Hi Shivan,
Thanks for your review! Document Shepherd here...
On Tue, Oct 11, 2022 at 4:00 AM Shivan Sahib via Datatracker <noreply@xxxxxxxx> wrote:
Reviewer: Shivan Sahib
Review result: Has Nits
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.
The summary of the review is Ready with nits.
---
1. Section 4 (Advice for Specification of New Flags) seems sparse. There are a
number of security considerations that apply to LCP extensions (for e.g.
https://www.rfc-editor.org/rfc/rfc8231.html#section-10). It would be helpful
for this document to mention that there are security considerations related to
adding new flags that might interact with existing extensions. It would also be
especially helpful for this document's Security Considerations to summarize the
security-critical aspects of existing flags so as to help future flag
developers make secure choices.
I proposed a sentence in the security consideration (see below)
I am not sure what you have in mind related to security consideration interaction between new and existing flags.
A sentence like this can be added but I am not sure how helpful that is -
"They are also expected to discuss any security implications of the additional flags (if any) and their interactions with existing flags."
2. The Security Considerations section of RFC 8231 says:
As a general precaution, it is RECOMMENDED that these PCEP extensions
only be activated on authenticated and encrypted sessions across PCEs
and PCCs belonging to the same administrative authority, using
Transport Layer Security (TLS) [PCEPS], as per the recommendations
and best current practices in [RFC7525].
Is there any reason we can't provide similar guidance for new LSP extended
flags
How about this ->
[RFC8231] sets out security considerations for PCEP when used for
communication with a stateful PCE. This document does not change
those considerations. For LSP Object processing, see [RFC8231].
The flags for the LSP object and their associated security
considerations are specified in [RFC8231], [RFC8281], [RFC8623],
and [I-D.ietf-pce-binding-label-sid].
This document provides for future addition of flags in the LSP Object.
No additional security issues are raised in this document beyond those
that exist in the referenced documents. Note that the [RFC8231]
recommends that the stateful PCEP extension are authenticated and
encrypted using Transport Layer Security (TLS) [RFC8253], as per the
recommendations and best current practices in [RFC7525].
Thoughts?
Thanks!
Dhruv
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
