Re: [Pce] Alexey Melnikov's Yes on draft-ietf-pce-pceps-15: (with COMMENT)
Dhruv Dhody <dhruv.dhody@huawei.com> Mon, 07 August 2017 14:42 UTC
Return-Path: <dhruv.dhody@huawei.com>
X-Original-To: pce@ietfa.amsl.com
Delivered-To: pce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A504813239C; Mon, 7 Aug 2017 07:42:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g-hafeiXQ4lP; Mon, 7 Aug 2017 07:42:48 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55FA71323A4; Mon, 7 Aug 2017 07:42:47 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml706-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DMD13089; Mon, 07 Aug 2017 14:42:44 +0000 (GMT)
Received: from BLREML407-HUB.china.huawei.com (10.20.4.45) by lhreml706-cah.china.huawei.com (10.201.108.47) with Microsoft SMTP Server (TLS) id 14.3.301.0; Mon, 7 Aug 2017 15:42:43 +0100
Received: from BLREML501-MBB.china.huawei.com ([10.20.5.200]) by BLREML407-HUB.china.huawei.com ([10.20.4.45]) with mapi id 14.03.0301.000; Mon, 7 Aug 2017 20:12:29 +0530
From: Dhruv Dhody <dhruv.dhody@huawei.com>
To: Alexey Melnikov <aamelnikov@fastmail.fm>, The IESG <iesg@ietf.org>
CC: "cmargaria@juniper.net" <cmargaria@juniper.net>, "draft-ietf-pce-pceps@ietf.org" <draft-ietf-pce-pceps@ietf.org>, "pce@ietf.org" <pce@ietf.org>, "pce-chairs@ietf.org" <pce-chairs@ietf.org>
Thread-Topic: [Pce] Alexey Melnikov's Yes on draft-ietf-pce-pceps-15: (with COMMENT)
Thread-Index: AQHTD2p1+w72bdEK5kmSJO8K0AUEfaJ48jvg
Date: Mon, 07 Aug 2017 14:42:28 +0000
Message-ID: <23CE718903A838468A8B325B80962F9B8CB99540@blreml501-mbb>
References: <150210277776.19062.13322344032277131609.idtracker@ietfa.amsl.com>
In-Reply-To: <150210277776.19062.13322344032277131609.idtracker@ietfa.amsl.com>
Accept-Language: en-GB, zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.18.76.63]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090202.59887C65.01C6, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 9c0c8be9f93b630e28851189c0a2c11b
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/z37vk3gfpHH4yoC5m_7yEDgthGw>
Subject: Re: [Pce] Alexey Melnikov's Yes on draft-ietf-pce-pceps-15: (with COMMENT)
X-BeenThere: pce@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Path Computation Element <pce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pce>, <mailto:pce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pce/>
List-Post: <mailto:pce@ietf.org>
List-Help: <mailto:pce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pce>, <mailto:pce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Aug 2017 14:42:50 -0000
Hi Alexey, > -----Original Message----- > From: Pce [mailto:pce-bounces@ietf.org] On Behalf Of Alexey Melnikov > Sent: 07 August 2017 16:16 > To: The IESG <iesg@ietf.org> > Cc: cmargaria@juniper.net; draft-ietf-pce-pceps@ietf.org; pce@ietf.org; > pce-chairs@ietf.org > Subject: [Pce] Alexey Melnikov's Yes on draft-ietf-pce-pceps-15: (with > COMMENT) > > Alexey Melnikov has entered the following ballot position for > draft-ietf-pce-pceps-15: Yes > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-pce-pceps/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you for addressing my DISCUSS points and comments. > > I think the text about use of RFC 6125 should use RFC 6125 terminology > like DNS-ID and CN-ID, because they have a bit more semantics associated > with them other than just subjectAltName:DNS. I think you should also > clarify whether you want to allow wildcards in DNS-ID/CN-ID (RFC 6125 > talks about that). > [[[Dhruv Dhody]]] Ack, updated to - + Implementations MUST follow the rules and guidelines for peer validation as defined in [RFC6125]. If an expected DNS name or IP address for the peer is configured, then the implementations MUST check them against the values in the presented certificate. The DNS names and the IP addresses can be contained in the CN-ID [RFC6125] (Common Name Identifier) or the subjectAltName entries. For verification, only one of these entries is considered. The following precedence applies: for DNS name validation, DNS- ID [RFC6125] has precedence over CN-ID; for IP address validation, subjectAltName:iPAddr has precedence over CN- ID. + Implementations MAY allow the configuration of a set of additional properties of the certificate to check for a peer's authorization to communicate (e.g., a set of allowed values in URI-ID [RFC6125] or a set of allowed X509v3 Certificate Policies). The definition of these properties are out of scope of this document. Regards, Dhruv > > _______________________________________________ > Pce mailing list > Pce@ietf.org > https://www.ietf.org/mailman/listinfo/pce
- [Pce] Alexey Melnikov's Yes on draft-ietf-pce-pce… Alexey Melnikov
- Re: [Pce] Alexey Melnikov's Yes on draft-ietf-pce… Alexey Melnikov
- Re: [Pce] Alexey Melnikov's Yes on draft-ietf-pce… Spencer Dawkins at IETF
- Re: [Pce] Alexey Melnikov's Yes on draft-ietf-pce… Dhruv Dhody
- Re: [Pce] Alexey Melnikov's Yes on draft-ietf-pce… Dhruv Dhody
- Re: [Pce] Alexey Melnikov's Yes on draft-ietf-pce… Spencer Dawkins at IETF
- Re: [Pce] Alexey Melnikov's Yes on draft-ietf-pce… Dhruv Dhody
- Re: [Pce] Alexey Melnikov's Yes on draft-ietf-pce… Spencer Dawkins at IETF
- Re: [Pce] Alexey Melnikov's Yes on draft-ietf-pce… Alexey Melnikov