Roman Danyliw has entered the following ballot position for draft-ietf-pce-stateful-hpce-13: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-pce-stateful-hpce/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- ** Section 4. Per “The security considerations listed in [RFC8231], [RFC6805] and [RFC5440] apply to this document as well. As per [RFC6805], it is expected that the parent PCE will require all child PCEs to use full security when communicating with the parent.”, the references make sense, thanks for making them. My concern is in the definition of “use full security”. I can see those words come from RFC6805, however, I can't find where that set of practices is defined. Can this please be clarified. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ** Section 4. Per the recommendation to use TLS _or_ TCP-AO. -- I take the point from the SECDIR (thanks Stephen Farrell) about the (lack of) deployment of AO. My caution would be that TLS and TCP-AO provide different security mechanism and therefore imbue different security properties and this should be noted. (i.e., this isn’t a choice between like options) -- As an editorial nit, it would be worth saying that guidance for implementing using TLS with PCEP can be found in RFC8232. ** Editorial Nits: Title. Is the period at the end of the title necessary? _______________________________________________ Pce mailing list [email protected] https://www.ietf.org/mailman/listinfo/pce
