Skip to main content

Last Call Review of draft-ietf-pce-pcep-stateful-pce-gmpls-21
review-ietf-pce-pcep-stateful-pce-gmpls-21-secdir-lc-petrov-2023-05-30-00

Request Review of draft-ietf-pce-pcep-stateful-pce-gmpls
Requested revision No specific revision (document currently at 23)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2023-05-29
Requested 2023-05-15
Authors Young Lee , Haomian Zheng , Oscar Gonzalez de Dios , Victor Lopez , Zafar Ali
I-D last updated 2023-05-30
Completed reviews Genart Last Call review of -21 by Stewart Bryant (diff)
Secdir Last Call review of -21 by Ivaylo Petrov (diff)
Opsdir Telechat review of -22 by Susan Hares (diff)
Rtgdir Early review of -19 by Susan Hares (diff)
Assignment Reviewer Ivaylo Petrov
State Completed
Request Last Call review on draft-ietf-pce-pcep-stateful-pce-gmpls by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/6wSUeRs4U0XNEu3qDyyF7NjHyrg
Reviewed revision 21 (document currently at 23)
Result Has nits
Completed 2023-05-30
review-ietf-pce-pcep-stateful-pce-gmpls-21-secdir-lc-petrov-2023-05-30-00
Reviewer: Ivaylo Petrov
Review result: Has Nits

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

For context, I don't have prior experience with PCEP. From my reading of
the document, the extensions added to enable the usage of a stateful PCE
capability in GMPLS-controlled networks did not add new attack surfaces
and all relevant security considerations were provided.

Nits:

- Sec 7.3, the first sentence reads confusing to me. Please consider
reformulating it. - Sec 11

   > The secure transport of PCEP specified in [RFC8253]
   > allows the usage of Transport Layer Security (TLS).  The same can
   > also be used by the PCEP extension defined in this document.

  this leaves the feeling that the use of TLS is optional, while I believe the
  intention here is to say that it's recommended and RFC8253 provides more
  details of how to implement that. Please reformulate this.