> > This document proposes to add a STARTTLS mechanism to the PCE protocol. > > If this basic approach is accepted, then the document is in good shape. > > It's clear, complete, and straightforward. The question is whether mandating > > STARTTLS is actually a good idea. > > > [Dhruv] Yes, this has been discussed in the WG. > The individual draft in fact asked for another port no, and during the WG > adoption process, it was discussed in the WG as well as with security experts, and > concluded that we should use STARTTLS. > As far as I am aware, use of different port for secured version of a protocol has > not been followed by IETF for some time now.
Right. Burning additional ports has been frowned upon for a while. I don't think it is right for a draft to explain why one solution was chosen over another. The question is: does the chosen solution work? But Dan is right that any weaknesses need to be highlighted and addressed/mitigated/warned. Cheers, Adrian _______________________________________________ Pce mailing list [email protected] https://www.ietf.org/mailman/listinfo/pce
