Last Call Review of draft-ietf-pce-wson-routing-wavelength-14
review-ietf-pce-wson-routing-wavelength-14-secdir-lc-harkins-2014-10-30-00

Request Review of draft-ietf-pce-wson-routing-wavelength
Requested rev. no specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2014-10-27
Requested 2014-10-16
Other Reviews Genart Last Call review of -14 by Robert Sparks (diff)
Genart Telechat review of -14 by Robert Sparks (diff)
Genart Telechat review of -15 by Robert Sparks
Review State Completed
Reviewer Dan Harkins
Review review-ietf-pce-wson-routing-wavelength-14-secdir-lc-harkins-2014-10-30
Posted at https://www.ietf.org/mail-archive/web/secdir/current/msg05186.html
Reviewed rev. 14 (document currently at 15)
Review result Has Nits
Draft last updated 2014-10-30
Review completed: 2014-10-30

Review
review-ietf-pce-wson-routing-wavelength-14-secdir-lc-harkins-2014-10-30

  Hello,

  I have reviewed draft-ietf-pce-wson-routing-wavelength as part of
the security directorate's ongoing effort to review all IETF documents
being processed by the IESG.  These comments were written primarily
for the benefit of the security area directors. Document editors and
WG chairs should treat  these comments just like any other last call
comments.

  This is a requirements document for additions to the PCEP protocol
to support path computation in a wavelength-switched optical
network. It describes what needs to be added to requests/responses
to support routing and wavelength assignment to a path computation
element (that supports both functions) for a path computation client.

  The security considerations are basically a punt. There's information
that an operator may not want to disclose and "[c]onsideration should
be given to securing this information." That seems a little thin. At the
very least some explanation of how this should be done. Do only the
TLVs that represent these required additions require confidentiality?
Is KARP a potential solution to this problem? If so it might be nice to
explain that; if not, then why and what else would be required?

  It is a well-organized and well-written document. I would say it
is "ready with nits", my nits being the thinness of the Security
Consideration section.

  regards,

  Dan.