Reviewer: Yaron Sheffer Review result: Not Ready This document defines a mechanism (a TLV) to advertise the PCE Protocol security required (use of TCP-AO and its key ID, or alternatively use of TLS) within the routing protocol being used. * Sec. 3.1: I don't understand why "SHOULD advertise" and not MUST. Especially given the strict client behavior defined later. * Sec. 3.1: should we also say something about the case where both methods are advertised, and whether we recommend for the client to use one of them over the other? * Sec. 4: typo (appears twice) - "to be carried in the PCED TLV of the for use". * Sec. 7: this phrase appears to be essential to security of this mechanism: "it MUST be insured that the IGP is protected for authentication and integrity of the PCED TLV". I would expect more guidance: how can this property be ensured in the relevant IGPs? * Also, a possibly unintended consequence of this requirement is that if the IGP cannot be protected in a particular deployment/product, this mechanism would not be used. Please consider if this is likely to happen and whether we want to forego PCEP transport security in such cases. My gut feel (not based on experience in such networks) is that the threat models are different enough that we should decouple the security of IGP from that of PCEP. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
