Re: [Pce] Review of draft-dhody-pce-pceps-tls13
slitkows.ietf@gmail.com Mon, 13 November 2023 16:56 UTC
Return-Path: <slitkows.ietf@gmail.com>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C596C1519BF; Mon, 13 Nov 2023 08:56:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KwH1iADYOrQh; Mon, 13 Nov 2023 08:56:53 -0800 (PST)
Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0FADC14CEFF; Mon, 13 Nov 2023 08:56:53 -0800 (PST)
Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-53dd3f169d8so6989112a12.3; Mon, 13 Nov 2023 08:56:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699894612; x=1700499412; darn=ietf.org; h=content-language:thread-index:content-transfer-encoding :mime-version:message-id:date:subject:in-reply-to:references:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=iN8VvtpG5jZ1V50cXxS1X3IQHV0cwGR3li8aFvTH81U=; b=B3efEOAPidbepOjhmuqgrc6R6f8bDv0sBPbBVrJFnFjkMo5Xisz1yScFASS4Ykqfiw LjMDd4s/Lu9srICuciyvKg6WbbrRMvbkz3M/y7eB0kU9Y5YCHbQ2PLM6h/8o/mKKWiH6 y3811qZxF3JoAwc9mL7+KMahcG28M+vo0DiBXFp4pHb6c38ch4+C1YbmlMhSFm51o2aH E931kzmJ02A64bjoDNjXlntdxP62X6vemdNpBDvDrDpdNR6zZmaPen2y8mDiwn3fCsQ/ FOeTHbFn4mwOInM7oc2yMAN2FV+ZeecgaBYa4PImMLhCY4fBV/gmxfLWjTuf+tdHoMXl QJLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699894612; x=1700499412; h=content-language:thread-index:content-transfer-encoding :mime-version:message-id:date:subject:in-reply-to:references:cc:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=iN8VvtpG5jZ1V50cXxS1X3IQHV0cwGR3li8aFvTH81U=; b=SvFP6pr5obUVcKDmbg4n4+4sgzcUC67mpfeX0fMbQ7uzkdOsEyIdJqQzdkWhPC0M7W HmI2w3KzJuh+3nmrw+uClsr0RdU0d7l9FNgWYBnq3VT8rgZoPOz/ux2gUSb9ZfvMQdZC oeM5rCFBlV6jtu/LjMLXYMDw0OTcSkuRoTpqCZmL2jKZUsjlirJohH0mhQk1VHf4GtS9 6IS1tVOSFo8edfijYmE6eeZ7bmpH3ao90PoLMHGc28b5MgohknaJFG2D5ydqNR9rlsIY 7gYm5IojZ/0SO7IleUn+4a3ACF8RFctPCd6Yu5zYLrETRuqc4ixkSd4AnIbaz6PP6D2m 5JHg==
X-Gm-Message-State: AOJu0YxQSR7iyehH7NMt5ZKpjsekXGyw55qqsau0Yg3lSRBeYKkFDZO9 tuNXbbMzjhlXO2WRRwp3EiZk7MzgOQ==
X-Google-Smtp-Source: AGHT+IEiI7PQeAywLm7h2iDj9vXXpSa2GJbycFj1VpcIXbmewGc42/9O5OZ2gOkenB8pfwPt7gszcw==
X-Received: by 2002:aa7:d60b:0:b0:53e:6239:a04a with SMTP id c11-20020aa7d60b000000b0053e6239a04amr4949575edr.24.1699894611872; Mon, 13 Nov 2023 08:56:51 -0800 (PST)
Received: from CSCOWPF2QW8Y3 ([173.38.220.46]) by smtp.gmail.com with ESMTPSA id h4-20020a056402094400b005436d751abbsm3877473edz.83.2023.11.13.08.56.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Nov 2023 08:56:51 -0800 (PST)
From: slitkows.ietf@gmail.com
To: 'Sean Turner' <sean@sn3rd.com>, "'Stephane Litkowski (slitkows)'" <slitkows@cisco.com>
Cc: pce@ietf.org, pce-chairs@ietf.org
References: <SJ0PR11MB5136766C98C5B5D25D73A813C2FAA@SJ0PR11MB5136.namprd11.prod.outlook.com> <07A4D544-71E1-4CDD-A99D-2D0737B891CE@sn3rd.com>
In-Reply-To: <07A4D544-71E1-4CDD-A99D-2D0737B891CE@sn3rd.com>
Date: Mon, 13 Nov 2023 17:56:50 +0100
Message-ID: <007b01da1652$65d777c0$31866740$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIiBz08Os+dp7EHYJzY49bxtgrElAIy5nidr9b+5gA=
Content-Language: fr
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/re_k5W_Zyr3UYEepq9KfAY7wPBM>
Subject: Re: [Pce] Review of draft-dhody-pce-pceps-tls13
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2023 16:56:57 -0000
New text looks good to me. Thanks -----Original Message----- From: Pce <pce-bounces@ietf.org> On Behalf Of Sean Turner Sent: Wednesday, October 18, 2023 3:34 AM To: Stephane Litkowski (slitkows) <slitkows@cisco.com> Cc: pce@ietf.org; pce-chairs@ietf.org Subject: Re: [Pce] Review of draft-dhody-pce-pceps-tls13 Stephane, Thanks for the comments and sorry it’s taken me so long to respond. These comments made me entirely rethink what’s in the I-D. I was way too focused on maintaining alignment with draft-ietf-netconf-over-tls13 and that should not have been something to fixate on. > On Sep 19, 2023, at 09:26, Stephane Litkowski (slitkows) <slitkows@cisco.com> wrote: > > Hi WG, > > Chairs requested me to review draft-dhody-pce-pceps-tls13. > Here are couple of comments regarding the draft, I’m not an expert in this area, so my comments may sometimes be inaccurate: > > Intro: > • As RFC8253 is already making TLS 1.2 as required (Section 3.4 of RFC8253), why does this draft cares about “address support requirements for TLS 1.2” ? What is missing in RFC8253 ? > > > > Section 4: > • The two first paragraph related to TLS1.2 are already covered by RFC8253 section 3.4, what is changing ? > > • Regarding: “Implementations that support TLS 1.3 [I-D.ietf-tls-rfc8446bis] are REQUIRED to support the mandatory-to-implement cipher suites listed in Section 9.1 of [I-D.ietf-tls-rfc8446bis].¶ > • This is already mandated as per TLS1.3 draft (Section 9.1), so is the purpose of defining specific requirement for PCEP app ? In thinking about what’s missing, I have come to realization that really only two things are: 1) A statement about what to do if an PCEPS implementation supports more than one version of TLS. I tend to think that if a connection can support a later version it should. 2) A statement about not supporting TLS 1.3’s early data. And, maybe some text about what early data is and why we’re saying anything about it at all. I think we can do that by adding two restrictions to those that are already listed in s3.4 Step 1 and a couple of notes. So, I thought what if we recast the entire draft to do exactly that. Let me know what you think about the following PR: https://github.com/ietf-wg-pce/draft-ietf-pce-pceps-tls13/pull/11 > Security considerations: > • I don’t see Security considerations of RFC8253 referred in the section ? shouldn’t the draft build on top of it ? Is there any new consideration compared to RFC8253 brought by TLS1.3? Yeah those ought to be there too. See the following PR: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ > > Brgds, > > Stephane Cheers, spt _______________________________________________ Pce mailing list Pce@ietf.org https://www.ietf.org/mailman/listinfo/pce
- [Pce] Review of draft-dhody-pce-pceps-tls13 Stephane Litkowski (slitkows)
- Re: [Pce] Review of draft-dhody-pce-pceps-tls13 Sean Turner
- Re: [Pce] Review of draft-dhody-pce-pceps-tls13 Sean Turner
- Re: [Pce] Review of draft-dhody-pce-pceps-tls13 slitkows.ietf