Last Call Review of draft-ietf-pce-pcep-flowspec-09
review-ietf-pce-pcep-flowspec-09-secdir-lc-kelly-2020-07-10-00

Request Review of draft-ietf-pce-pcep-flowspec
Requested revision No specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2020-07-06
Requested 2020-06-22
Authors Dhruv Dhody , Adrian Farrel , Zhenbin Li
I-D last updated 2020-07-10
Completed reviews Rtgdir Early review of -05 by Acee Lindem (diff)
Tsvart Last Call review of -09 by Dr. Joseph D. Touch (diff)
Secdir Last Call review of -09 by Scott G. Kelly (diff)
Genart Last Call review of -09 by Roni Even (diff)
Assignment Reviewer Scott G. Kelly
State Completed
Request Last Call review on draft-ietf-pce-pcep-flowspec by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/6vW7wAzE0BvAR0QUkwJcwGWR3hU
Reviewed revision 09 (document currently at 13)
Result Ready
Completed 2020-07-05
review-ietf-pce-pcep-flowspec-09-secdir-lc-kelly-2020-07-10-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

The summary of the review is ready.

>From the abstract, "This document specifies a set of extensions to PCEP to
support dissemination of Flow Specifications.  This allows a PCE to indicate
what traffic should be placed on each path that it is aware of."

The security considerations section says that this mechanism has all of the
same security considerations of the underlying PCEP protocol, and that all of
the same security considerations in RFC5440, RFC6952, and RFC8253 apply. It
also mentions some additional privacy considerations, and that order of
installation for overlapping flow specs may have unexpected consequences that
could be exploited by an attacker.

I don't have additional concerns.