Skip to main content

Last Call Review of draft-ietf-pce-pcep-extension-native-ip-34
review-ietf-pce-pcep-extension-native-ip-34-secdir-lc-nystrom-2024-08-21-00

Request Review of draft-ietf-pce-pcep-extension-native-ip
Requested revision No specific revision (document currently at 39)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2024-08-20
Requested 2024-07-29
Authors Aijun Wang , Boris Khasanov , Sheng Fang , Ren Tan , Chun Zhu
I-D last updated 2024-08-21
Completed reviews Opsdir Early review of -29 by Sheng Jiang (diff)
Secdir Early review of -29 by Ned Smith (diff)
Rtgdir Early review of -23 by Ines Robles (diff)
Genart Last Call review of -32 by Mallory Knodel (diff)
Secdir Last Call review of -34 by Magnus Nyström (diff)
Secdir Telechat review of -36 by Magnus Nyström (diff)
Assignment Reviewer Magnus Nyström
State Completed
Request Last Call review on draft-ietf-pce-pcep-extension-native-ip by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/3dP-hJRErQ21P3j1IJ3X-GJa7bg
Reviewed revision 34 (document currently at 39)
Result Has nits
Completed 2024-08-21
review-ietf-pce-pcep-extension-native-ip-34-secdir-lc-nystrom-2024-08-21-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. 
Document editors and WG chairs should treat these comments just like any other
comments.

- It is clear that Section 10 and Section 11 are intended to be normative since
they contain capitalized keywords (e.g., "SHOULD"). However, it is not clear to
me if Section 9 is intended to be normative or informative. There are several
lower-case "should" in Section 9 which makes me suspect that the Section is
informative, but would be good to clarify.

- Security Considerations: This section contains the following text: "To
prevent a bogus PCE from sending harmful messages to the network nodes, the
network devices should authenticate the validity of the PCE and ensure a secure
communication channel between them.  Thus, the mechanisms described in
[RFC8253] for the usage of TLS for PCEP and [RFC9050] for malicious PCE should
be used." Firstly, did this intend to just say "authenticate the PCE"? I am not
sure what "authenticate the validity" means, and it seems that authentication
of the PCE should suffice (assuming that it, after having been authenticated,
can be identified as a valid PCE)? Secondly, did the second sentence intend to
state "... and [RFC9050] for protection against malicious PCEs should be used"?
Thirdly, was that last "should" intented to be lower-case (i.e., informative)?

Thanks,
Magnus