Re: [Entmib] Mini WG LAST CALL:draft-ietf-entmib-state-06.txt
Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de> Wed, 19 January 2005 15:10 UTC
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA19727 for <entmib-archive@lists.ietf.org>; Wed, 19 Jan 2005 10:10:41 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CrHSB-0006B6-4Q; Wed, 19 Jan 2005 10:09:03 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CrHRC-0005sF-7h for entmib@megatron.ietf.org; Wed, 19 Jan 2005 10:08:02 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA19408 for <entmib@ietf.org>; Wed, 19 Jan 2005 10:07:59 -0500 (EST)
Received: from hermes.iu-bremen.de ([212.201.44.23]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CrHgf-0004kS-Gs for entmib@ietf.org; Wed, 19 Jan 2005 10:24:02 -0500
Received: from localhost (demetrius.iu-bremen.de [212.201.44.32]) by hermes.iu-bremen.de (Postfix) with ESMTP id 9EBCFE89F; Wed, 19 Jan 2005 16:07:28 +0100 (CET)
Received: from hermes.iu-bremen.de ([212.201.44.23]) by localhost (demetrius [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id 29143-10; Wed, 19 Jan 2005 16:07:27 +0100 (CET)
Received: from james (unknown [10.50.253.208]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by hermes.iu-bremen.de (Postfix) with ESMTP id 87F32E88E; Wed, 19 Jan 2005 16:07:27 +0100 (CET)
Received: from schoenw by james with local (Exim 4.34) id 1CrHQd-0000k0-Bz; Wed, 19 Jan 2005 16:07:27 +0100
Date: Wed, 19 Jan 2005 16:07:27 +0100
From: Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>
To: Margaret Wasserman <margaret@thingmagic.com>
Subject: Re: [Entmib] Mini WG LAST CALL:draft-ietf-entmib-state-06.txt
Message-ID: <20050119150727.GA2807@james>
Mail-Followup-To: Margaret Wasserman <margaret@thingmagic.com>, entmib@ietf.org
References: <200501042031.PAA15747@ietf.org> <p06200717be1013d727c6@[192.168.2.2]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <p06200717be1013d727c6@[192.168.2.2]>
User-Agent: Mutt/1.5.6+20040907i
X-Virus-Scanned: by amavisd-new 20030616p5 at demetrius.iu-bremen.de
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 37af5f8fbf6f013c5b771388e24b09e7
Cc: entmib@ietf.org
X-BeenThere: entmib@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: j.schoenwaelder@iu-bremen.de
List-Id: IETF Entity MIB WG <entmib.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/entmib>, <mailto:entmib-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:entmib@ietf.org>
List-Help: <mailto:entmib-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/entmib>, <mailto:entmib-request@ietf.org?subject=subscribe>
Sender: entmib-bounces@ietf.org
Errors-To: entmib-bounces@ietf.org
On Sun, Jan 16, 2005 at 08:00:01AM -0500, Margaret Wasserman wrote: > The Entity State MIB has also been updated to address the issues > raised in WG Last Call (see below). I've reviewed this document, and > it seems to contain the changes that were agreed on the list. > > This document has also been through several WG Last Calls and should > be ready for submission to the IESG for Proposed Standard. > > So, if you have any objections to submitting this document to the > IESG for publication as a Proposed Standard RFC, please send them to > the entmib@ietf.org mailing list by Wednesday, January 19th. I have checked <draft-ietf-entmib-state-06.txt> and I support the document being submitted to the IESG. I have some editorial nits that probably should be addressed before submitting the document to that the IESG to reduce confusion/trouble/delay later on. - IANA Considerations section is missing. See the MIB guidelines document about what to put there. - Reference [RFC2737] should probably be referring to the updated ENTITY-MIB (or at least a comment to the RFC Ed. concerning this should be added). - Citations such as [Alarm-MIB] should be replaced with [RFC3877]. - The following sentence in section 3.2. does not read well: [...] If there are active alarms, then the alarmActiveTable in the Alarm MIB [Alarm MIB] should be searched for alarmActiveResourceId that match this entPhysicalIndex. Here is a first proposal to improve the wording: [...] If there are active alarms, then the alarmActiveTable in the Alarm MIB [RFC3877] should be searched for rows whose alarmActiveResourceId matches this entPhysicalIndex. I think it is important to be clear that there can be multiple matching rows. - The following sentence in section 3.2. is probably not quite right: Alternatively, if the alarmActiveTable is queried first and an active alarm with a value of alarmActiveResourceId that matches this entPhysicalIndex is found, then entStateAlarm can be used to quickly determine if there are additional active alarms against this physical entity. My understanding is that entStateAlarm allows me to detect what kind of alarms I have but not how many. So if there are multiple alarms of the same severity, then entStateAlarm will not really allow me to detect that "there are additional active alarms against this physical entity". Alternatively, if the alarmActiveTable is queried first and an active alarm with a value of alarmActiveResourceId that matches this entPhysicalIndex is found, then entStateAlarm can be used to quickly determine if there are additional active alarms with a different severity against this physical entity. - Security considerations: I suggest to insert "(entStateAdmin)" into the first sentence directly after "management object" and remove the second paragraph. In addition, I suggest to move the last and next to last paragraph directly below the first paragraph in this section so that the MIB specific stuff stays together and is not mixed with the more general "why you should use SNMPv3" statement. Putting things together, I suggest the following text for the security considerations section: There is one management object (entStateAdmin) defined in this MIB that has a MAX-ACCESS clause of read-write. The object may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. Note that setting the entStateAdmin to 'locked' or 'shuttingDown' can cause disruption of services ranging from those running on a port to those on an entire device, depending on the type of entity. Access to this object should be properly protected. Access to the objects defined in this MIB allows one to figure out what the active and standby resources in a network are. This information can be used to optimize attacks on networks so even read-only access to this MIB should be properly protected. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (entities) that have legitimate rights to indeed GET or SET (change/create/delete) them. /js -- Juergen Schoenwaelder International University Bremen <http://www.eecs.iu-bremen.de/> P.O. Box 750 561, 28725 Bremen, Germany _______________________________________________ Entmib mailing list Entmib@ietf.org https://www1.ietf.org/mailman/listinfo/entmib
- [Entmib] I-D ACTION:draft-ietf-entmib-state-06.txt Internet-Drafts
- [Entmib] Mini WG LAST CALL:draft-ietf-entmib-stat… Margaret Wasserman
- Re: [Entmib] Mini WG LAST CALL:draft-ietf-entmib-… Juergen Schoenwaelder
- Re: [Entmib] Mini WG LAST CALL:draft-ietf-entmib-… Margaret Wasserman