[Pce] RtgDir review: draft-ietf-pce-pceps-12
Dan Frost <frost@mm.st> Thu, 11 May 2017 13:34 UTC
Return-Path: <frost@mm.st>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAFC312EE46; Thu, 11 May 2017 06:34:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mm.st header.b=cAtkwAPl; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=pXlASUJz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HNJs26b918RQ; Thu, 11 May 2017 06:34:00 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2B0912EBFE; Thu, 11 May 2017 06:31:05 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 36EF120AC3; Thu, 11 May 2017 09:31:05 -0400 (EDT)
Received: from web5 ([10.202.2.215]) by compute6.internal (MEProxy); Thu, 11 May 2017 09:31:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mm.st; h=cc :content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=h4AjGDF5FSlDtB/R7CAKaA1O2uzgpcSiPcVTP1B8OYc=; b=cAtkwAPl EfnVpW8NItd2xJCq70Cy9X6fT+zQOlFhJCA8OOEGvV3mFeWYqpGVb9zzjm2AytIY 6f+YPDcsAkpNQAkGyq0f5jMjiOYrrnDKe+UhAWT7MmvHFFU9pGSp0XfZb/RYY2OQ JGJTmzvx8aiCf+ybsYAXl2o01waKRz0y/XyhL3lsbVIpjwI3XWFJcFfrOh8trSSW cJcI08iBTzA2ZM2wlDIUEFl6o6AFs1pqTCUJ2Qno367CszQVFNVCZQO7hniG/VPL fj1I4OCaJX9VmbhT0RKIRI5MkLARk1TRTiIzDijQs/MCAWxiXwp5zb6r3Rj3crkH DO+KqhkvzTx4tg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=h4AjGDF5FSlDtB/R7CAKaA1O2uzgp cSiPcVTP1B8OYc=; b=pXlASUJzDSpR2/CUjEBQErJusC+nj1xk6IaVMe+l+9u8a GDMj1Igy9eLNoOEG3GkItL50di0c1B5CzfMUPgeqIw8c6ePMP6BM8pQI7iogsS7Y khpO8syX/kTJbZ0/e7pXrVcpITzZ2mqPvQdF95E2DfbqSlKur/gLQs6mRl9SexvT AZO6huclnPfOcnPfM5/o0z/Y1u1XRjkO+qe8vHWTo778DMvUukKZyp1BzDDcxRuN 6wJpLbQ7ZqPc6hziZGR0+KGm+yrH29SEdZ92RscUYlLyZJH1WSTc0K5FhmamTAO3 lkpFw80r3TH5hgfDPULlo+WAe6AGM4h7ho7O+7V5w==
X-ME-Sender: <xms:mWcUWegSb07Gskw2_l5zOOz6TP4w7dHz9bfNotV2U3pTDCMoSZ20Cw>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 039BC9E259; Thu, 11 May 2017 09:31:04 -0400 (EDT)
Message-Id: <1494509464.34491.973270680.4CBC76C2@webmail.messagingengine.com>
From: Dan Frost <frost@mm.st>
To: rtg-ads@ietf.org
Cc: rtg-dir@ietf.org, draft-ietf-pce-pceps.all@ietf.org, pce@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-6cc55fe1
Date: Thu, 11 May 2017 14:31:04 +0100
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/v8U3favo0ejy23-LqXaMIpF1Tjw>
Subject: [Pce] RtgDir review: draft-ietf-pce-pceps-12
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 May 2017 13:34:03 -0000
Hello, I have been selected as the Routing Directorate reviewer for this draft. The Routing Directorate seeks to review all routing or routing-related drafts as they pass through IETF last call and IESG review, and sometimes on special request. The purpose of the review is to provide assistance to the Routing ADs. For more information about the Routing Directorate, please see http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir Although these comments are primarily for the use of the Routing ADs, it would be helpful if you could consider them along with any other IETF Last Call comments that you receive, and strive to resolve them through discussion or by updating the draft. Document: draft-ietf-pce-pceps-12 Reviewer: Dan Frost Review Date: 2017-05-11 IETF LC End Date: Intended Status: Standards Track Summary: I have significant concerns about this document and recommend that the Routing ADs discuss these issues further with the authors. Comments: This document proposes to add a STARTTLS mechanism to the PCE protocol. If this basic approach is accepted, then the document is in good shape. It's clear, complete, and straightforward. The question is whether mandating STARTTLS is actually a good idea. Major Issues: My main concern with this document is that it takes as given that STARTTLS is the right way to secure PCEP with TLS. Perhaps this argument was already had at some point and this draft is the result, but if so then at a bare minimum it needs rationale explaining why STARTTLS was chosen over alternatives, and text that addresses weaknesses and mitigations associated with STARTTLS processing, in particular the possibility and relative ease of downgrade attacks. The obvious alternative would be to not use STARTTLS and simply allocate another TCP port for PCEP-over-TLS. This avoids complicating the PCE protocol and introducing the potential for downgrade attacks based on STARTTLS. PCE is used to convey critical path-determination information in carrier networks, among other things. That it's not fully authenticated and encrypted in all cases already is an unfortunate legacy of a bygone era. Ideally operators should move as quickly as possible to secure PCEP and aim to entirely remove the unsecure form. STARTTLS serves a weaker goal of "opportunistic" security, which, while it has its uses, makes little sense for PCE compared to simply deprecating the unsecured version. Minor Issues: * Section 3.3: "A RECOMMENDED value for StartTLSWait timer is 60 seconds." This seems like a very long time to wait for an initial reply on an already-established TCP connection. * Section 3.2, fifth paragraph (beginning with "A PCEP speaker receiving..."): This paragraph states: "A PCEP speaker receiving any other message apart from StartTLS, open, or PCErr MUST treat it as an unexpected message..." As written this is confusing and seems to imply that no other PCEP messages can ever be sent. It looks like this is meant to be scoped to the context of the first message sent/received on session initiation? * Section 8.6 The subsection titles of Section 8 have been taken from Section 8 of RFC 5440, but Section 8.6 here is called "Impact on Network Operations" while in RFC 5440 it's called "Impact on Network Operation". Funnily enough, that final "s" makes a difference. Without it, the section refers to an impact on the functioning of the network itself. With it, it would usually be taken to refer to impact on human operations and management procedures. It looks correct to say that the mechanism of this draft should not significantly impact the functioning of the network. On the other hand, it certainly does impact operations and management procedures, as staff have to develop policies around security requirements for PCEP within the organization, methods for verifying whether device security parameters are configured correctly, checking for unexpected downgrades to insecure sessions, etc. It would be an improvement for the document to address the impact of PCEPS on operational processes. Nits: Sec 3.1, first paragraph: OLD The steps involved in the PCEPS establishment consists of following successive steps: NEW The steps involved in establishing a PCEPS session are as follows: END Sec 3.4, Step 3: s/Any attempt of initiate a TLS/Any attempt to initiate a TLS/ Cheers, -d
- [Pce] RtgDir review: draft-ietf-pce-pceps-12 Dan Frost
- Re: [Pce] RtgDir review: draft-ietf-pce-pceps-12 Dhruv Dhody
- Re: [Pce] [RTG-DIR] RtgDir review: draft-ietf-pce… Adrian Farrel
- Re: [Pce] RtgDir review: draft-ietf-pce-pceps-12 Diego R. Lopez
- Re: [Pce] RtgDir review: draft-ietf-pce-pceps-12 Dhruv Dhody