Hi Shivan, Thanks for your review! Document Shepherd here...
On Tue, Oct 11, 2022 at 4:00 AM Shivan Sahib via Datatracker < nore...@ietf.org> wrote: > Reviewer: Shivan Sahib > Review result: Has Nits > > I have reviewed this document as part of the security directorate's > ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments just > like any other last call comments. > > The summary of the review is Ready with nits. > > --- > > 1. Section 4 (Advice for Specification of New Flags) seems sparse. There > are a > number of security considerations that apply to LCP extensions (for e.g. > https://www.rfc-editor.org/rfc/rfc8231.html#section-10). It would be > helpful > for this document to mention that there are security considerations > related to > adding new flags that might interact with existing extensions. It would > also be > especially helpful for this document's Security Considerations to > summarize the > security-critical aspects of existing flags so as to help future flag > developers make secure choices. > > I proposed a sentence in the security consideration (see below) I am not sure what you have in mind related to security consideration interaction between new and existing flags. A sentence like this can be added but I am not sure how helpful that is - "They are also expected to discuss any security implications of the additional flags (if any) and their interactions with existing flags." > 2. The Security Considerations section of RFC 8231 says: > > As a general precaution, it is RECOMMENDED that these PCEP extensions > only be activated on authenticated and encrypted sessions across PCEs > and PCCs belonging to the same administrative authority, using > Transport Layer Security (TLS) [PCEPS], as per the recommendations > and best current practices in [RFC7525]. > > Is there any reason we can't provide similar guidance for new LSP extended > flags > How about this -> 9. Security Considerations [RFC8231] sets out security considerations for PCEP when used for communication with a stateful PCE. This document does not change those considerations. For LSP Object processing, see [RFC8231]. The flags for the LSP object and their associated security considerations are specified in [RFC8231], [RFC8281], [RFC8623], and [I-D.ietf-pce-binding-label-sid]. This document provides for future addition of flags in the LSP Object. No additional security issues are raised in this document beyond those that exist in the referenced documents. Note that the [RFC8231] recommends that the stateful PCEP extension are authenticated and encrypted using Transport Layer Security (TLS) [RFC8253], as per the recommendations and best current practices in [RFC7525]. Thoughts? Thanks! Dhruv
_______________________________________________ Pce mailing list Pce@ietf.org https://www.ietf.org/mailman/listinfo/pce
