Re: [secdir] secdir review of draft-ietf-pce-wson-routing-wavelength-14
Leeyoung <leeyoung@huawei.com> Tue, 28 October 2014 16:29 UTC
Return-Path: <leeyoung@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5956F1A870D; Tue, 28 Oct 2014 09:29:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.209
X-Spam-Level:
X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O_L_b8ftBqBx; Tue, 28 Oct 2014 09:29:14 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D52F1A8F33; Tue, 28 Oct 2014 09:28:57 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml402-hub.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BLA51796; Tue, 28 Oct 2014 16:28:56 +0000 (GMT)
Received: from DFWEML701-CHM.china.huawei.com (10.193.5.50) by lhreml402-hub.china.huawei.com (10.201.5.241) with Microsoft SMTP Server (TLS) id 14.3.158.1; Tue, 28 Oct 2014 16:28:53 +0000
Received: from DFWEML706-CHM.china.huawei.com ([10.193.5.225]) by dfweml701-chm ([10.193.5.50]) with mapi id 14.03.0158.001; Tue, 28 Oct 2014 09:28:52 -0700
From: Leeyoung <leeyoung@huawei.com>
To: Dan Harkins <dharkins@lounge.org>
Thread-Topic: secdir review of draft-ietf-pce-wson-routing-wavelength-14
Thread-Index: AQHP8ggFNCHzfU7A20OYSi0DGnzg+ZxFqT4wgAB/bwD//4tVgA==
Date: Tue, 28 Oct 2014 16:28:50 +0000
Message-ID: <7AEB3D6833318045B4AE71C2C87E8E1729C41411@dfweml706-chm>
References: <28335d401a6c792d0259a03c5767c1dc.squirrel@www.trepanning.net> <7AEB3D6833318045B4AE71C2C87E8E1729C41344@dfweml706-chm> <946399d78e1b4a6e8d2a1b6df04dd66c.squirrel@www.trepanning.net>
In-Reply-To: <946399d78e1b4a6e8d2a1b6df04dd66c.squirrel@www.trepanning.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.192.11.227]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/lua0K6qg0ewmnq1XQRws6pL26XY
Cc: "draft-ietf-pce-wson-routing-wavelength.all@tools.ietf.org" <draft-ietf-pce-wson-routing-wavelength.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-pce-wson-routing-wavelength-14
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2014 16:29:16 -0000
Hi Dan, Thanks. We will address PCEP security mechanisms in the solution draft. We will also factor in Oscar's suggestion in this thread. Best regards, Young -----Original Message----- From: Dan Harkins [mailto:dharkins@lounge.org] Sent: Tuesday, October 28, 2014 11:25 AM To: Leeyoung Cc: iesg@ietf.org; secdir@ietf.org; draft-ietf-pce-wson-routing-wavelength.all@tools.ietf.org Subject: RE: secdir review of draft-ietf-pce-wson-routing-wavelength-14 Hi Young, On Tue, October 28, 2014 8:50 am, Leeyoung wrote: > Hi Dan, > > Thanks a lot for your review and providing comments. > > Would the following work for you in Security Section to add: > > "Solutions that address the requirements in this document need to > verify that existing PCEP security mechanisms adequately protect the > additional network capabilities and must include new mechanisms as necessary." Yes, that's fine. Adrian had a good point (it's a requirements document) and this puts the requirements where they should be-- on the solution that addresses the requirements. thanks, Dan. > Best regards, > Young > > -----Original Message----- > From: Dan Harkins [mailto:dharkins@lounge.org] > Sent: Monday, October 27, 2014 12:04 PM > To: iesg@ietf.org; secdir@ietf.org; > draft-ietf-pce-wson-routing-wavelength.all@tools.ietf.org > Subject: secdir review of draft-ietf-pce-wson-routing-wavelength-14 > > > Hello, > > I have reviewed draft-ietf-pce-wson-routing-wavelength as part of > the security directorate's ongoing effort to review all IETF documents > being processed by the IESG. These comments were written primarily > for the benefit of the security area directors. Document editors and > WG chairs should treat these comments just like any other last call comments. > > This is a requirements document for additions to the PCEP protocol > to support path computation in a wavelength-switched optical network. > It describes what needs to be added to requests/responses to support > routing and wavelength assignment to a path computation element (that > supports both functions) for a path computation client. > > The security considerations are basically a punt. There's > information that an operator may not want to disclose and > "[c]onsideration should be given to securing this information." That > seems a little thin. At the very least some explanation of how this > should be done. Do only the TLVs that represent these required additions require confidentiality? > Is KARP a potential solution to this problem? If so it might be nice > to explain that; if not, then why and what else would be required? > > It is a well-organized and well-written document. I would say it is > "ready with nits", my nits being the thinness of the Security > Consideration section. > > regards, > > Dan. > > >
- [secdir] secdir review of draft-ietf-pce-wson-rou… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-pce-wson… Adrian Farrel
- Re: [secdir] secdir review of draft-ietf-pce-wson… Leeyoung
- Re: [secdir] secdir review of draft-ietf-pce-wson… Dan Harkins
- Re: [secdir] secdir review of draft-ietf-pce-wson… Leeyoung
- Re: [secdir] secdir review of draft-ietf-pce-wson… OSCAR GONZALEZ DE DIOS