Re: [secdir] Review of draft-ietf-pce-lsp-setup-type-08
Jonathan Hardwick <Jonathan.Hardwick@metaswitch.com> Mon, 05 March 2018 13:26 UTC
Return-Path: <Jonathan.Hardwick@metaswitch.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90E65120454 for <secdir@ietfa.amsl.com>; Mon, 5 Mar 2018 05:26:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=metaswitch.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XZh-GaadwiE4 for <secdir@ietfa.amsl.com>; Mon, 5 Mar 2018 05:26:11 -0800 (PST)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0116.outbound.protection.outlook.com [104.47.41.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D55BD12D777 for <secdir@ietf.org>; Mon, 5 Mar 2018 05:26:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metaswitch.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=CX8DoTwSetk6dQu/BjCPHJd5XJJRf0iDu+ld0f1xzJs=; b=oOqQ6PYNfpsbAAUJtx2u836bu8ArMXwVECY9m1Fg5ShNhst0zuHxdNw22wgDik4ORPdizQI+rM4E8Q91qdmI2odlMuviozxAr1Yq3CcI+irBKojkUL5tHHJnu2PgCI7v5OMjCpSw15HKAFKq0SwacjJV15qYoU60vx6KZtqP9VI=
Received: from CY4PR0201MB3603.namprd02.prod.outlook.com (52.132.99.21) by CY4PR0201MB3489.namprd02.prod.outlook.com (52.132.99.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.548.13; Mon, 5 Mar 2018 13:26:08 +0000
Received: from CY4PR0201MB3603.namprd02.prod.outlook.com ([fe80::60f2:dcec:f4d6:9192]) by CY4PR0201MB3603.namprd02.prod.outlook.com ([fe80::60f2:dcec:f4d6:9192%13]) with mapi id 15.20.0548.016; Mon, 5 Mar 2018 13:26:08 +0000
From: Jonathan Hardwick <Jonathan.Hardwick@metaswitch.com>
To: Shawn Emery <shawn.emery@gmail.com>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-pce-lsp-setup-type.all@tools.ietf.org" <draft-ietf-pce-lsp-setup-type.all@tools.ietf.org>
Thread-Topic: Review of draft-ietf-pce-lsp-setup-type-08
Thread-Index: AQHTs4vKZ59TgBBAL0qCc6rqmJEieKPBo6/A
Date: Mon, 05 Mar 2018 13:26:08 +0000
Message-ID: <CY4PR0201MB3603F83CDD2179BF0AD25A8184DA0@CY4PR0201MB3603.namprd02.prod.outlook.com>
References: <CAChzXmZ5O1m6nm69MwhaB6X_CzwpF-6Q+rbTYO8CRgcYkBV7cg@mail.gmail.com>
In-Reply-To: <CAChzXmZ5O1m6nm69MwhaB6X_CzwpF-6Q+rbTYO8CRgcYkBV7cg@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Jonathan.Hardwick@metaswitch.com;
x-originating-ip: [86.137.0.247]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR0201MB3489; 7:z15bZngjUyKUi9GnBQEnFS5hRvAsdccXs/2F2iFq1bBF7RR8yRp5kGoFgtMGtJtSo/EvckOIMD7/W8mSS6S77pl2IYiVBEV1wrifDlzPxxQ899R+eRyvr5a/u2UBMNG6iGsOauGOdWLn08KnYqCXl9CUuRSmOjAGZ1Ff4qDFLh1L/+OFz6O5WjciXUgpECp5R0MFbtqcjcKW38B3WD0VxezonhD4qgH0ldCVNV92cgqFjC8UlHyWxHYChrEW6YjL
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 952ffd90-c3ef-403e-be5a-08d5829ca813
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:CY4PR0201MB3489;
x-ms-traffictypediagnostic: CY4PR0201MB3489:
x-microsoft-antispam-prvs: <CY4PR0201MB34897D9ECCF793E71EBFB52C84DA0@CY4PR0201MB3489.namprd02.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(192374486261705)(85827821059158)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(3231220)(944501244)(52105095)(3002001)(10201501046)(93006095)(93001095)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(6072148)(201708071742011); SRVR:CY4PR0201MB3489; BCL:0; PCL:0; RULEID:; SRVR:CY4PR0201MB3489;
x-forefront-prvs: 06022AA85F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(39850400004)(396003)(39380400002)(366004)(51914003)(199004)(189003)(6506007)(99286004)(186003)(7736002)(33656002)(2201001)(86362001)(6116002)(316002)(25786009)(790700001)(3846002)(106356001)(39060400002)(5660300001)(3280700002)(110136005)(59450400001)(102836004)(26005)(2906002)(66066001)(105586002)(74316002)(53546011)(8936002)(2900100001)(3660700001)(76176011)(6436002)(97736004)(8676002)(81156014)(81166006)(53936002)(2501003)(229853002)(6306002)(9686003)(54896002)(55016002)(6246003)(72206003)(478600001)(68736007)(5250100002)(2950100002)(14454004)(7696005); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR0201MB3489; H:CY4PR0201MB3603.namprd02.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: metaswitch.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: /u20Gyy+7EH378phB+C5GgK3pSXysmApFCtIrjvFS4NuYmBQHEVAbzF9wwsAhG3oFkc9+Yrm46WXepWzx2RaY0FoArGWfmK0LACm0FsGtoczqtfavtS1V6thtDaQo+uwNU7bETDo+BJqZ5sgCXTy685OW8s1RlKrJOtQrbkgnIF2SNGC2tRQ2Ynq+zrBPJEk2DpnrcNTfqGxrG5pw5yIZHikwwr+AsoaB6eY+ZNqDKRI0k/xhCszNBCdyWeF7DPUJeyb/Hax1wS02x0vXLyFmdKl6HrYkU7gXkZQLxgdPjdVwmCcF/FuVThuU27b1Tu/w6gETmhXCD6aNgg+Qazmgg==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR0201MB3603F83CDD2179BF0AD25A8184DA0CY4PR0201MB3603_"
MIME-Version: 1.0
X-OriginatorOrg: metaswitch.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 952ffd90-c3ef-403e-be5a-08d5829ca813
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Mar 2018 13:26:08.8487 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9d9e56eb-f613-4ddb-b27b-bfcdf14b2cdb
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR0201MB3489
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/7HHiV6VFgc6lGC02cYwG4bMaKEA>
Subject: Re: [secdir] Review of draft-ietf-pce-lsp-setup-type-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Mar 2018 13:26:15 -0000
Thanks for the comments, Shawn. I agree with your mark-ups below and will make sure they are updated in the next revision. Best regards Jon From: Shawn Emery [mailto:shawn.emery@gmail.com] Sent: 04 March 2018 07:38 To: secdir@ietf.org; draft-ietf-pce-lsp-setup-type.all@tools.ietf.org Subject: Review of draft-ietf-pce-lsp-setup-type-08 Reviewer: Shawn M Emery Review result: Ready with nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft specifies an extension to the Path Computation Element communication Protocol (PCEP) that allows for different path setup methods for a given session. The security considerations section does exist and defers security aspects related to this draft to RFC 5440 and 8281. I agree with this assertion. I believe that the base specifications cover the security concerns and ways to mitigate sufficiently for this protocol. It was also good to see that PCEP is developing security as a forethought [RFC 8253]. General comments: None. Editorial comments: s/A Path Computation Element can/A Path Computation Element (PCE) can/ s/extension to PCEP/extension to the PCE communication Protocol (PCEP)/ s/be able take control/be able to take control/ Shawn. --
- [secdir] Review of draft-ietf-pce-lsp-setup-type-… Shawn Emery
- Re: [secdir] Review of draft-ietf-pce-lsp-setup-t… Jonathan Hardwick