Re: [secdir] secdir review of draft-ietf-pce-wson-routing-wavelength-14

Leeyoung <> Tue, 28 October 2014 15:50 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 23EF91A8ADD; Tue, 28 Oct 2014 08:50:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.209
X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8sZ1laEGHRVa; Tue, 28 Oct 2014 08:50:23 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2A1EF1A8956; Tue, 28 Oct 2014 08:50:22 -0700 (PDT)
Received: from (EHLO ([]) by (MOS 4.3.7-GA FastPath queued) with ESMTP id BLA48595; Tue, 28 Oct 2014 15:50:20 +0000 (GMT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Tue, 28 Oct 2014 15:50:19 +0000
Received: from ([]) by dfweml704-chm ([]) with mapi id 14.03.0158.001; Tue, 28 Oct 2014 08:50:13 -0700
From: Leeyoung <>
To: Dan Harkins <>, "" <>, "" <>, "" <>
Thread-Topic: secdir review of draft-ietf-pce-wson-routing-wavelength-14
Thread-Index: AQHP8ggFNCHzfU7A20OYSi0DGnzg+ZxFqT4w
Date: Tue, 28 Oct 2014 15:50:12 +0000
Message-ID: <7AEB3D6833318045B4AE71C2C87E8E1729C41344@dfweml706-chm>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Subject: Re: [secdir] secdir review of draft-ietf-pce-wson-routing-wavelength-14
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 28 Oct 2014 15:50:25 -0000

Hi Dan,

Thanks a lot for your review and providing comments. 

Would the following work for you in Security Section to add:

"Solutions that address the requirements in this document need to verify that existing PCEP security mechanisms adequately protect the additional network capabilities and must include new mechanisms as necessary."

Best regards,

-----Original Message-----
From: Dan Harkins [] 
Sent: Monday, October 27, 2014 12:04 PM
Subject: secdir review of draft-ietf-pce-wson-routing-wavelength-14


  I have reviewed draft-ietf-pce-wson-routing-wavelength as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat  these comments just like any other last call comments.

  This is a requirements document for additions to the PCEP protocol to support path computation in a wavelength-switched optical network. It describes what needs to be added to requests/responses to support routing and wavelength assignment to a path computation element (that supports both functions) for a path computation client.

  The security considerations are basically a punt. There's information that an operator may not want to disclose and "[c]onsideration should be given to securing this information." That seems a little thin. At the very least some explanation of how this should be done. Do only the TLVs that represent these required additions require confidentiality?
Is KARP a potential solution to this problem? If so it might be nice to explain that; if not, then why and what else would be required?

  It is a well-organized and well-written document. I would say it is "ready with nits", my nits being the thinness of the Security Consideration section.