Telechat Review of draft-ietf-pce-pcep-exp-codepoints-04
review-ietf-pce-pcep-exp-codepoints-04-secdir-telechat-yu-2018-01-11-00

Request Review of draft-ietf-pce-pcep-exp-codepoints
Requested rev. no specific revision (document currently at 05)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2018-01-09
Requested 2017-12-14
Authors Dhruv Dhody, Daniel King, Adrian Farrel
Draft last updated 2018-01-11
Completed reviews Rtgdir Last Call review of -04 by Ben Niven-Jenkins (diff)
Opsdir Last Call review of -04 by Scott Bradner (diff)
Genart Last Call review of -04 by Brian Carpenter (diff)
Secdir Telechat review of -04 by Taylor Yu (diff)
Assignment Reviewer Taylor Yu
State Completed
Review review-ietf-pce-pcep-exp-codepoints-04-secdir-telechat-yu-2018-01-11
Reviewed rev. 04 (document currently at 05)
Review result Ready
Review completed: 2018-01-11

Review
review-ietf-pce-pcep-exp-codepoints-04-secdir-telechat-yu-2018-01-11

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Summary: ready

The security considerations section seems reasonable.  The warning about
receiving conflicting experimental codepoints from another system seems
a little out of place if this were a protocol exposed to the Internet at
large.  (An implementation should in general handle all unexpected
inputs, accidental or malicious, in a way to avoid harmful
consequences.)  On the other hand, like many routing-related protocols,
PCEP doesn't seem to have very strong integrity or authentication
properties and instead relies on filtering, physical measures, or lower
layers such as TCP-AO.

Best regards,
-Taylor