Roman Danyliw has entered the following ballot position for draft-ietf-pce-pcep-extension-for-pce-controller-12: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-pce-pcep-extension-for-pce-controller/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to Yaron Sheffer for the SECDIR review and the updates made as a result to improve the Security Considerations. I endorse the revised text that minimally RECOMMENDs the use of “mutually-authenticated and encrypted sessions.” My question is why can’t we go even further and require (use MUST) this crucial provisioning channel always be protected. When would we NOT want to use TLS? I appreciate that mandating the use of security primitives in routing is challenging due to a long tail of legacy investment. However, this extension seems like a near "green field" focused on a modern, SDN architecture which seems unlikely to have less capable legacy elements. _______________________________________________ Pce mailing list [email protected] https://www.ietf.org/mailman/listinfo/pce
