Skip to main content

Last Call Review of draft-ietf-pce-association-policy-15
review-ietf-pce-association-policy-15-secdir-lc-kelly-2021-01-05-00

Request Review of draft-ietf-pce-association-policy
Requested revision No specific revision (document currently at 16)
Type IETF Last Call Review
Team Security Area Directorate (secdir)
Deadline 2020-12-24
Requested 2020-12-10
Authors Stephane Litkowski , Siva Sivabalan , Jeff Tantsura , Jonathan Hardwick , Cheng Li
I-D last updated 2021-03-29 (Latest revision 2021-01-21)
Completed reviews Rtgdir IETF Last Call review of -13 by Nicolai Leymann (diff)
Secdir IETF Last Call review of -15 by Scott G. Kelly (diff)
Genart IETF Last Call review of -15 by Vijay K. Gurbani (diff)
Assignment Reviewer Scott G. Kelly
State Completed
Request IETF Last Call review on draft-ietf-pce-association-policy by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/1zlTuu8MP29I9w7D003_cDPxFaM
Reviewed revision 15 (document currently at 16)
Result Ready
Completed 2020-12-31
review-ietf-pce-association-policy-15-secdir-lc-kelly-2021-01-05-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

The summary of the review is ready.

From the abstract, this document introduces a simple mechanism to associate
policies to a group of Label Switched Paths (LSPs) via an extension to the Path
Computation Element (PCE) Communication Protocol (PCEP).

The security considerations section references security considerations from
RFCs 5394, 5440, 8231, 8281, 8408, and 8697. In addition, it recommends
securing sessions with TLS in accordance with RFCs 8253 and 7525.

Because this protocol extension utilizes TLVs, there is an explicit call for
care in decoding and utilizing these TLVs due to the potential for attack via
malformed payloads.

I'm not a routing expert, but I think the authors have adequately covered
security considerations for this extension.