Re: Last Call: <draft-ietf-ipfix-mib-variable-export-09.txt> (Exporting MIB Variables using the IPFIX Protocol) to Proposed Standard
Randy Presuhn <randy_presuhn@mindspring.com> Mon, 28 September 2015 18:45 UTC
Return-Path: <randy_presuhn@mindspring.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78C371B2B4C for <ietf@ietfa.amsl.com>; Mon, 28 Sep 2015 11:45:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P--OA84xcNpF for <ietf@ietfa.amsl.com>; Mon, 28 Sep 2015 11:45:23 -0700 (PDT)
Received: from elasmtp-mealy.atl.sa.earthlink.net (elasmtp-mealy.atl.sa.earthlink.net [209.86.89.69]) by ietfa.amsl.com (Postfix) with ESMTP id 4D9351B2B4F for <ietf@ietf.org>; Mon, 28 Sep 2015 11:45:23 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=mindspring.com; b=awTdQnWydHW+4jeomX2b2wcCFo5M81rv0O9TpIq9BKbkUG3dfEtvYc029Nrb+78g; h=Message-ID:Date:From:Reply-To:To:Subject:Mime-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:X-ELNK-Trace:X-Originating-IP;
Received: from [209.86.224.40] (helo=elwamui-milano.atl.sa.earthlink.net) by elasmtp-mealy.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <randy_presuhn@mindspring.com>) id 1ZgdQL-0007F1-GS for ietf@ietf.org; Mon, 28 Sep 2015 14:45:17 -0400
Received: from 76.254.51.191 by webmail.earthlink.net with HTTP; Mon, 28 Sep 2015 14:45:17 -0400
Message-ID: <14635125.1443465917433.JavaMail.root@elwamui-milano.atl.sa.earthlink.net>
Date: Mon, 28 Sep 2015 11:45:17 -0700
From: Randy Presuhn <randy_presuhn@mindspring.com>
To: ietf@ietf.org
Subject: Re: Last Call: <draft-ietf-ipfix-mib-variable-export-09.txt> (Exporting MIB Variables using the IPFIX Protocol) to Proposed Standard
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Mailer: EarthLink Zoo Mail 1.0
X-ELNK-Trace: 4488c18417c9426da92b9037bc8bcf44d4c20f6b8d69d88874d3f0892ff6d3ed8f02efd7f0a6c3b7a23d9c60cbbda03e350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 209.86.224.40
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/00kTHwfJLwYbLy7v9W0YtPJaKlQ>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Randy Presuhn <randy_presuhn@mindspring.com>
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Sep 2015 18:45:24 -0000
Hi - >From: The IESG <iesg-secretary@ietf.org> >Sent: Sep 28, 2015 10:11 AM >To: IETF-Announce <ietf-announce@ietf.org> >Subject: Last Call: <draft-ietf-ipfix-mib-variable-export-09.txt> (Exporting MIB Variables using the IPFIX Protocol) to Proposed Standard ... I think the Security Considerations section needs to be a bit more explicit. For example, it states: | However if the exporter is a client of an SNMP engine on the same | device it MUST abide by existing SNMP security rules. A few questions come to mind: - just exactly what is meant by "client of an SNMP engine"? - in deciding whether a bit of information may be exported to a particular entity, how does the IPFIX implementation decide what VACM user name would correspond to that entity, in order to abide by SNMP security rules? - if the VACM configuration specifies that a given piece of information is to be communicated only by secure means (e.g. auth/priv using a particular algorithm) how does the IPFIX implementation honor that commitment in forwarding the information without subverting the keystore? - in granting IPFIX access to the information, should VACM be using the read view or the notify view? Randy
- Re: Last Call: <draft-ietf-ipfix-mib-variable-exp… Randy Presuhn