[bess] Secdir last call review of draft-ietf-bess-mvpn-mib-10

"Valery Smyslov" <valery@smyslov.net> Tue, 28 August 2018 15:36 UTC

Return-Path: <valery@smyslov.net>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 1387D130DE7; Tue, 28 Aug 2018 08:36:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.29
X-Spam-Status: No, score=-0.29 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_WEB=1.5, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=smyslov.net
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id F3m99E91zBwp; Tue, 28 Aug 2018 08:36:05 -0700 (PDT)
Received: from direct.host-care.com (direct.host-care.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FE8D130DF0; Tue, 28 Aug 2018 08:36:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=smyslov.net ; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID :Date:Subject:Cc:To:From:Sender:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=mPwFevpl7eDuLx8qIe/aWEWHEgpP9bkgVJfTu+WX5kk=; b=puvj1WUIys7opKFc1/Ebcqv8Ot QuXlVm/W4WaEsRgYZTYVLK3MbzojPnkn1EwBrdDrNxyzMkQao5Y0rFOcPMfN8LiOTgP2Qq4U62Coe nIK1pP5GsAIOADEWdwM2Ev6TkRWoXqOJiIbB6YN+Eg9kIZmVC3Ki3nlvCtmoiu6gH6df0tYq3CDau 9vR4qZFoAcZrEBP4LsEWbqWVOCvNIkAj9gPcnqJdfte9FR2OoQIXIBEduBnipzLiQBEIB1l2d8tiU e3KqmZBfgKJa4KKGRXJkPezAFXKIBqi9m8qIx1dcjWauVx9Vq3e0KN7DunOn1LdYSHGZ5MtfFWdsk LtpJ+wog==;
Received: from [] (port=56552 helo=buildpc) by direct.host-care.com with esmtpsa (TLSv1:ECDHE-RSA-AES256-SHA:256) (Exim 4.91) (envelope-from <valery@smyslov.net>) id 1fug2A-0003My-Ni; Tue, 28 Aug 2018 11:35:59 -0400
From: Valery Smyslov <valery@smyslov.net>
To: secdir@ietf.org
Cc: draft-ietf-bess-mvpn-mib.all@ietf.org, ietf@ietf.org, bess@ietf.org
Date: Tue, 28 Aug 2018 18:35:55 +0300
Message-ID: <07d201d43ee4$d11fe120$735fa360$@smyslov.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdQ+2zJDek7BznleRca/q1sl+sUWeA==
Content-Language: ru
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - direct.host-care.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - smyslov.net
X-Get-Message-Sender-Via: direct.host-care.com: authenticated_id: valery@smyslov.net
X-Authenticated-Sender: direct.host-care.com: valery@smyslov.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/WsTiozR6zWcyAIlL1gujg07MvGY>
Subject: [bess] Secdir last call review of draft-ietf-bess-mvpn-mib-10
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Aug 2018 15:36:07 -0000

Reviewer: Valery Smyslov	
Review result: Almost Ready

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

The document provides a MIB module for Level 3 Multicast VPNs.
The MIB Module passed a thorough MIB doctor review.

The Security Considerations text follows the "Security Guidelines for IETF 
MIB Modules" (https://trac.ietf.org/trac/ops/wiki/mib-security).
In particular, all the objects with read-write access from this MIB module 
are listed and the possible impact of manipulating their values is described.
In addition, readable address-related objects from this MIB module 
that may reveal the locations of the peers are listed too.
My only concern with the Security Considerations is that the latter list lacks 
mvpnMrouteRtAddr object, which in my opinion should be there, 
since it's also readable and contains address-related information.
I think that once this issue is resolved the document will be ready for publication.