-----邮件原件-----
发件人: Uma Chunduri [mailto:[email protected]]
发送时间: 2014年8月29日 22:48
收件人: Qin Wu; [email protected]
主题: RE: I-D Action: draft-wu-pce-discovery-pceps-support-01.txt
Hi Qin,
In-line
===
>>IMO, keeping separate is good as scope is different in both.
>>I and Diego had chat offline on this but how this discovery is
beneficial as you still operator
>>have to configure AUTH/Security credentials on the nodes.
>[Qin]: I think the importance of this discovery is in the deployments
which allow multiple
> choices for security credentials. without such discovery, it leads to
unexpected failure or
>additional message exchange is needed to indicate error to PCC using
PCErr message.
I can't really imagine nodes will have multiple security credential provisioned
by operator across all PCCs around for different protocols; for e.g., TLS
itself "can" be heavy in terms of auth-config.
[Qin]: what I am saying is in some cases PCE server may support multi security
mechanisms, e.g., MD,AO, TLS, and PCC want to discover PCE with each security
mechanism or combination of any two security mechanisms.
However, I see one good possibility of no credentials with both AO and TLS and
then the mechanisms described in draft-wu-pce-discovery-pceps-support-01.txt
can be useful.
[Qin]: Exactly.
We have one unfinished work in KARP
http://tools.ietf.org/html/draft-chunduri-karp-kmp-router-fingerprints-05 where
we precisely address this with finger prints based authentication for
TCP-AO/KMP and these procedures can be extendable and applicable to TLS easily
for PCEP (as MD is theoretically obsolete!), discussed offline few months ago.
Auto discovery mechanisms eventually will be really helpful only when we have
these mechanisms in place perhaps.
[Qin]: Interesting. Thanks for valuable information.
--
Uma C.
_______________________________________________
Pce mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/pce
