Last Call Review of draft-ietf-pce-lsp-extended-flags-05
review-ietf-pce-lsp-extended-flags-05-secdir-lc-sahib-2022-10-10-00

I have reviewed this document as part of the security directorate's  ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the  security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

The summary of the review is Ready with nits.

---

1. Section 4 (Advice for Specification of New Flags) seems sparse. There are a
number of security considerations that apply to LCP extensions (for e.g.
https://www.rfc-editor.org/rfc/rfc8231.html#section-10). It would be helpful
for this document to mention that there are security considerations related to
adding new flags that might interact with existing extensions. It would also be
especially helpful for this document's Security Considerations to summarize the
security-critical aspects of existing flags so as to help future flag
developers make secure choices.

2. The Security Considerations section of RFC 8231 says:

As a general precaution, it is RECOMMENDED that these PCEP extensions
   only be activated on authenticated and encrypted sessions across PCEs
   and PCCs belonging to the same administrative authority, using
   Transport Layer Security (TLS) [PCEPS], as per the recommendations
   and best current practices in [RFC7525].

Is there any reason we can't provide similar guidance for new LSP extended
flags?