Telechat Review of draft-ietf-pce-pcep-exp-codepoints-04
review-ietf-pce-pcep-exp-codepoints-04-secdir-telechat-yu-2018-01-11-00
| Request | Review of | draft-ietf-pce-pcep-exp-codepoints |
|---|---|---|
| Requested rev. | no specific revision (document currently at 05) | |
| Type | Telechat Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2018-01-09 | |
| Requested | 2017-12-14 | |
| Authors | Dhruv Dhody, Daniel King, Adrian Farrel | |
| Draft last updated | 2018-01-11 | |
| Completed reviews |
Rtgdir Last Call review of -04 by Ben Niven-Jenkins
(diff)
Opsdir Last Call review of -04 by Scott Bradner (diff) Genart Last Call review of -04 by Brian Carpenter (diff) Secdir Telechat review of -04 by Taylor Yu (diff) |
|
| Assignment | Reviewer | Taylor Yu |
| State | Completed | |
| Review | review-ietf-pce-pcep-exp-codepoints-04-secdir-telechat-yu-2018-01-11 | |
| Reviewed rev. | 04 (document currently at 05) | |
| Review result | Ready | |
| Review completed: | 2018-01-11 |
Review
review-ietf-pce-pcep-exp-codepoints-04-secdir-telechat-yu-2018-01-11
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: ready The security considerations section seems reasonable. The warning about receiving conflicting experimental codepoints from another system seems a little out of place if this were a protocol exposed to the Internet at large. (An implementation should in general handle all unexpected inputs, accidental or malicious, in a way to avoid harmful consequences.) On the other hand, like many routing-related protocols, PCEP doesn't seem to have very strong integrity or authentication properties and instead relies on filtering, physical measures, or lower layers such as TCP-AO. Best regards, -Taylor