Last Call Review of draft-ietf-lsr-pce-discovery-security-support-05
review-ietf-lsr-pce-discovery-security-support-05-secdir-lc-sheffer-2021-08-05-00
Request | Review of | draft-ietf-lsr-pce-discovery-security-support |
---|---|---|
Requested revision | No specific revision (document currently at 13) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2021-08-11 | |
Requested | 2021-07-21 | |
Requested by | Acee Lindem | |
Authors | Diego Lopez , Qin Wu , Dhruv Dhody , Qiufang Ma , Daniel King | |
I-D last updated | 2021-08-05 | |
Completed reviews |
Secdir Last Call review of -05
by Yaron Sheffer
(diff)
Rtgdir Last Call review of -05 by Ron Bonica (diff) Opsdir Last Call review of -10 by Will (Shucheng) LIU (diff) Intdir Telechat review of -12 by Carlos Pignataro (diff) Opsdir Telechat review of -13 by Will (Shucheng) LIU |
|
Assignment | Reviewer | Yaron Sheffer |
State | Completed | |
Request | Last Call review on draft-ietf-lsr-pce-discovery-security-support by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/cug-yYz47ts3yov8921GAb_ul4I | |
Reviewed revision | 05 (document currently at 13) | |
Result | Not ready | |
Completed | 2021-08-05 |
review-ietf-lsr-pce-discovery-security-support-05-secdir-lc-sheffer-2021-08-05-00
This document defines a mechanism (a TLV) to advertise the PCE Protocol security required (use of TCP-AO and its key ID, or alternatively use of TLS) within the routing protocol being used. * Sec. 3.1: I don't understand why "SHOULD advertise" and not MUST. Especially given the strict client behavior defined later. * Sec. 3.1: should we also say something about the case where both methods are advertised, and whether we recommend for the client to use one of them over the other? * Sec. 4: typo (appears twice) - "to be carried in the PCED TLV of the for use". * Sec. 7: this phrase appears to be essential to security of this mechanism: "it MUST be insured that the IGP is protected for authentication and integrity of the PCED TLV". I would expect more guidance: how can this property be ensured in the relevant IGPs? * Also, a possibly unintended consequence of this requirement is that if the IGP cannot be protected in a particular deployment/product, this mechanism would not be used. Please consider if this is likely to happen and whether we want to forego PCEP transport security in such cases. My gut feel (not based on experience in such networks) is that the threat models are different enough that we should decouple the security of IGP from that of PCEP.