Skip to main content

Last Call Review of draft-ietf-pce-lsp-control-request-07

Request Review of draft-ietf-pce-lsp-control-request
Requested revision No specific revision (document currently at 11)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-08-28
Requested 2019-08-14
Authors Aswatnarayan Raghuram , Al Goddard , Jay Karthik , Siva Sivabalan , Mahendra Singh Negi
I-D last updated 2019-08-22
Completed reviews Rtgdir Last Call review of -06 by Tomonori Takeda (diff)
Secdir Last Call review of -07 by Shawn M Emery (diff)
Genart Last Call review of -08 by Francesca Palombini (diff)
Genart Telechat review of -09 by Francesca Palombini (diff)
Assignment Reviewer Shawn M Emery
State Completed
Request Last Call review on draft-ietf-pce-lsp-control-request by Security Area Directorate Assigned
Posted at
Reviewed revision 07 (document currently at 11)
Result Ready
Completed 2019-08-22
Reviewer: Shawn M. Emery
Review result: Ready

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft specifies an extension to the Path Computation Element
Protocol (PCE) that allows a PCE to request control of Label Switched Paths

The security considerations section does exist and discusses a new DoS
that this draft creates.  The attack involves sending control requests for
control of all of its LSPs to the Path Computation Client (PCC).  The
solution is to set a threshold rate of the delegation requests for the PCC
per PCE.
I agree with the proposed solution, though I don't know if guidance can be
on what these thresholds would be per environment.

The section goes on to refer to RFC 8231 to justify that the PCP extension
be deployed with authenticated and encrypted sessions in TLS using RFC 8253.
I agree with this prescription as well else an attacker would now be able
to take
control over all local LSPs with this extension.  I think that this should
at least be
stated if an attacker is able to compromise a PCE.

General comments:


Editorial comments:

s/sends PCRpt/sends a PCRpt/
s/also specify/also specifies/
s/all its/all of its/
s/If threshold/If the threshold/
s/explicitly set aside/explicitly excluded/