Hi Suresh,

From: Suresh Krishnan [mailto:[email protected]]
Sent: 03 August 2017 19:29
To: Dhruv Dhody <[email protected]>
Cc: The IESG <[email protected]>; [email protected]; 
[email protected]; [email protected]; [email protected]
Subject: Re: [Pce] Suresh Krishnan's Discuss on draft-ietf-pce-pceps-15: (with 
DISCUSS and COMMENT)

Hi Dhruv,
  Thanks for the quick response.

On Aug 3, 2017, at 9:34 AM, Dhruv Dhody 
<[email protected]<mailto:[email protected]>> wrote:

Hi Suresh,


-----Original Message-----
From: Pce [mailto:[email protected]] On Behalf Of Suresh Krishnan
Sent: 03 August 2017 04:11
To: The IESG <[email protected]<mailto:[email protected]>>
Cc: [email protected]<mailto:[email protected]>; 
[email protected]<mailto:[email protected]>; 
[email protected]<mailto:[email protected]>;
[email protected]<mailto:[email protected]>
Subject: [Pce] Suresh Krishnan's Discuss on draft-ietf-pce-pceps-15: (with
DISCUSS and COMMENT)

Suresh Krishnan has entered the following ballot position for
draft-ietf-pce-pceps-15: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-pce-pceps/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

* Section 3.2:

This seems to be overly broad and directly contradicts to what is required
by RFC5440.

  A PCEP speaker receiving any other message apart from StartTLS, Open,
or
  PCErr as the first message, MUST treat it as an unexpected message
  and reply with a PCErr message with Error-Type set to [TBA2 by IANA]
  (PCEP StartTLS failure) and Error-value set to 2 (reception of any
  other message apart from StartTLS, Open, or PCErr message), and MUST
  close the TCP connection.

According to RFC5440, when a non-Open message is received the PCEP speaker
is required to send a PCErr message with Error-Type 1 ("PCEP session
establishment
failure") and Error-value 1 ("reception of an invalid Open message or a
non Open message"). I think this text needs to be reworded to narrow down
the scope of this error.
[[Dhruv Dhody]] I have updated to  -

  Any message received prior to StartTLS or Open message MUST trigger a
  protocol error condition causing a PCErr message to be sent with
  Error-Type set to [TBA2 by IANA] (PCEP StartTLS failure) and Error-
  value set to 2 (reception of a message apart from StartTLS or Open)
  and MUST close the TCP connection.

As per the wording of RFC5440 and I removed PCErr (which was incorrect).

Excellent.




* The fallback procedure after receiving the error code 4 needs to be
clarified. Is the response 4 remembered for future connections or is it
only limited to a single attempt immediately after the TLS connection
establishment failure. i.e. After falling back, does the client ever try
to establish a secure connection again?

[[Dhruv Dhody]] Agreed, I have updated to -

  o  4 (ok without TLS) if it is willing to exchange PCEP messages
     without the solicited TLS connection, and it MUST close the TCP
     session.  The receiver MAY choose to attempt to re-establish the
     PCEP session without TLS next.  This attempt SHOULD be limited to
     only once.

Sounds good. There is also some other text in this section that also needs some 
reworking.

   A PCEP speaker that supports PCEPS but
   has previously already learned the peer willingness to reestablish
   session without TLS, MAY send the Open message directly

Remembering this only once sounds like the right thing to me.


[[Dhruv Dhody]] Updated to -

   A PCEP speaker that supports PCEPS but
   has learned in the last exchange, the peer's willingness to
   reestablish session without TLS, MAY send the Open message directly,
   as per [RFC5440].  The attempt to re-establish the PCEP session
    without TLS SHOULD be limited to only once.

Thanks!
Dhruv



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

* Section 3.2:

This sentence needs to be reworded

s/If a PCE that supports PCEPS connection/If a PCE supports PCEPS
connection/

[[Dhruv Dhody]] Ack.


Great. I will clear as soon as the new revision posts.

Regards
Suresh

_______________________________________________
Pce mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/pce

Reply via email to