Skip to main content

Last Call Review of draft-ietf-pce-lsp-extended-flags-05

Request Review of draft-ietf-pce-lsp-extended-flags
Requested revision No specific revision (document currently at 09)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2022-10-11
Requested 2022-09-27
Authors Quan Xiong
I-D last updated 2022-10-10
Completed reviews Rtgdir Early review of -03 by Jonathan Hardwick (diff)
Opsdir Last Call review of -05 by Bo Wu (diff)
Genart Last Call review of -05 by Roni Even (diff)
Secdir Last Call review of -05 by Shivan Kaul Sahib (diff)
Dnsdir Last Call review of -07 by Andrew Campling (diff)
Assignment Reviewer Shivan Kaul Sahib
State Completed
Request Last Call review on draft-ietf-pce-lsp-extended-flags by Security Area Directorate Assigned
Posted at
Reviewed revision 05 (document currently at 09)
Result Has nits
Completed 2022-10-10
I have reviewed this document as part of the security directorate's  ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the  security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

The summary of the review is Ready with nits.


1. Section 4 (Advice for Specification of New Flags) seems sparse. There are a
number of security considerations that apply to LCP extensions (for e.g. It would be helpful
for this document to mention that there are security considerations related to
adding new flags that might interact with existing extensions. It would also be
especially helpful for this document's Security Considerations to summarize the
security-critical aspects of existing flags so as to help future flag
developers make secure choices.

2. The Security Considerations section of RFC 8231 says:

As a general precaution, it is RECOMMENDED that these PCEP extensions
   only be activated on authenticated and encrypted sessions across PCEs
   and PCCs belonging to the same administrative authority, using
   Transport Layer Security (TLS) [PCEPS], as per the recommendations
   and best current practices in [RFC7525].

Is there any reason we can't provide similar guidance for new LSP extended