Re: [Lsr] New Version Notification for draft-wu-lsr-pce-discovery-security-support-00.txt

[Acee Lindem (acee)]

Hi Qin, 

On 8/23/18, 11:03 PM, "Qin Wu"  wrote:

Hi, Folks:
draft-wu-pce-discovery-pceps-support-07 has been resubmitted to LSR as 
draft-wu-lsr-pce-discovery-security-support-00 based on Chairs' suggestion.
https://tools.ietf.org/html/draft-wu-lsr-pce-discovery-security-support-00
This draft define IGP extension for PCEP security support, 
1.TCP AO which has been published as RFC5295.
2.PCEP over TLS which has been published as RFC8253 recently.

One issue raised by chair is shared key support for TCP-AO, how do you get 
shared key?

I guess my point was is that if you are distributing shared keys, you probably 
know whether or not TCP-AO is supported. Having said that, possibly the draft 
should include some sort of key-id for TCP-AO or TLS usage. For example, the 
key-chain name from RFC 8177. We don't need to decide now. 

Thanks,
Acee 


we believe to support TCP-AO, RFC5296 should also be implemented, which 
provide PSK and associated ciphersuit.
Let us know if you have any other opinion?

-Qin
-邮件原件-
发件人: internet-dra...@ietf.org [mailto:internet-dra...@ietf.org] 
发送时间: 2018年8月24日 10:57
收件人: Daniel King; wangzitao; Dhruv Dhody; wangzitao; Diego R. Lopez; Diego 
Lopez; Qin Wu
    主题: New Version Notification for 
draft-wu-lsr-pce-discovery-security-support-00.txt

    
A new version of I-D, draft-wu-lsr-pce-discovery-security-support-00.txt
has been successfully submitted by Qin Wu and posted to the IETF repository.

Name:   draft-wu-lsr-pce-discovery-security-support
Revision:   00
Title:  IGP extension for PCEP security capability support in 
the PCE discovery
Document date:  2018-08-23
Group:  Individual Submission
Pages:  6
URL:
https://www.ietf.org/internet-drafts/draft-wu-lsr-pce-discovery-security-support-00.txt
Status: 
https://datatracker.ietf.org/doc/draft-wu-lsr-pce-discovery-security-support/
Htmlized:   
https://tools.ietf.org/html/draft-wu-lsr-pce-discovery-security-support-00
Htmlized:   
https://datatracker.ietf.org/doc/html/draft-wu-lsr-pce-discovery-security-support


Abstract:
   When a Path Computation Element (PCE) is a Label Switching Router
   (LSR) participating in the Interior Gateway Protocol (IGP), or even a
   server participating in IGP, its presence and path computation
   capabilities can be advertised using IGP flooding.  The IGP
   extensions for PCE discovery (RFC 5088 and RFC 5089) define a method
   to advertise path computation capabilities using IGP flooding for
   OSPF and IS-IS respectively.  However these specifications lack a
   method to advertise PCEP security (e.g., Transport Layer
   Security(TLS),TCP Authentication Option (TCP-AO)) support capability.

   This document proposes new capability flag bits for PCE-CAP-FLAGS
   sub-TLV that can be announced as attribute in the IGP advertisement
   to distribute PCEP security support information.


  


Please note that it may take a couple of minutes from the time of 
submission until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat



___
Lsr mailing list
Lsr@ietf.org
https://www.ietf.org/mailman/listinfo/lsr

Re: [Lsr] New Version Notification for draft-wu-lsr-pce-discovery-security-support-00.txt

[Qin Wu]

Hi, Folks:
draft-wu-pce-discovery-pceps-support-07 has been resubmitted to LSR as 
draft-wu-lsr-pce-discovery-security-support-00 based on Chairs' suggestion.
https://tools.ietf.org/html/draft-wu-lsr-pce-discovery-security-support-00
This draft define IGP extension for PCEP security support, 
1.TCP AO which has been published as RFC5295.
2.PCEP over TLS which has been published as RFC8253 recently.

One issue raised by chair is shared key support for TCP-AO, how do you get 
shared key?
we believe to support TCP-AO, RFC5296 should also be implemented, which provide 
PSK and associated ciphersuit.
Let us know if you have any other opinion?

-Qin
-邮件原件-
发件人: internet-dra...@ietf.org [mailto:internet-dra...@ietf.org] 
发送时间: 2018年8月24日 10:57
收件人: Daniel King; wangzitao; Dhruv Dhody; wangzitao; Diego R. Lopez; Diego 
Lopez; Qin Wu
主题: New Version Notification for 
draft-wu-lsr-pce-discovery-security-support-00.txt


A new version of I-D, draft-wu-lsr-pce-discovery-security-support-00.txt
has been successfully submitted by Qin Wu and posted to the IETF repository.

Name:   draft-wu-lsr-pce-discovery-security-support
Revision:   00
Title:  IGP extension for PCEP security capability support in the PCE 
discovery
Document date:  2018-08-23
Group:  Individual Submission
Pages:  6
URL:
https://www.ietf.org/internet-drafts/draft-wu-lsr-pce-discovery-security-support-00.txt
Status: 
https://datatracker.ietf.org/doc/draft-wu-lsr-pce-discovery-security-support/
Htmlized:   
https://tools.ietf.org/html/draft-wu-lsr-pce-discovery-security-support-00
Htmlized:   
https://datatracker.ietf.org/doc/html/draft-wu-lsr-pce-discovery-security-support


Abstract:
   When a Path Computation Element (PCE) is a Label Switching Router
   (LSR) participating in the Interior Gateway Protocol (IGP), or even a
   server participating in IGP, its presence and path computation
   capabilities can be advertised using IGP flooding.  The IGP
   extensions for PCE discovery (RFC 5088 and RFC 5089) define a method
   to advertise path computation capabilities using IGP flooding for
   OSPF and IS-IS respectively.  However these specifications lack a
   method to advertise PCEP security (e.g., Transport Layer
   Security(TLS),TCP Authentication Option (TCP-AO)) support capability.

   This document proposes new capability flag bits for PCE-CAP-FLAGS
   sub-TLV that can be announced as attribute in the IGP advertisement
   to distribute PCEP security support information.


  


Please note that it may take a couple of minutes from the time of submission 
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

___
Lsr mailing list
Lsr@ietf.org
https://www.ietf.org/mailman/listinfo/lsr