[Pce] Roman Danyliw's Discuss on draft-ietf-pce-stateful-hpce-13: (with DISCUSS and COMMENT)

Roman Danyliw via Datatracker <noreply@ietf.org> Wed, 18 September 2019 14:15 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: pce@ietf.org
Delivered-To: pce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E5D612011F; Wed, 18 Sep 2019 07:15:21 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-pce-stateful-hpce@ietf.org, Adrian Farrel <adrian@olddog.co.uk>, pce-chairs@ietf.org, adrian@olddog.co.uk, pce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.101.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <156881612137.4479.15191325652251719065.idtracker@ietfa.amsl.com>
Date: Wed, 18 Sep 2019 07:15:21 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/v35iMJLmB4wpDL74EcXvQ--ksFk>
Subject: [Pce] Roman Danyliw's Discuss on draft-ietf-pce-stateful-hpce-13: (with DISCUSS and COMMENT)
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Sep 2019 14:15:21 -0000

Roman Danyliw has entered the following ballot position for
draft-ietf-pce-stateful-hpce-13: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-pce-stateful-hpce/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

** Section 4.  Per “The security considerations listed in [RFC8231], [RFC6805]
and [RFC5440] apply to this document as well. As per [RFC6805], it is expected
that the parent PCE will require all child PCEs to use full security when
communicating with the parent.”, the references make sense, thanks for making
them.  My concern is in the definition of “use full security”.  I can see those
words come from RFC6805, however, I can't find where that set of practices is
defined.  Can this please be clarified.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

** Section 4.  Per the recommendation to use TLS _or_ TCP-AO.
-- I take the point from the SECDIR (thanks Stephen Farrell) about the (lack
of) deployment of AO.  My caution would be that TLS and TCP-AO provide
different security mechanism and therefore imbue different security properties
and this should be noted. (i.e., this isn’t a choice between like options)

-- As an editorial nit, it would be worth saying that guidance for implementing
using TLS with PCEP can be found in RFC8232.

** Editorial Nits:
Title.  Is the period at the end of the title necessary?