Last Call Review of draft-ietf-pce-stateful-path-protection-08
review-ietf-pce-stateful-path-protection-08-secdir-lc-eastlake-2019-09-05-00

I have reviewed this document as part of the Security Directorate's ongoing
effort to review all IETF documents being processed by the IESG.  Document
editors and WG chairs should treat these comments just like any other last
call comments.

The summary of the review is Almost Ready.

This document specifies an extension to the stateful Path Computation
Element Communication Protocol to associate two or more Label Switched
Paths for the purpose of setting up path protection.

This is not at all my area of expertise. The Security Considerations
section primarily refers to the Security Considerations in existing RFCs
and one draft, draft-ietf-pce-association-group (which is already in the
RFC Editor queue). I think these references are pretty thorough and provide
good security coverage and advice with one possible exception. Given that
this document specifies a new facility, it seems likely that a few narrow
sentences would be in order about the damage an adversary could cause by
specifically monkeying with that new facility.

Tiny nits:
In abstract and other places when referring to what this standards track
draft does: "describes" -> "specifies" or "defines"
Draft references draft-ietf-pce-association-diversity-08 when latest
version is -09

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 1424 Pro Shop Court, Davenport, FL 33896 USA
 d3e3e3@gmail.com