWz9m0Qo4IHbKMkrnbUZkYTzXIYUnXiHKcH7S914Aqe8EzF8vIwx rppyySnF0wMQNKBsDwum8fwmiFSMEwj5hG6tMXhm85QoNuKKvhmPWPgE2ntcHL8D2Jlysh8iL1G 7EVY5TkZrarpjLj2L6DyfhJn+3QrN2MV4VLPrfuYAh37ZsBDCxaYUXbZJ9N4gcyGevtftJ6PFjJ EFr+oloTCA5Efyn8CNo+PRbWqfRJBlLa6MK1y4
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/fphDpd2TRIX2xfUP5rXBcGIP1io>
Subject: Re: [Pce] Mirja Kühlewind's No Objection on draft-ietf-pce-inter-layer-ext-12: (with COMMENT)
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Mar 2017 17:48:38 -0000
Hi, That was quick! > >> 2) Is the INTER-LAYER Object Flags registry really needed, given the > >> limited amount of flag space??? > > > > I think so, yes. > > The registry is to stop collisions. > > I don't see how the size of the range makes much (any) difference. > > If you don't have a registry, anyone can grab any bit and there is a requirement > that everyone reads every draft to avoid collisions. > > Given the flag field in this document is specified as reserved, any new doc that > specifies a new flag must update this document. Hopefully the process works > well enough to not cause collisions (I’m confident of that). > > The size matters, as I would expect that the number of documents that update > this part is rather limited and therefore this is a viable and scalable approach. > > However, if you’d decide to keep the registry, you should not specify the > remaining flag part as reserved (otherwise you still have to update this document > even if you have a registry). > > I would still recommend not to use a registry. There is a difference between "Reserved" in an IANA registry and "reserved" in the text. I believe we have used a tried and tested wording (well, as long as I can recall) where: - unassigned bits are described in the protocol as "reserved - must be set to zero, should be ignored" - unassigned bits are flagged in the registry as "unassigned" Such a formula never requires an update to the base RFC. > >> 3) Security Consideration: "Inter-layer traffic engineering with PCE may > >> raise new security > >> issues when PCE-PCE communication is done between different layer > >> networks for inter-layer path computation." > >> This text is not very helpful as this section is meant to be used to > >> document these new issues. > > > > I'm trying to avoid saying "this should be obvious to one skilled in the art" since > that always annoys me when the US patent office says it to me. > > > > We could fill this out as... > > > > OLD > > Inter-layer traffic engineering with PCE may raise new security > > issues when PCE-PCE communication is done between different layer > > networks for inter-layer path computation. Security issues may also > > exist when a single PCE is granted full visibility of TE information > > that applies to multiple layers. > > > > Path-Key-based mechanism defined in [RFC5520] MAY be applied to > > address the topology confidentiality between different layers. > > NEW > > Inter-layer traffic engineering with PCE may raise new security > > issues when PCE-PCE communication is done between different layer > > networks for inter-layer path computation because information about > > the networks at different layers will necessarily be exposed in > > computation results. Furthermore, a PCE in one layer might use > > computation requests to "probe" for information about the network > > in the other layer. > > > > Security issues may also exist when a single PCE is granted full > > visibility of TE information that applies to multiple layers. > > > > In both cases cited here, the security concerns are to do with > > exposure of information about a network to parties outside that > > network. These concerns relate to the privacy of the commercial > > details of a network, but it should also be understood that > > distributing information about networks extends the attack surface > > for those networks. > > > > Path-Key-based mechanism defined in [RFC5520] MAY be applied to > > address the topology confidentiality between different layers. > > END > > Thanks! Much better! OK. Perhaps that can get added as an RFC Editor note? Cheers, Adrian
- [Pce] Mirja Kühlewind's No Objection on draft-iet… Mirja Kühlewind
- Re: [Pce] Mirja Kühlewind's No Objection on draft… Adrian Farrel
- Re: [Pce] Mirja Kühlewind's No Objection on draft… Mirja Kuehlewind (IETF)
- Re: [Pce] Mirja Kühlewind's No Objection on draft… Adrian Farrel