Hi Qin,
In-line
===
>>IMO, keeping separate is good as scope is different in both.
>>I and Diego had chat offline on this but how this discovery is
beneficial as you still operator
>>have to configure AUTH/Security credentials on the nodes.
>[Qin]: I think the importance of this discovery is in the deployments
which allow multiple
> choices for security credentials. without such discovery, it leads to
unexpected failure or
>additional message exchange is needed to indicate error to PCC using
PCErr message.
I can't really imagine nodes will have multiple security credential provisioned
by operator across all PCCs around for different protocols; for e.g., TLS
itself "can" be heavy in terms of auth-config.
However, I see one good possibility of no credentials with both AO and TLS and
then the mechanisms described in draft-wu-pce-discovery-pceps-support-01.txt
can be useful.
We have one unfinished work in KARP
http://tools.ietf.org/html/draft-chunduri-karp-kmp-router-fingerprints-05 where
we precisely address this with finger prints based authentication for
TCP-AO/KMP and these procedures can be extendable and applicable to TLS easily
for PCEP (as MD is theoretically obsolete!), discussed offline few months ago.
Auto discovery mechanisms eventually will be really helpful only when we have
these mechanisms in place perhaps.
--
Uma C.
_______________________________________________
Pce mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/pce
