Reviewer: Shivan Sahib Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with nits. --- 1. Section 4 (Advice for Specification of New Flags) seems sparse. There are a number of security considerations that apply to LCP extensions (for e.g. https://www.rfc-editor.org/rfc/rfc8231.html#section-10). It would be helpful for this document to mention that there are security considerations related to adding new flags that might interact with existing extensions. It would also be especially helpful for this document's Security Considerations to summarize the security-critical aspects of existing flags so as to help future flag developers make secure choices. 2. The Security Considerations section of RFC 8231 says: As a general precaution, it is RECOMMENDED that these PCEP extensions only be activated on authenticated and encrypted sessions across PCEs and PCCs belonging to the same administrative authority, using Transport Layer Security (TLS) [PCEPS], as per the recommendations and best current practices in [RFC7525]. Is there any reason we can't provide similar guidance for new LSP extended flags? -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
