Re: [Pce] RtgDir review: draft-ietf-pce-pceps-12
Dhruv Dhody <dhruv.dhody@huawei.com> Thu, 11 May 2017 16:44 UTC
Return-Path: <dhruv.dhody@huawei.com>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56A011294A6; Thu, 11 May 2017 09:44:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.222
X-Spam-Level:
X-Spam-Status: No, score=-4.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NZn9SsUgZL3H; Thu, 11 May 2017 09:44:48 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96CE2129412; Thu, 11 May 2017 09:38:19 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml707-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DMS87338; Thu, 11 May 2017 16:38:17 +0000 (GMT)
Received: from BLREML408-HUB.china.huawei.com (10.20.4.47) by lhreml707-cah.china.huawei.com (10.201.108.48) with Microsoft SMTP Server (TLS) id 14.3.301.0; Thu, 11 May 2017 17:38:15 +0100
Received: from BLREML501-MBB.china.huawei.com ([10.20.5.200]) by BLREML408-HUB.china.huawei.com ([10.20.4.47]) with mapi id 14.03.0301.000; Thu, 11 May 2017 22:07:57 +0530
From: Dhruv Dhody <dhruv.dhody@huawei.com>
To: Dan Frost <frost@mm.st>, "rtg-ads@ietf.org" <rtg-ads@ietf.org>
CC: "rtg-dir@ietf.org" <rtg-dir@ietf.org>, "draft-ietf-pce-pceps.all@ietf.org" <draft-ietf-pce-pceps.all@ietf.org>, "pce@ietf.org" <pce@ietf.org>
Thread-Topic: [Pce] RtgDir review: draft-ietf-pce-pceps-12
Thread-Index: AQHSyltYC6H+jHLTg06wAJfoFK1pl6HvJ+jQ
Date: Thu, 11 May 2017 16:37:56 +0000
Message-ID: <23CE718903A838468A8B325B80962F9B8CAD810B@blreml501-mbb>
References: <1494509464.34491.973270680.4CBC76C2@webmail.messagingengine.com>
In-Reply-To: <1494509464.34491.973270680.4CBC76C2@webmail.messagingengine.com>
Accept-Language: en-GB, zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.195.40.152]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A0B0202.59149379.015F, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 47fe5610a508270e0cfe67eaa0713e17
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/l9LbHD_b2I1l8lYkWxgS5F9Yevk>
Subject: Re: [Pce] RtgDir review: draft-ietf-pce-pceps-12
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 May 2017 16:44:51 -0000
Hi Dan, Thanks for your review. Please see inline... > -----Original Message----- > From: Pce [mailto:pce-bounces@ietf.org] On Behalf Of Dan Frost > Sent: 11 May 2017 19:01 > To: rtg-ads@ietf.org > Cc: rtg-dir@ietf.org; draft-ietf-pce-pceps.all@ietf.org; pce@ietf.org > Subject: [Pce] RtgDir review: draft-ietf-pce-pceps-12 > > > Hello, > > I have been selected as the Routing Directorate reviewer for this draft. > The Routing Directorate seeks to review all routing or routing-related drafts as > they pass through IETF last call and IESG review, and sometimes on special > request. The purpose of the review is to provide assistance to the Routing ADs. > For more information about the Routing Directorate, please see > http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir > > Although these comments are primarily for the use of the Routing ADs, it would > be helpful if you could consider them along with any other IETF Last Call > comments that you receive, and strive to resolve them through discussion or by > updating the draft. > > Document: draft-ietf-pce-pceps-12 > Reviewer: Dan Frost > Review Date: 2017-05-11 > IETF LC End Date: > Intended Status: Standards Track > > Summary: > > I have significant concerns about this document and recommend that the > Routing ADs discuss these issues further with the authors. > > Comments: > > This document proposes to add a STARTTLS mechanism to the PCE protocol. > If this basic approach is accepted, then the document is in good shape. > It's clear, complete, and straightforward. The question is whether mandating > STARTTLS is actually a good idea. > [Dhruv] Yes, this has been discussed in the WG. The individual draft in fact asked for another port no, and during the WG adoption process, it was discussed in the WG as well as with security experts, and concluded that we should use STARTTLS. As far as I am aware, use of different port for secured version of a protocol has not been followed by IETF for some time now. > Major Issues: > > My main concern with this document is that it takes as given that STARTTLS is > the right way to secure PCEP with TLS. Perhaps this argument was already had at > some point and this draft is the result, but if so then at a bare minimum it needs > rationale explaining why STARTTLS was chosen over alternatives, and text that > addresses weaknesses and mitigations associated with STARTTLS processing, in > particular the possibility and relative ease of downgrade attacks. > [Dhruv] I see the benefit of adding text, something in line of - "As per the recommendation from [RFC7525], PCEP peers that support PCEPS, SHOULD prefer strict TLS configuration i.e. do not allow non-TLS PCEP sessions to be established." I will discuss further with my co-authors/chairs/AD, if we also need to spell out the full rationale here. > The obvious alternative would be to not use STARTTLS and simply allocate > another TCP port for PCEP-over-TLS. This avoids complicating the PCE protocol > and introducing the potential for downgrade attacks based on STARTTLS. PCE is > used to convey critical path-determination information in carrier networks, > among other things. That it's not fully authenticated and encrypted in all cases > already is an unfortunate legacy of a bygone era. Ideally operators should move > as quickly as possible to secure PCEP and aim to entirely remove the unsecure > form. > STARTTLS serves a weaker goal of "opportunistic" security, which, while it has its > uses, makes little sense for PCE compared to simply deprecating the unsecured > version. > > Minor Issues: > > * Section 3.3: "A RECOMMENDED value for StartTLSWait timer is 60 seconds." > This seems like a very long time to wait for an initial reply on an already- > established TCP connection. > [Dhruv] We saw a benefit in keeping this same as the OpenWait time in the PCEP session establishment. > * Section 3.2, fifth paragraph (beginning with "A PCEP speaker > receiving..."): > > This paragraph states: "A PCEP speaker receiving any other message apart from > StartTLS, open, or PCErr MUST treat it as an unexpected message..." > > As written this is confusing and seems to imply that no other PCEP messages can > ever be sent. It looks like this is meant to be scoped to the context of the first > message sent/received on session initiation? > [Dhruv] Yes. I will add clarification that this is for the first message. > * Section 8.6 > > The subsection titles of Section 8 have been taken from Section 8 of RFC 5440, > but Section 8.6 here is called "Impact on Network Operations" > while in RFC 5440 it's called "Impact on Network Operation". Funnily enough, > that final "s" makes a difference. Without it, the section refers to an impact on > the functioning of the network itself. With it, it would usually be taken to refer > to impact on human operations and management procedures. > > It looks correct to say that the mechanism of this draft should not significantly > impact the functioning of the network. On the other hand, it certainly does > impact operations and management procedures, as staff have to develop > policies around security requirements for PCEP within the organization, methods > for verifying whether device security parameters are configured correctly, > checking for unexpected downgrades to insecure sessions, etc. It would be an > improvement for the document to address the impact of PCEPS on operational > processes. > [Dhruv] Agreed. I will work on text in this section, along these lines. > Nits: [Dhruv] Ack for all. Thanks for your review. Regards, Dhruv > > Sec 3.1, first paragraph: > OLD > The steps involved in the PCEPS establishment consists of following > successive steps: > NEW > The steps involved in establishing a PCEPS session are as follows: > END > > Sec 3.4, Step 3: > s/Any attempt of initiate a TLS/Any attempt to initiate a TLS/ > > > Cheers, > -d > > _______________________________________________ > Pce mailing list > Pce@ietf.org > https://www.ietf.org/mailman/listinfo/pce
- [Pce] RtgDir review: draft-ietf-pce-pceps-12 Dan Frost
- Re: [Pce] RtgDir review: draft-ietf-pce-pceps-12 Dhruv Dhody
- Re: [Pce] [RTG-DIR] RtgDir review: draft-ietf-pce… Adrian Farrel
- Re: [Pce] RtgDir review: draft-ietf-pce-pceps-12 Diego R. Lopez
- Re: [Pce] RtgDir review: draft-ietf-pce-pceps-12 Dhruv Dhody