Re: [Teas] Eric Rescorla's No Objection on draft-ietf-teas-lsp-diversity-08: (with COMMENT)
"Adrian Farrel" <adrian@olddog.co.uk> Tue, 31 October 2017 18:17 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07A4D13FA3E; Tue, 31 Oct 2017 11:17:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.609
X-Spam-Level:
X-Spam-Status: No, score=-2.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uaT19qq2Tz-Q; Tue, 31 Oct 2017 11:17:36 -0700 (PDT)
Received: from asmtp1.iomartmail.com (asmtp1.iomartmail.com [62.128.201.248]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB73B13F516; Tue, 31 Oct 2017 11:17:35 -0700 (PDT)
Received: from asmtp1.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp1.iomartmail.com (8.13.8/8.13.8) with ESMTP id v9VIHX0s029480; Tue, 31 Oct 2017 18:17:33 GMT
Received: from 950129200 (254.196.113.87.dyn.plus.net [87.113.196.254]) (authenticated bits=0) by asmtp1.iomartmail.com (8.13.8/8.13.8) with ESMTP id v9VIHUqZ029419 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 31 Oct 2017 18:17:31 GMT
Reply-To: adrian@olddog.co.uk
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Dieter Beller' <Dieter.Beller@nokia.com>, 'Eric Rescorla' <ekr@rtfm.com>, 'The IESG' <iesg@ietf.org>
Cc: draft-ietf-teas-lsp-diversity@ietf.org, lberger@labn.net, teas-chairs@ietf.org, teas@ietf.org
References: <150412445206.21557.275657217562057272.idtracker@ietfa.amsl.com> <6536d44e-576c-8c40-48f5-6dc2629fb54b@nokia.com>
In-Reply-To: <6536d44e-576c-8c40-48f5-6dc2629fb54b@nokia.com>
Date: Tue, 31 Oct 2017 18:17:30 -0000
Message-ID: <009001d35274$848ddd10$8da99730$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0091_01D35274.84907520"
X-Mailer: Microsoft Outlook 14.0
Content-Language: en-gb
Thread-Index: AQFvC3nEZhv8wMDNPUa5cflBfkqviQHlISoio7eoLJA=
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1679-8.1.0.1062-23430.002
X-TM-AS-Result: No--17.960-10.0-31-10
X-imss-scan-details: No--17.960-10.0-31-10
X-TMASE-MatchedRID: yebcs53SkkDxlOJuQNHlfeJmMZmLmwx5KVrLOZD1BXQtxWNuz6R5rL2+ Pt89anuupBfJNhZXI7ppTkE8M1UzPUwKALNpgWAb1yMJs9mBCcWEroxSTl8M/bTW1fERaaqiWio bvLavUWLqCA306ady8tW8fQqUeGqspeAIK6XfhPocb7SkSRqdJNZKsq3DGpalqPm/sjj9KBh+DN kCAl6R4xgyYpYqmxrEuIWZmN+TN0+LZFYXB0CRWbtsiy3ZR8MEDYBVKmbeeQMt88jwUkXq9SMOu GtF4L1ENOVZUUCTfWA8MXho6UtjB+ZjHoPEX7J1tT4jIeGRd/VCs7hdHoFFAwkXZTx0qGb54wC3 PCHWrn6w5HIJm0PwB5zq6PrvE6SG0OxuGGtVaG/r/EBmiNuXt13HHpZF/7mwyQtla5G6v/Gcy6b fnmNEWNETMYi/rA7e2T9jSpSUmBTuHXE92Wk6HC4uTw19Klh64FBhMAaXjUxtpkxrR+BG1t9pC/ 8X2GzAbt4OZ/qrGgSbftVQlt3fhUdb73gUDwkXwbRQ2Bpmliq0X0Yw27VuouQ45nVtPqmxrsFU8 Uw5BC6ytmB2/5InT/zxIC9LasqudG57tpB6osSzLD5kmcW6ZCBW9lXcEHZA0ToSvkRVqOZbYToD RWMGWpDQiv0Qe0IxAkhxxowNxQIX8k3r0LX5EJHXKSSl+ScK/AZW18vjv1pyri/EgufZd2AqMCk r6SPvrZlfDIf02Jvz6c8TOd9Ak4RYbh/Eo+XF462sl6NKNzCH7D1bP/FcOhHyswgJ7SqQBpNqUz wLvvcpwCEGTgSxOxoVXDux0y5/NJyAyqAmcb+eAiCmPx4NwGmRqNBHmBve1B0Hk1Q1KyL3PDiXO /tFSRec2mundr022rAJ65zCE4VnzTlZBFe961WxU21KNorfFRFQh/0G7ns=
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/GUQ9VwdTuxp3g0NMGcXXOWMrl64>
Subject: Re: [Teas] Eric Rescorla's No Objection on draft-ietf-teas-lsp-diversity-08: (with COMMENT)
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2017 18:17:39 -0000
Agree with Dieter here. The risk in this case is that a 3rd party could see the path key in flight (control plane or PCEP) and then issue a query to the PCE to expand the key. The protection is that the PCE knows who is allowed to ask for expansion, PCEP is session-based, PCEP security now exists. A From: Teas [mailto:teas-bounces@ietf.org] On Behalf Of Dieter Beller Sent: 31 October 2017 17:58 To: Eric Rescorla; The IESG Cc: draft-ietf-teas-lsp-diversity@ietf.org; lberger@labn.net; teas-chairs@ietf.org; teas@ietf.org Subject: Re: [Teas] Eric Rescorla's No Objection on draft-ietf-teas-lsp-diversity-08: (with COMMENT) Hi Eric, my apologies for the late response - it was difficult for me finding time in the last weeks to address the IESG review comments. Please find the answers to your comments in-line below. Could you please let us know if your comments are adequately addressed. Thanks, Dieter and co-authors On 30.08.2017 22:20, Eric Rescorla wrote: Eric Rescorla has entered the following ballot position for draft-ietf-teas-lsp-diversity-08: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-teas-lsp-diversity/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I'm not sure that the security considerations here are accurate. Specifically, the PAS seems like it might potentially leak information about paths, because if I am able to learn someone else's PAS values, I can tell if they are routed along the same paths as I am. Is that correct? If so, it seems like it might be useful to recommend self-encrypting PAS values so that two identical paths given to separate people have different PAS values. We do not believe that encryption at the UNI is required because the Path key (PCE approach) or the PAS information is not shared between the core network and all edge nodes connected to the core network (see Figure 1). It is assumed that only a particular edge node receives a Path key or PAS information for an LSP that this edge node initiated before requesting another LSP that shall meet certain diversity constraints insid the core network. Path keys and PAS is only meaningful in the context of a pair or several LSPs oriiginating from the same edge node. These LSPs shall meet diversity constraints inside the core network in order to avoid that they will all fail together due to a failure in the core network - a typical failure is a link cut. Moreover, Path key or a PAS are already abstract information and do not allow the edge node to infer any topological information of the core network. Also, it seems like it S 2.3 would be clearer if you factored out the algorithm for processing the XRO values from the differential treatment depending on the L bit. Perhaps you could just have one list and use [SHOULD (L=1), MUST(L=0)] or something? A combined list would be an alternative way to describe the processing rules for the L-flag in section2.3. On the other hand, we believe that nothing is technically wrong with the current description, where two lists are used. So, we would like to keep the description as is.
- [Teas] Eric Rescorla's No Objection on draft-ietf… Eric Rescorla
- Re: [Teas] Eric Rescorla's No Objection on draft-… Dieter Beller
- Re: [Teas] Eric Rescorla's No Objection on draft-… Adrian Farrel