Reviewer: Tirumaleswar Reddy
Review result: Ready with issues
Review result: Ready with issues
I apologize for missing the deadline for this review.
This document relies on [RFC5440], [RFC8231], [RFC8281] and [RFC8697] for security considerations. RFC5440 discusses the use of TCP-MD5 (obsoleted), TCP Authentication Option and TLS 1.2. Further, RFC5440 refers to RFC7525 for TLS recommendations.
draft-ietf-pce-vn-association says use of TLS is recommended.
My comments below:
1. Any specific reason for using "SHOULD" instead of using "MUST" for TLS. If TLS is not used in certain scenarios, how is a malicious PCEP speaker detected ?
This document relies on [RFC5440], [RFC8231], [RFC8281] and [RFC8697] for security considerations. RFC5440 discusses the use of TCP-MD5 (obsoleted), TCP Authentication Option and TLS 1.2. Further, RFC5440 refers to RFC7525 for TLS recommendations.
draft-ietf-pce-vn-association says use of TLS is recommended.
My comments below:
1. Any specific reason for using "SHOULD" instead of using "MUST" for TLS. If TLS is not used in certain scenarios, how is a malicious PCEP speaker detected ?
2. Do you see any challenges encouraging the use of TLS 1.3 ?
3. You may want to make it clear that this document does not rely on TCP-MD5.
4. If existing implementations are using TLS 1.2, I suggest referring to the recommendations in draft-ietf-uta-rfc7525bis instead of rfc7525. Please see Appendix A in draft-ietf-uta-rfc7525bis, it highlights the differences with rfc7525.
4. If existing implementations are using TLS 1.2, I suggest referring to the recommendations in draft-ietf-uta-rfc7525bis instead of rfc7525. Please see Appendix A in draft-ietf-uta-rfc7525bis, it highlights the differences with rfc7525.
Cheers,
-Tiru
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
