Last Call Review of draft-ietf-pce-vn-association-11
review-ietf-pce-vn-association-11-secdir-lc-reddyk-2022-10-30-00
Request | Review of | draft-ietf-pce-vn-association |
---|---|---|
Requested revision | No specific revision (document currently at 11) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2022-10-13 | |
Requested | 2022-09-29 | |
Authors | Young Lee , Haomian Zheng , Daniele Ceccarelli | |
I-D last updated | 2022-10-30 | |
Completed reviews |
Rtgdir Early review of -08
by He Jia
(diff)
Secdir Last Call review of -11 by Tirumaleswar Reddy.K Genart Last Call review of -09 by Meral Shirazipour (diff) |
|
Assignment | Reviewer | Tirumaleswar Reddy.K |
State | Completed | |
Request | Last Call review on draft-ietf-pce-vn-association by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/BVT_aEu8-Wksg5R6qFTJY2Lfdls | |
Reviewed revision | 11 | |
Result | Has issues | |
Completed | 2022-10-25 |
review-ietf-pce-vn-association-11-secdir-lc-reddyk-2022-10-30-00
Reviewer: Tirumaleswar Reddy Review result: Ready with issues I apologize for missing the deadline for this review. This document relies on [RFC5440], [RFC8231], [RFC8281] and [RFC8697] for security considerations. RFC5440 discusses the use of TCP-MD5 (obsoleted), TCP Authentication Option and TLS 1.2. Further, RFC5440 refers to RFC7525 for TLS recommendations. draft-ietf-pce-vn-association says use of TLS is recommended. My comments below: 1. Any specific reason for using "SHOULD" instead of using "MUST" for TLS. If TLS is not used in certain scenarios, how is a malicious PCEP speaker detected ? 2. Do you see any challenges encouraging the use of TLS 1.3 ? 3. You may want to make it clear that this document does not rely on TCP-MD5. 4. If existing implementations are using TLS 1.2, I suggest referring to the recommendations in draft-ietf-uta-rfc7525bis instead of rfc7525. Please see Appendix A in draft-ietf-uta-rfc7525bis, it highlights the differences with rfc7525. Cheers, -Tiru