[Last-Call] Secdir last call review of draft-ietf-pce-lsp-extended-flags-05
Shivan Sahib via Datatracker <noreply@ietf.org> Mon, 10 October 2022 22:30 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: last-call@ietf.org
Delivered-To: last-call@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B83A9C157B34; Mon, 10 Oct 2022 15:30:40 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Shivan Sahib via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: draft-ietf-pce-lsp-extended-flags.all@ietf.org, last-call@ietf.org, pce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 8.17.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <166544104074.23839.1857148456549380843@ietfa.amsl.com>
Reply-To: Shivan Sahib <shivankaulsahib@gmail.com>
Date: Mon, 10 Oct 2022 15:30:40 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/cv5oHOGfJIwVHvAsQoIw1KJp73E>
Subject: [Last-Call] Secdir last call review of draft-ietf-pce-lsp-extended-flags-05
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2022 22:30:40 -0000
Reviewer: Shivan Sahib Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with nits. --- 1. Section 4 (Advice for Specification of New Flags) seems sparse. There are a number of security considerations that apply to LCP extensions (for e.g. https://www.rfc-editor.org/rfc/rfc8231.html#section-10). It would be helpful for this document to mention that there are security considerations related to adding new flags that might interact with existing extensions. It would also be especially helpful for this document's Security Considerations to summarize the security-critical aspects of existing flags so as to help future flag developers make secure choices. 2. The Security Considerations section of RFC 8231 says: As a general precaution, it is RECOMMENDED that these PCEP extensions only be activated on authenticated and encrypted sessions across PCEs and PCCs belonging to the same administrative authority, using Transport Layer Security (TLS) [PCEPS], as per the recommendations and best current practices in [RFC7525]. Is there any reason we can't provide similar guidance for new LSP extended flags?
- [Last-Call] Secdir last call review of draft-ietf… Shivan Sahib via Datatracker
- Re: [Last-Call] Secdir last call review of draft-… Dhruv Dhody