OK thanks, Dhruv!
Wassim H. On 10/23/24, 12:23 AM, "Dhruv Dhody" <[email protected]> wrote: Hi Wassim, On Wed, Oct 23, 2024 at 10:32 AM Wassim Haddad via Datatracker <[email protected]<mailto:[email protected]>> wrote: Reviewer: Wassim Haddad Review result: Ready Summary: IMHO, this draft is in good shape. It is clear and easy to read. Major issues: None Minor issues: None Proposal: It would be helpful for the reader if more explanation can be added to the following text in the “Security Considerations” section: “While there is limited protection against this, an operator monitoring the PCEP sessions can detect the use of vendor-specific information, be aware of the decoding mechanism for this information, and stay vigilant for potential misuse.” => Agree always good to stay vigilant. But on what basis the operator can detect the potential misuse to prevent potential harm? Dhruv: The idea is that while decoding this information, the checks should be performed in accordance with the format of the vendor-specific data, just as with any other standard PCEP Object. What we wanted to emphasize is that the object shouldn’t be treated as opaque and left uninspected, as this could be misused. Please note, this isn’t a new object; it already exists. How is this as a possible update - While there is limited protection against this, an operator monitoring the PCEP sessions can detect the use of vendor-specific information, be aware of the decoding mechanism for this data, and inspect it accordingly. It’s crucial for the operator to remain vigilant and monitor for any potential misuse of this object. Thanks! Dhruv (Document shepherd) _______________________________________________ Pce mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]>
_______________________________________________ Pce mailing list -- [email protected] To unsubscribe send an email to [email protected]
