Re: [secdir] Secdir last call review of draft-ietf-pce-stateful-hpce-11

"Adrian Farrel" <> Tue, 27 August 2019 22:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 742C512011F; Tue, 27 Aug 2019 15:42:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7BNIO2DwcaWy; Tue, 27 Aug 2019 15:42:03 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E33CE12004D; Tue, 27 Aug 2019 15:42:02 -0700 (PDT)
Received: from ( []) by (8.14.4/8.14.4) with ESMTP id x7RMfxB6032602; Tue, 27 Aug 2019 23:41:59 +0100
Received: from (unknown []) by IMSVA (Postfix) with ESMTP id BD0EA22044; Tue, 27 Aug 2019 23:41:59 +0100 (BST)
Received: from (unknown []) by (Postfix) with ESMTPS id A7B2122042; Tue, 27 Aug 2019 23:41:59 +0100 (BST)
Received: from LAPTOPK7AS653V ([]) (authenticated bits=0) by (8.14.4/8.14.4) with ESMTP id x7RMfwEQ002710 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 27 Aug 2019 23:41:58 +0100
Reply-To: <>
From: "Adrian Farrel" <>
To: "'Stephen Farrell'" <>, <>
Cc: <>, <>, <>
References: <>
In-Reply-To: <>
Date: Tue, 27 Aug 2019 23:41:56 +0100
Organization: Old Dog Consulting
Message-ID: <009d01d55d28$a1e40d10$e5ac2730$>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-gb
X-TM-AS-Product-Ver: IMSVA-
X-TM-AS-Result: No--17.709-10.0-31-10
X-imss-scan-details: No--17.709-10.0-31-10
X-TMASE-Result: 10--17.708700-10.000000
X-TMASE-MatchedRID: x2HXvaraFomWfDtBOz4q23FPUrVDm6jtK2Xp5E/r/sDDOS0FhcAXSiVd 0zWceCJ5eEMcfhapRN8CqkfgFNTEWeCpYE4Zw1NnUPktDdOX0fseRZr2cxRELsuSXx71bvSL5xK d2UyY/9aXhTtgl0lKrQ7mOhsG9JpUG6D1Oij+NwkHRzaQbsazqLJEo6RFXaMBa73+XlYDLuxGYv UFUejPpwFjHc0ldSMGX7VX/Yyk1YPsrfmvTLX/noS/TV9k6ppAPXu1L28jSnFEvDDW7fraa6DSF bNSvOcnUlYzUd2VQCjdjgC/mVZqxbgDo+qmynoTN19PjPJahlI+2wh5SKLNTr59Yrw3aQCHqzsf 3Jwr9ugvL6wN3NwNB4dhR5KNGoGn281ysgK8tlPY89Y3rjOSOjmKihe1K2IeuHvAyOPMssxKOLA aWF/XN5c0cjL5IGjpS5wwTxCFN2yvMyWwzFWyi0XDLbZtboYDChdI4sLlrjiZj6vI4Rf7hGlys1 PDhWLoCIUHXTihi6sW0Cobj/6ySGthr6NhZ4UuCuDAUX+yO6Y+4xdAglpjoNC+brZibJmzU1LXq VLalgNPbhexfXCKb/7ewXL4WrSICqKeazYPYcKeAiCmPx4NwFkMvWAuahr8i2QFaYS1v20qtq5d 3cxkNQP90fJP9eHt
X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
Archived-At: <>
Subject: Re: [secdir] Secdir last call review of draft-ietf-pce-stateful-hpce-11
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 27 Aug 2019 22:42:06 -0000

You had me at the mention of beer.

Actually, that would be a useful conversation both in a PCE context and in a wider SDN context. (Always said that the SDN architecture was missing a bit of security work).

I'd also love us to have some clarity about TCP-AO. It's like we were all told we must use TCP-AO in our protocol specifications as the silver bullet, and now the shiny outer layer has tarnished a bit. But that is worthy of a separate thread.


-----Original Message-----
From: Stephen Farrell via Datatracker <> 
Sent: 27 August 2019 23:32
Subject: Secdir last call review of draft-ietf-pce-stateful-hpce-11

Reviewer: Stephen Farrell
Review result: Has Nits


This draft doesn't define new protocol but rather describes a way to use existing 
PCE stuff in what I guess is a new way. 

The nit I see is the usual, presumably fictional, reference to TCP-AO.  I mean, if
nobody actually does that, why bother? Esp. if you have a TLS option that's (I
hope) less fictional. (Is TLS less fictional for PCEP btw?) OTOH, I guess that
nearly everyone now knows that referring to TCP-AO is just a figleaf to try keep
security nerds happy, so maybe it's ok that we all suspend disbelief;-( 

Other than that, I did have two questions that occurred to me, but that are by 
no means a reason to hold up this draft - if answers required some action, it'd
almost certainly not be something that'd be fixed here. But I'm still curious:-)

1. Has anyone spent any significant amount of time/effort attempting to 
attack an H-PCE network  as a PCEP speaker? (And written that up:-) It 
looks to me like there're enough moving parts here that any real stateful 
hierarchical PCE  network could be fairly likely to have interestingly
exploitable problems in the face of such an attacker.

2. I see a reference to SPEAKER-IDENTITY-TLV. I wondered if the 
ability to e.g. use different SubjectAltNames in x.509 certificates
might create the potential for some kind of deliberate or accidental
loops to be created somewhere. 

Again, there's no reason to hold this up to try answer (or even to
understand) those questions. I'd be happy to chat over a beer with 
someone  at IETF106 about 'em as that might be easier than a bunch 
of mail.