IETF Logo Mail Archive

[Pce] FW: [Lsr] WG Last Call for IGP extension for PCEP security capability support in the PCE discovery - draft-ietf-lsr-pce-discovery-security-support-05

"Acee Lindem (acee)" <acee@cisco.com> Thu, 22 July 2021 18:57 UTC

Return-Path: <acee@cisco.com>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAD163A0DFE for <pce@ietfa.amsl.com>; Thu, 22 Jul 2021 11:57:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.494
X-Spam-Level:
X-Spam-Status: No, score=-10.494 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_COMMENT_SAVED_URL=1.391, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, T_HTML_ATTACH=0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Cg3Hu1Dz; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=JrKArX94
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eiDqYPZT6gqU for <pce@ietfa.amsl.com>; Thu, 22 Jul 2021 11:57:01 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6F283A0DF6 for <pce@ietf.org>; Thu, 22 Jul 2021 11:57:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=111056; q=dns/txt; s=iport; t=1626980220; x=1628189820; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=ShhMnvDvcJUkkBlcTOOJMCJP0EpCypO7Pd0vxDF+jEw=; b=Cg3Hu1DzQk5tRjGZLktmAP5fe/S8AWSRJXzm669XuTWv2BnNgTRbXaQJ CzhRqSo5WRHiTtYS2JF/ts724/mZKma68IJ7KUBQwSpvCslizCyggxHdh vFKkHD9RsTUU/L3j74sKpxQWNMAnrxvCX8Aav0nekBspRAfG5gn8VU84K M=;
X-Files: Diff_ draft-ietf-lsr-pce-discovery-security-support-05.txt.orig - draft-ietf-lsr-pce-discovery-security-support-05.txt.html : 71232
X-IPAS-Result: A0B2CwAfvvlg/49dJa1QCoJigSMwIy4Hd1o3MQKERoFfgWkDhTmIYgOJF4ZVikSBQoERA1QEBwEBAQ0BATcKBAEBgyKBNQIXgmACJTcGDgIEAQEBAQMCAwEBAQEBAQMBAQUBAQECAQYEexOFaAEMhkUBAQEEEggDBgoTAQElEw8CAQgRAwECFgsBAgcCAgIwGwEBBQMCBBMODQeCTwGCVQMvAQ6dFgGBOgKKH3qBMoEBggcBAQYEBIFKQYMdGIItBwmBOoJ8hAwBAYJngU+CKgInHIINgRQBJxyCMjA+glcLAQECARd/CQkBBwsBCS8JBgYBEoJYNoIugi0BLUQBATwmAQNRAQEUDAIkCisWQwEFERgBCQYUBQcHAQKVLIg6N4E5iHqGY44CCoMmhTqEfIc6jE4FJoNjgUeCD4gIlyKWCYIciheTLEiEZgIEAgQFAg4BAQaBdiVpcHAVOyoBgj4JRxkOjX0uARUVgzqFFIVKcwIBCisCBgEKAQEDCYsEXgEB
IronPort-PHdr: A9a23:LW8Y/Rc/eaRlsf6W7A1b8kJ/lGM/qYqcDmcuAtIPir9SfOKk5Zuxd EDc5PA4iljPUM2b7v9fkOPZvujmXnBI+peOtn0OMfkuHx8IgMkbhUosVciCD0CoLfP2YWo9B ssRHFNg9muwZE5SHsu2blbOo3q0uDgVHBi3NQd8KunvXIDIiMHi3OGp8JqVaAJN11KA
IronPort-HdrOrdr: A9a23:9zZ+06nJ+Ugz4L3EsUnCzzfmdUfpDfOOimdD5ihNYBxZY6Wkfp +V/cjzhCWbtN9OYh4dcIi7SdW9qADnhOFICOgqTPaftWzd2FdAQ7sSlbcKrweQfhEWs9QtqJ uIEJIOSOEYb2IK9voSiTPQe71LrbX3k9HLuQ6d9QYWcegAUdAG0+4NMHfjLqQAfnghOXNWLu v52uN34x6bPVgHZMWyAXcIG8LZocfQqZ7gaRkaQzY69Qinl1qTmf3HOind+i1bfyJEwL8k/2 SAuRf+/L+fv/ayzQKZ/3PP7q5RhMDqxrJ4dY6xY4kuW3DRYzSTFcNcso65zXYISSaUmQ8Xee z30lMd1gJImivsly+O0EDQMkLboUgTAjfZuC6laD3Y0JbErPZQMbscuWqfGSGptnbI9esMo5 6ilQiixupqJAKFkyLn69fSURZ20kKyvHo5iOYWy2dSSI0EddZq3MEiFW5uYdw99RjBmcoa+S hVfbbhzecTdUnfY2HSv2FpztDpVnMvHg2eSkxHvsCOyTBZkH1w0kNdnaUk7zg93YN4T4MB6/ XPM6xumr0LRsgKbbhlDONERcesEGTCTR/FLWrXK1X6E6MMPW7LtvfMkfkIzfDvfIZNwIo5mZ zHXl8dvWkue1j2AcnLx5FP+gClehT0Yd0s8LAW23FdgMyzeFPGC1z3dLkeqbrXnxxEOLyoZx +aAuMjP8Pe
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.84,261,1620691200"; d="html'217?scan'217,208,217";a="737151743"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Jul 2021 18:56:59 +0000
Received: from mail.cisco.com (xbe-rcd-006.cisco.com [173.37.102.21]) by rcdn-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id 16MIuwwP017681 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK) for <pce@ietf.org>; Thu, 22 Jul 2021 18:56:59 GMT
Received: from xfe-rcd-003.cisco.com (173.37.227.251) by xbe-rcd-006.cisco.com (173.37.102.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Thu, 22 Jul 2021 13:56:58 -0500
Received: from xfe-rtp-002.cisco.com (64.101.210.232) by xfe-rcd-003.cisco.com (173.37.227.251) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Thu, 22 Jul 2021 13:56:57 -0500
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-002.cisco.com (64.101.210.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Thu, 22 Jul 2021 14:56:57 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n0XcnePykHY5zChubiiYRnSwIZGOMnhKyY5loW93Oke/JUwFMgGJ1y4BMewFDXITy8oc+5yU2lC7HTlWID1yPRgrjFOwSYzpIrjXummrv90+3DD3BLQNWpu1PGxVkbv/DEK6uMnS/rx2DM+qaPLQ3vbutxo95HgYLGBXz67h4opJ1xGiLyolMlkpdjPC8MHi7aVcbe3G8THbiPUj2SxHR8jYOXB5zVW49CTfprUQb41OHSlY4LB/UalIE5dBgSrMO+TbWbQXycaOLWdljwwnZGTTpg2eg0D3kP9op772AgVsoayk4eROmS7HdvrdlAaVLUmgbYiWV4NfqlMHM4e9Tg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kMywTXwIW8l2g1ugiTe7j6HZon4BkqaxZYYwoeWQfcY=; b=FabsaN4AAcIC9WHMRS0tVOA11fpfD4Nk4pJYDCeZPZZYNeY/xNfwFvBFCtOQlEBr0wsq2jeS4u5IW/9CvVXcLfg5QnrP1oLkCOlF5kO/dURxnSh1d/iEGo+HgaU2pqq7R7vx5qwqDYxAp9A1unh5rXfmLjZPK4Fif8ha5Bd78myOKR/WJFtoj8m++z4X+3iQvjfR0rSDbUDdp2yWCbkovU8dzuFS0x7JZqHb3+YlVjxqdudssSjAZ08Itw6xo+6SHJFJpaDd80CheHS/7D9twDrbP7UfkkpN7n7WqxiiFCRozyEPMYkAjQmyXilrUR/TBUYL6YQybN/g7x1mweHSLA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kMywTXwIW8l2g1ugiTe7j6HZon4BkqaxZYYwoeWQfcY=; b=JrKArX9479TsaDV/AayXF7k1IVIp+VmnAiEte6pmiMcG5xmhm+C0sh8eirgesm7YuOrcTdr8Si7CUcEcdScXgQW+gukpC1tgZaeak6KNn/KjKPR2E3kB3m/o7WQuJ/4eqQtr3Spr9piII7ibw0SyIUpp8LK1yDZgr1qVx1KXYys=
Received: from BYAPR11MB2887.namprd11.prod.outlook.com (2603:10b6:a03:89::27) by BYAPR11MB2646.namprd11.prod.outlook.com (2603:10b6:a02:c6::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.25; Thu, 22 Jul 2021 18:56:56 +0000
Received: from BYAPR11MB2887.namprd11.prod.outlook.com ([fe80::dc2e:765f:512c:b39e]) by BYAPR11MB2887.namprd11.prod.outlook.com ([fe80::dc2e:765f:512c:b39e%7]) with mapi id 15.20.4331.034; Thu, 22 Jul 2021 18:56:56 +0000
From: "Acee Lindem (acee)" <acee@cisco.com>
To: "pce@ietf.org" <pce@ietf.org>
Thread-Topic: [Lsr] WG Last Call for IGP extension for PCEP security capability support in the PCE discovery - draft-ietf-lsr-pce-discovery-security-support-05
Thread-Index: AQHXfwvT8Z0Uuayt+E6k31jzZjbDFKtPFYiA
Date: Thu, 22 Jul 2021 18:56:56 +0000
Message-ID: <F4AD4672-46B8-48F6-841B-A57BD8DB0525@cisco.com>
References: <0A11504D-BD7C-4A2D-B1D0-8C18D7851CFE@cisco.com>
In-Reply-To: <0A11504D-BD7C-4A2D-B1D0-8C18D7851CFE@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.51.21071101
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: edd7b30e-44a5-4443-5206-08d94d427a31
x-ms-traffictypediagnostic: BYAPR11MB2646:
x-microsoft-antispam-prvs: <BYAPR11MB2646AFB6A071C622395F0862C2E49@BYAPR11MB2646.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4oV6joy5xErZZW3b8I55GbXvo5Ri49oHUNG5JkmlsxEHjjcym7MxVr1XuGbADwfMrpae2O2sdZhwDEW+RnM8GA2E6ObbJZQKZ88RIEguGdfi4l8/K2xMENIYDJ2dyEZbrb4q9o1k5o1iLRp47vFLIUQUyOdEnqbi7BC0CwmVzTeKPG9B+Hw1nu++a2s3iA/HnY59lQKrJadZDMUyP9lnw9T/ogNSk/5FkpMZMY3Z5WEjVSGd4il7opVJbgClYzhOs6s8PwcOWilBh2IZBWsn9rqLogklZsRmu7eoTQvw27Y11D5h87cwkRyzgh3lw60jCldJxRrdpwDm2cMjeMzdA3Qp+M+SuuoTIsm7fqFMxiwOvkloQgDsO3Q/N0sGhKhMkysIIVrfBPWQt/2air9qyvSGy3s8ygFHvEPBSEtNLFlR8ro0orJmNTIYScKok6Plfb3nbE5wmEaH0WvWjxOu6AK929xkqDdZAeZ9p/FaJeU8pX8lx8YvhToRoe65ocm6Im708HaS2DoBXAwSKaWfC7fSQVdmsN+Z0mW1GwVqMfAvFqS6TyjzkvdKvkzLZPKi4IY+VzEdyrhMZuGEHyZTj3aVYT1gFY3rWuuwOnaNUYZGKdEW90Wct9LriL4ySpES2FC5Kv2qZhsakY2kHvvV5lh9flj/SfqX89zQ0R3nmDVITMXmtnYmIBkqJ5mhbuBdDQFrNyBGIIGtPfiXSB/FSZYNPawak4v+K8lcui7lkpekYIvMbdSUuNGcwiFnLoZV0vD0OcC8c5OY5XBxV137LXynnAV3COmu9519wp4NL5VHk+UOwbYr2GFmVW3lVpfA
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB2887.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(2616005)(38100700002)(6512007)(66476007)(966005)(66616009)(6486002)(316002)(6916009)(66556008)(15650500001)(186003)(76116006)(508600001)(36756003)(122000001)(86362001)(66446008)(8676002)(66946007)(8936002)(5660300002)(83380400001)(64756008)(2906002)(99936003)(71200400001)(53546011)(6506007)(33656002)(26005)(38070700004)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: oD+0ek1OA83DMHgOxmFNdit2c+sHRuSf+LNCzq7TeLNYTfOgOtUPfwnMum4Sqk6l1LGxtn/0EcghbxgvEDi0bwetRPse2hHAS5jaIuC5Q4FImTaLVPtLU2UBXTRS68yeFreiXrO7hlKdBb9D7S013DAcW9jAbekNGBT0MGqtFVHI4JoRhWa64Nj78A+DhLxUpGEwYrwghHsBmzV3W0xTEJI2d0+f+LKJ+ceMLhnSun/IA662bAHtxCsItIGQFS6FVdqdSdVsHd5mw13uRCWfBxSCvfkCshOVhnYobM/+WC9hwlNwRlEorCR0URI/xVewS4oarY2z9OBxqs9TiE/b1TaJqJOlhm7QIeA+5nGIYfuDij5VQzHzeb/2Kj5H3hLwNMtF/kk9Ol0jBFnI2qTtGizmy0BR53nPkBSalLteIZhrGlwu8zBPxkgPoGsd3T89QxeZq+VlwI5jEi7pMy1lS1hKslPhc8RCwuOuwMkpKVJMTTLmn8hWdmK/F1xMal/xgE2KKoKU46l55rYt1AWs8UMJXZm+vAsq99rrOxL8w1KtscW6j3b+yTKyB+RRiplN1kmIGYCf0OiM1QGLO5G/sUOFpGD2deFXr9mvdwNYffEFF+1M935pnbASO1l8ypgsEF4twPImoi/XemMwXKvYumoyKWK4MR6mxpoXNHEtBYB2Z5WgVxx2UDFzyXo0xYaTDWOinGlq6NSnK4+GxRKLLaGXycfo8SZG0hGL6Pnq6FqvFNoi+xeo2wGpJJ1PNWEsmjBasqmehpbU2ZFJQdxwdn2Hbb1gB/cPGHvQVfEjnudlLgNNGB5WIezU35GrSfU7mPq/2QMlwvTmnI2hqcW1V6FFhl+62a6niNkpcQW10CXG2vp5/Elzj7+ovsX2bU1+dsKXvJGjqvJgkzNIonT5AtDq8OeB4gXmM+yfiLosDpJBSTLe+IEJEg02NlwA+QlSkRI7UG8P4HnrmRh6tu8m7SHZqWaUa/VKRDVCSkoKXJg3e/AuIjcs7bJaksipITCogZmVFGGM01YeEByiuH9LWDkiYjvuzJIrYJ8zMhdNte0YfRRMrlXtDmmfq0paVwO27e9o59hxDnW+LbAm/U+Z4zsZfelVTL8T5gBvhE754imfefg9A6Ye/ttcAnmzGUoH5HC1UMeVW4WAoWCeq58dHMSMOjAiTWnl0r8bKrXFE3aUdUYjyU0nYXiqtwd8PA27dGqy3ZP1lj3Q2BqiMzm3bBV6hY3GJpzkWKyQ+xEThi09jArQj1a54qeGuFJq9Xauq6A329ukWWUu4/torgsHogWkwvcWxmDl/tIc9DU7JL8++joTbXXMC2lfCoy87HlN/zM+njEddbuT+zdwGYiEag==
x-ms-exchange-transport-forked: True
Content-Type: multipart/mixed; boundary="_004_F4AD467246B848F6841BA57BD8DB0525ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB2887.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: edd7b30e-44a5-4443-5206-08d94d427a31
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2021 18:56:56.1579 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: D4Usa85u6aqdGKlghJKmu+RelvWTt4Eotj5qt20Rp3bSo3+u8fx2FTYfXMr671Be
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2646
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.21, xbe-rcd-006.cisco.com
X-Outbound-Node: rcdn-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/tOGENzBhtEUjxmvrTzgjVj92j-g>
Subject: [Pce] FW: [Lsr] WG Last Call for IGP extension for PCEP security capability support in the PCE discovery - draft-ietf-lsr-pce-discovery-security-support-05
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2021 18:57:19 -0000

Forwarding comments to PCE list…
Thanks,
Acee

From: Acee Lindem <acee@cisco.com>
Date: Thursday, July 22, 2021 at 11:11 AM
To: "Acee Lindem (acee)" <acee=40cisco.com@dmarc.ietf.org>, "lsr@ietf.org" <lsr@ietf.org>
Cc: "draft-ietf-lsr-pce-discovery-security-support@ietf.org" <draft-ietf-lsr-pce-discovery-security-support@ietf.org>
Subject: Re: [Lsr] WG Last Call for IGP extension for PCEP security capability support in the PCE discovery - draft-ietf-lsr-pce-discovery-security-support-05

Speaking as a WG member, I support publication.

I only have one functional comment and that is on Appendix A. Note that a key-chain or key-id would be useful for MD5 as well as TLS and TCP-AO. I’m not suggesting that you add MD5 since it is historic but support of MD5 as specified in RFC 5440 would require configuration of the same key or key-chain on the PCC and PCE server.

I also have some editorial comments that you can decide whether or not to apply. Of note are that I don’t think you need to say “looking for connecting with a” and can simply say “looking for a”. Also, once this document is published the capability bits and sub-TLVs are not longer “new”.

See full set of editorial comments in attached RFC diff.

Thanks,
Acee


From: Lsr <lsr-bounces@ietf.org> on behalf of "Acee Lindem (acee)" <acee=40cisco.com@dmarc.ietf.org>
Date: Wednesday, July 21, 2021 at 12:46 PM
To: "lsr@ietf.org" <lsr@ietf.org>
Cc: "draft-ietf-lsr-pce-discovery-security-support@ietf.org" <draft-ietf-lsr-pce-discovery-security-support@ietf.org>
Subject: [Lsr] WG Last Call for IGP extension for PCEP security capability support in the PCE discovery - draft-ietf-lsr-pce-discovery-security-support-05

This begins a 3-week WG Last Call, ending on August 4th, 2021, for draft-ietf-lsr-pce-discovery-security-support. Please indicate your support or objection to this list before the end of the WG last call. The longer WG last call is to account for IETF week.

  https://datatracker.ietf.org/doc/draft-ietf-lsr-pce-discovery-security-support/


Thanks,
Acee

v2.23.0 | Report a Bug | By Email