RE: [Disman] Fw: MIB Doctor review: publishdraft-ietf-disman-remops-mib-v2-06.tx t
"Romascanu, Dan \(Dan\)" <dromasca@avaya.com> Wed, 04 May 2005 11:12 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DTHny-0001RL-8G; Wed, 04 May 2005 07:12:38 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DTHnx-0001QD-6E for disman@megatron.ietf.org; Wed, 04 May 2005 07:12:37 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA20370 for <disman@ietf.org>; Wed, 4 May 2005 07:12:34 -0400 (EDT)
Received: from tiere.net.avaya.com ([198.152.12.100]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DTI22-00022w-16 for disman@ietf.org; Wed, 04 May 2005 07:27:10 -0400
Received: from tiere.net.avaya.com (localhost [127.0.0.1]) by tiere.net.avaya.com (Switch-3.1.2/Switch-3.1.0) with ESMTP id j44BABU0003394 for <disman@ietf.org>; Wed, 4 May 2005 07:10:11 -0400 (EDT)
Received: from IS0004AVEXU1.global.avaya.com (h135-64-105-51.avaya.com [135.64.105.51]) by tiere.net.avaya.com (Switch-3.1.2/Switch-3.1.0) with ESMTP id j44BA9U0003361 for <disman@ietf.org>; Wed, 4 May 2005 07:10:09 -0400 (EDT)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Disman] Fw: MIB Doctor review: publishdraft-ietf-disman-remops-mib-v2-06.tx t
Date: Wed, 04 May 2005 14:11:03 +0300
Message-ID: <AAB4B3D3CF0F454F98272CBE187FDE2F08334499@is0004avexu1.global.avaya.com>
Thread-Topic: [Disman] Fw: MIB Doctor review: publishdraft-ietf-disman-remops-mib-v2-06.tx t
Thread-Index: AcVQXMecT2yydHX7RuWUwxpZo9VJXwAPI+yA
From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
To: Randy Presuhn <randy_presuhn@mindspring.com>, Disman <disman@ietf.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b7b9551d71acde901886cc48bfc088a6
Content-Transfer-Encoding: quoted-printable
Cc:
X-BeenThere: disman@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Distributed Management <disman.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/disman>, <mailto:disman-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/disman>
List-Post: <mailto:disman@ietf.org>
List-Help: <mailto:disman-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/disman>, <mailto:disman-request@ietf.org?subject=subscribe>
Sender: disman-bounces@ietf.org
Errors-To: disman-bounces@ietf.org
I agree with Juergen on this one.Tracepath information, even if read-only, is considered to be privacy sensitive in many environments. To quote from http://www.ietf.org/internet-drafts/draft-ietf-ops-mib-review-guidelines-04.txt, Section 3.4: Each specification that defines one or more MIB modules MUST contain a section that discusses security considerations relevant to those modules. This section MUST be patterned after the latest approved template (available at http://www.ops.ietf.org/mib-security.html). In particular, writeable MIB objects that could be especially disruptive if abused MUST be explicitly listed by name and the associated security risks MUST be spelled out; similarly, readable MIB objects that contain especially sensitive information or that raise significant privacy concerns MUST be explicitly listed by name and the reasons for the sensitivity/privacy concerns MUST be explained. It looks like this is one of the cases where the objects 'MUST be explicitly listed by name and the reasons for the sensitivity/privacy concerns MUST be explained.' Regards, Dan > -----Original Message----- > From: disman-bounces@ietf.org > [mailto:disman-bounces@ietf.org]On Behalf Of Randy Presuhn > Sent: 04 May, 2005 6:56 AM > To: Disman > Subject: [Disman] Fw: MIB Doctor review: > publishdraft-ietf-disman-remops-mib-v2-06.tx t > > > Hi - > > Forwarded for your information. > > Randy > > ----- Original Message ----- > > From: "Juergen Schoenwaelder" <j.schoenwaelder@iu-bremen.de> .... > > > > 5. Security Considerations > > > > - The following is stated: > > > > However, the only information that might be > > disclosed is the configuration and results of > measurements that are > > performed by implementations of the MIB modules. This > information > > can only be mis-used in conjunction with the mis-use of further > > information. > > > > I am not sure what the last sentence hints at. It sounds > like it is > > trying to make this less a security problem. Note sure > this is true. > > Tracepaths reveals information about paths which some > people tend to > > block (actually becoming more and more popular in enterprise > > networks it seems). > > > > > > -- > > Juergen Schoenwaelder International University Bremen > > <http://www.eecs.iu-bremen.de/> P.O. Box 750 561, 28725 > Bremen, Germany > > > > >
- RE: [Disman] Fw: MIB Doctor review: publishdraft-… Romascanu, Dan (Dan)
- Re: [Disman] Fw: MIB Doctor review: publish draft… Randy Presuhn
- Re: [Disman] Fw: MIB Doctor review: publish draft… Juergen Quittek
- Re: [Disman] Fw: MIB Doctor review: publishdraft-… Randy Presuhn