[Last-Call] 答复: [Pce] Secdir last call review of draft-ietf-pce-pcep-extension-native-ip-34

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, Magnus:

Thanks for your comments and suggestions. I have updated the document and will submit it together with other expert's review.
Some detail responses are inline below.


Best Regards

Aijun Wang
China Telecom

-----邮件原件-----
发件人: forwardingalgorithm@xxxxxxxx [mailto:forwardingalgorithm@xxxxxxxx] 代表 Magnus Nystr?m via Datatracker
发送时间: 2024年8月22日 12:31
收件人: secdir@xxxxxxxx
抄送: draft-ietf-pce-pcep-extension-native-ip.all@xxxxxxxx; last-call@xxxxxxxx; pce@xxxxxxxx
主题: [Pce] Secdir last call review of draft-ietf-pce-pcep-extension-native-ip-34

Reviewer: Magnus Nyström
Review result: Has Nits

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. 
Document editors and WG chairs should treat these comments just like any other comments.

- It is clear that Section 10 and Section 11 are intended to be normative since they contain capitalized keywords (e.g., "SHOULD"). However, it is not clear to me if Section 9 is intended to be normative or informative. There are several lower-case "should" in Section 9 which makes me suspect that the Section is informative, but would be good to clarify.

【WAJ】:Normative. I have switched "should" with "SHOULD" in this section and other parts within the document.

- Security Considerations: This section contains the following text: "To prevent a bogus PCE from sending harmful messages to the network nodes, the network devices should authenticate the validity of the PCE and ensure a secure communication channel between them.  Thus, the mechanisms described in [RFC8253] for the usage of TLS for PCEP and [RFC9050] for malicious PCE should be used." Firstly, did this intend to just say "authenticate the PCE"? I am not sure what "authenticate the validity" means, and it seems that authentication of the PCE should suffice (assuming that it, after having been authenticated, can be identified as a valid PCE)?
【WAJ】Yes. "Authenticate the PCE" is enough. Have omitted the "validity" in the updated document. Thanks for your clarification. 

Secondly, did the second sentence intend to state "... and [RFC9050] for protection against malicious PCEs should be used"?
【WAJ】Yes. Thanks for the clarification. Have updated the document accordingly.

Thirdly, was that last "should" intented to be lower-case (i.e., informative)?
【WAJ】s/SHOULD already.

Thanks,
Magnus


_______________________________________________
Pce mailing list -- pce@xxxxxxxx
To unsubscribe send an email to pce-leave@xxxxxxxx

-- 
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux