[Pce] 答复: Secdir last call review of draft-ietf-pce-pcep-extension-native-ip-34

Aijun Wang <wangaijun@tsinghua.org.cn> Thu, 22 August 2024 08:08 UTC

From: Aijun Wang <wangaijun@tsinghua.org.cn>
To: 'Magnus Nyström' <magnusn@gmail.com>, secdir@ietf.org
References: <172430105731.2466060.3086653842488587585@dt-datatracker-6df4c9dcf5-t2x2k>
In-Reply-To: <172430105731.2466060.3086653842488587585@dt-datatracker-6df4c9dcf5-t2x2k>
Date: Thu, 22 Aug 2024 16:07:46 +0800
Message-ID: <002801daf46a$5f93bf80$1ebb3e80$@tsinghua.org.cn>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Thread-Index: AQMPhH0j1hs+i2nP7znJaneaAGq4r6/JwwFQ
Content-Language: zh-cn
Message-ID-Hash: 5IC5HMQFESQVJKVHMEFESKBYCLIVQI46
CC: draft-ietf-pce-pcep-extension-native-ip.all@ietf.org, last-call@ietf.org, pce@ietf.org
Precedence: list
Subject: [Pce] 答复: Secdir last call review of draft-ietf-pce-pcep-extension-native-ip-34
Archived-At: <https://mailarchive.ietf.org/arch/msg/pce/GhIIZYuytnAUvXiCpAeYiZwcNjA>

Hi, Magnus:

Thanks for your comments and suggestions. I have updated the document and will submit it together with other expert's review.
Some detail responses are inline below.

Best Regards

Aijun Wang
China Telecom

-----邮件原件-----
发件人: forwardingalgorithm@ietf.org [mailto:forwardingalgorithm@ietf.org] 代表 Magnus Nystr?m via Datatracker
发送时间: 2024年8月22日 12:31
收件人: secdir@ietf.org
抄送: draft-ietf-pce-pcep-extension-native-ip.all@ietf.org; last-call@ietf.org; pce@ietf.org
主题: [Pce] Secdir last call review of draft-ietf-pce-pcep-extension-native-ip-34

Reviewer: Magnus Nyström
Review result: Has Nits

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors.
Document editors and WG chairs should treat these comments just like any other comments.

- It is clear that Section 10 and Section 11 are intended to be normative since they contain capitalized keywords (e.g., "SHOULD"). However, it is not clear to me if Section 9 is intended to be normative or informative. There are several lower-case "should" in Section 9 which makes me suspect that the Section is informative, but would be good to clarify.

【WAJ】：Normative. I have switched "should" with "SHOULD" in this section and other parts within the document.

- Security Considerations: This section contains the following text: "To prevent a bogus PCE from sending harmful messages to the network nodes, the network devices should authenticate the validity of the PCE and ensure a secure communication channel between them. Thus, the mechanisms described in [RFC8253] for the usage of TLS for PCEP and [RFC9050] for malicious PCE should be used." Firstly, did this intend to just say "authenticate the PCE"? I am not sure what "authenticate the validity" means, and it seems that authentication of the PCE should suffice (assuming that it, after having been authenticated, can be identified as a valid PCE)?
【WAJ】Yes. "Authenticate the PCE" is enough. Have omitted the "validity" in the updated document. Thanks for your clarification.

Secondly, did the second sentence intend to state "... and [RFC9050] for protection against malicious PCEs should be used"?
【WAJ】Yes. Thanks for the clarification. Have updated the document accordingly.

Thirdly, was that last "should" intented to be lower-case (i.e., informative)?
【WAJ】s/SHOULD already.

Thanks,
Magnus

_______________________________________________
Pce mailing list -- pce@ietf.org
To unsubscribe send an email to pce-leave@ietf.org

[Pce] Secdir last call review of draft-ietf-pce-p… Magnus Nyström via Datatracker
[Pce] 答复: Secdir last call review of draft-ietf-p… Aijun Wang