RE: [Bridge-mib] Begin WG Last Call - draft-ietf-bridge-8021x-00 .txt

["Les Bell" <Les_Bell@eur.3com.com>]

On 11th Dec 2002, Dan Romascanu wrote:

> I think that the Security Considerations section is much too weak
> taking into account the scope of the IEEE 802.1X standard. We need
> to fix this before it gets under the IESG scrutiny. The security
> section needs to mention the fact that the standard modeled by this
> MIB has a strong security functionality. It needs to list explicitly
> the objects with MAX-ACCESS of read-write or read-create that if be
> potentially written by a malicious attacker can endanger the security
> by allowing access to the layer 2 network by un-authorized users. It
> also needs to mention that some of the objects (even of those with
> MAX-ACCESS clause of read-only) if exposed can allow for security holes
> in the access to the network to be exposed to un-authorized viewers.

I think it is not just the read-write objects that can allow access to
the network by un-authorized users, but also those objects that can
inhibit access to the network by authorized users.  Also, exposure of all
of these MIB values, including the read-only objects (with the possible
exception of some of the statistics), may allow security holes to be
exploited.

Therefore, I suggest it is not worth listing most, if not all, of the
managed objects in the security section, and instead, we should replace
the first paragraph of the security section with the following:

 "The Port Access Entity defined in this MIB is integral to the
  security of the network accessed through the Authenticator.  The
  managed objects in this MIB that have a MAX-ACCESS clause of
  read-write or read-create must be considered sensitive in a secure
  environment.  The support of SET operations in a non-secure
  environment without proper protection can have a negative effect on
  the security of access to the network, for both the Authenticator and
  the Supplicant.  The managed objects in this MIB that have a
  MAX-ACCESS clause of anything other than not-accessible may allow
  users, including authenticated users that have authorised access to
  the secured network, to discover information that may help to
  compromise the access and security of others.  Therefore the support
  of GET operations for all managed objects in this MIB must also be
  considered sensitive in a secure environment."

Les...





"Romascanu, Dan (Dan)" <dromasca@avaya.com> on 11/12/2002 13:03:33

Sent by:  "Romascanu, Dan (Dan)" <dromasca@avaya.com>


To:   Les Bell/GB/3Com, bridge-mib@ietf.org
cc:
Subject:  RE: [Bridge-mib] Begin WG Last Call - draft-ietf-bridge-8021x-00.txt




As the scope of this document is to produce a replica of the MIB defined in the
IEEE document, I will not refer my comments to the MIB itself, but to the
surrounding IETF-ish envelope. I have one fundamental issue, and a few
editorials.

The fundamental one: I think that the Security Considerations section is much
too weak taking into account the scope of the IEEE 802.1X standard. We need to
fix this before it gets under the IESG scrutiny. The security section needs to
mention the fact that the standard modeled by this MIB has a strong security
functionality. It needs to list explicitly the objects with MAX-ACCESS of
read-write or read-create that if be potentially written by a malicious attacker
can endanger the security by allowing access to the layer 2 network by
un-authorized users. It also needs to mention that some of the objects (even of
those with MAX-ACCESS clause of read-only) if exposed can allow for security
holes in the access to the network to be exposed to un-authorized viewers.

Now the editorial issues:
1. page 3, section 2 - the second paragraph seems broken in syntax, and content
- Source Route and transparent are not modes, by rather methods. They happen to
be the ones standardized in IEEE 802, but there are at least two other methods
(translation and encapsulation) which are not covered by IEEE 802 standards.
2. Formatting of section 3, paragraph 1 seems broken
3. Same for section 3.1
4. The numbering of some of the objects (9.4.3, 9.4.4, etc.) in section 3.1
seems out of context
5. Section 3.3 and following - the term 'System' is used here, without a clear
explanation of what it means
6. I think that it would help to define shortly (or at least refer to the IEEE
standard) the supplicant and authenticator
7. Section 3.6 - there seems to be a mis-spelling of an object name referred
from RFC 2863
8. Section 6 - IEEE is duplicated
9. Section 7 - need to divide references into normative and non-normative.

Thanks,

Dan


> -----Original Message-----
> From: Les Bell [mailto:Les_Bell@eur.3com.com]
> Sent: Tuesday, November 26, 2002 5:24 PM
> To: bridge-mib@ietf.org
> Subject: [Bridge-mib] Begin WG Last Call -
> draft-ietf-bridge-8021x-00.txt
>
>
>
>
>
> Hi,
>
> The Bridge MIB WG has completed work on the "Definitions for
> Port Access Control
> (IEEE 802.1X) MIB".  This memo proposes to re-publish the
> Port Access Entity
> MIB, as defined in IEEE 802.1X, in an Informational RFC, for
> the convenience of
> the IETF community.
>
> The WG proposes that the I-D 'draft-ietf-bridge-8021x-00.txt'
> is the completed
> version of this document. The WG members are strongly urged
> to review this
> document as soon as possible, and express any concerns, or
> identify any errors, in an email to the Bridge MIB WG mailing list.
>
> Unless there are strong objections, published on the WG
> mailing list by December
> 11, 2002, this document will be forwarded to the OPS Area
> Directors for
> consideration to publish as an Informational RFC.
>
> Please send all comments to the WG mailing list at
> bridge-mib@ietf.org.
>
> Thanks,
> Les...
>
>
> _______________________________________________
> Bridge-mib mailing list
> Bridge-mib@ietf.org
> https://www1.ietf.org/mailman/listinfo/bridge-mib
>




_______________________________________________
Bridge-mib mailing list
Bridge-mib@ietf.org
https://www1.ietf.org/mailman/listinfo/bridge-mib