Last Call Review of draft-ietf-pce-pcep-extension-native-ip-34
review-ietf-pce-pcep-extension-native-ip-34-secdir-lc-nystrom-2024-08-21-00
Request | Review of | draft-ietf-pce-pcep-extension-native-ip |
---|---|---|
Requested revision | No specific revision (document currently at 39) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2024-08-20 | |
Requested | 2024-07-29 | |
Authors | Aijun Wang , Boris Khasanov , Sheng Fang , Ren Tan , Chun Zhu | |
I-D last updated | 2024-08-21 | |
Completed reviews |
Opsdir Early review of -29
by Sheng Jiang
(diff)
Secdir Early review of -29 by Ned Smith (diff) Rtgdir Early review of -23 by Ines Robles (diff) Genart Last Call review of -32 by Mallory Knodel (diff) Secdir Last Call review of -34 by Magnus Nyström (diff) Secdir Telechat review of -36 by Magnus Nyström (diff) |
|
Assignment | Reviewer | Magnus Nyström |
State | Completed | |
Request | Last Call review on draft-ietf-pce-pcep-extension-native-ip by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/3dP-hJRErQ21P3j1IJ3X-GJa7bg | |
Reviewed revision | 34 (document currently at 39) | |
Result | Has nits | |
Completed | 2024-08-21 |
review-ietf-pce-pcep-extension-native-ip-34-secdir-lc-nystrom-2024-08-21-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other comments. - It is clear that Section 10 and Section 11 are intended to be normative since they contain capitalized keywords (e.g., "SHOULD"). However, it is not clear to me if Section 9 is intended to be normative or informative. There are several lower-case "should" in Section 9 which makes me suspect that the Section is informative, but would be good to clarify. - Security Considerations: This section contains the following text: "To prevent a bogus PCE from sending harmful messages to the network nodes, the network devices should authenticate the validity of the PCE and ensure a secure communication channel between them. Thus, the mechanisms described in [RFC8253] for the usage of TLS for PCEP and [RFC9050] for malicious PCE should be used." Firstly, did this intend to just say "authenticate the PCE"? I am not sure what "authenticate the validity" means, and it seems that authentication of the PCE should suffice (assuming that it, after having been authenticated, can be identified as a valid PCE)? Secondly, did the second sentence intend to state "... and [RFC9050] for protection against malicious PCEs should be used"? Thirdly, was that last "should" intented to be lower-case (i.e., informative)? Thanks, Magnus