Hi Quan, We already have this text ->
Note that the [RFC8231] recommends that the stateful PCEP extension are authenticated and encrypted using Transport Layer Security (TLS) [RFC8253], as per the recommendations and best current practices in [RFC7525]. Thus I suggested adding one more sentence at the end of this -> Thus the flags in the LSP-EXTENDED-FLAG TLV are also protected by the above mechanisms and recommendations. That change should help with clarity as pointed by Paul. -- Also, please make this change -> OLD: The documents which will specific these flags must discuss their associate security implications. NEW: Any future document that specifies new flags must also discuss any associated security implications. Thanks! Dhruv On Sat, Oct 22, 2022 at 8:09 PM <[email protected]> wrote: > Hi Paul, > > Thanks for your comment! > The extended flags are stateful PCEP extension which need to observe the > RECOMMENDED as per RFC8231. > People could find that in Security Considerations section which is "it is > RECOMMENDED that these PCEP extensions only be activated on authenticated > and encrypted sessions across PCEs and PCCs belonging to the same > administrative authority , using Transport Layer Security (TLS) [PCEPS], > as per the recommendations and best current practices in [RFC7525]." > So I am not sure if we should copy that in this flag draft. Please let me > know if you have other comments and suggestions. > > > Regards, > Quan > > > > > > From: PaulWoutersviaDatatracker <[email protected]> > To: The IESG <[email protected]>; > Cc: [email protected] < > [email protected]>;[email protected] < > [email protected]>;[email protected] <[email protected]>;[email protected] < > [email protected]>;[email protected] <[email protected]>; > Date: 2022年10月18日 08:22 > Subject: Paul Wouters' No Objection on > draft-ietf-pce-lsp-extended-flags-07: (with COMMENT) > Paul Wouters has entered the following ballot position for > draft-ietf-pce-lsp-extended-flags-07: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-pce-lsp-extended-flags/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > In the security considerations it says: > > This document provides for future addition of flags in the LSP > Object. No additional security issues are raised in this document > beyond those that exist in the referenced documents. Note that the > [RFC8231] recommends that the stateful PCEP extension are > authenticated and encrypted using Transport Layer Security (TLS) > [RFC8253], as per the recommendations and best current practices in > [RFC7525]. > > It feels that it is trying to say "these flags are protected by the TLS > recommendation", but it could probably say that a bit more clearly. >
_______________________________________________ Pce mailing list [email protected] https://www.ietf.org/mailman/listinfo/pce
