Last Call Review of draft-ietf-pce-association-diversity-10
review-ietf-pce-association-diversity-10-secdir-lc-shekh-yusef-2019-10-13-00

Request Review of draft-ietf-pce-association-diversity
Requested rev. no specific revision (document currently at 12)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-10-18
Requested 2019-10-04
Authors Stephane Litkowski, Siva Sivabalan, Colby Barth, Mahendra Negi
Draft last updated 2019-10-13
Completed reviews Rtgdir Last Call review of -08 by Emmanuel Baccelli (diff)
Secdir Last Call review of -10 by Rifaat Shekh-Yusef (diff)
Genart Last Call review of -10 by Dale Worley (diff)
Assignment Reviewer Rifaat Shekh-Yusef
State Completed
Review review-ietf-pce-association-diversity-10-secdir-lc-shekh-yusef-2019-10-13
Posted at https://mailarchive.ietf.org/arch/msg/secdir/kdE6B4THz388JyP-t8RSI_O9t7s
Reviewed rev. 10 (document currently at 12)
Review result Ready
Review completed: 2019-10-13

Review
review-ietf-pce-association-diversity-10-secdir-lc-shekh-yusef-2019-10-13

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

The summary of the review is Ready.

This document adds new extension to the PCEP protocol to allow a PCC 
to request the PCE to make sure that an LSP belongs to a disjoint group.

The PCEP is an existing protocol with well-defined security properties, 
and this document builds on that. The security section discusses the 
consequences if this new mechanism is abused and the attacker is able 
to inject a fake LSP into a disjoint group. The security section also 
discusses the potential leak of non-sensitive information and the fact 
that this new mechanism could make it easier on the attacker to obtain 
this information if the protocol is not secured properly.

The document this recommends the use of TLS to secure the interface between 
the PCC and the PCE to address the above potential issues.