Updates to the Usage of TLS to Provide a Secure Transport for the Path Computation Element Communication Protocol (PCEP)

Updates to the Usage of TLS to Provide a Secure Transport for the Path Computation Element Communication Protocol (PCEP) Huawei

dhruv.ietf@gmail.com

sn3rd

sean@sn3rd.com

Vigil Security, LLC

516 Dranesville Road Herndon VA 20170 United States of America housley@vigilsec.com

RTG pce PCEP PCEPS TLS 1.3 TLS 1.2 Early Data 0-RTT Section 3.4 of RFC 8253 specifies TLS connection establishment restrictions for PCEPS; PCEPS refers to usage of TLS to provide a secure transport for the Path Computation Element Communication Protocol (PCEP). This document adds restrictions to specify what PCEPS implementations do if they support more than one version of the TLS protocol and to restrict the use of TLS 1.3's early data.

Introduction specifies TLS connection establishment restrictions for PCEPS; PCEPS refers to usage of TLS to provide a secure transport for the Path Computation Element Communication Protocol (PCEP) . This document adds restrictions to specify what PCEPS implementations do if they support more than one version of the TLS protocol, e.g., TLS 1.2 and TLS 1.3 , and to restrict the use of TLS 1.3's early data, which is also known as 0-RTT data. All other provisions set forth in are unchanged, including connection initiation, message framing, connection closure, certificate validation, peer identity, and failure handling.

Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

TLS Connection Establishment Restrictions Step 1 in includes restrictions on PCEPS TLS connection establishment. This document adds the following restrictions:

Implementations that support multiple versions of the TLS protocol MUST prefer to negotiate the latest version of the TLS protocol; see .
PCEPS implementations that support TLS 1.3 or later MUST NOT use early data.

Security Considerations The security considerations of PCEP , TLS 1.2 , TLS 1.3 , and TLS&wj;/DTLS recommendations apply here as well.

IANA Considerations This document has no IANA actions.

References Normative References The Transport Layer Security (TLS) Protocol Version 1.3 Independent Informative References

Acknowledgments We would like to thank , , , and for their review.