RE: [secdir] secdir review of draft-ietf-dime-priority-avps-04
"David Harrington" <ietfdbh@comcast.net> Wed, 03 August 2011 20:45 UTC
Return-Path: <ietfdbh@comcast.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A7DD11E8090 for <ietf@ietfa.amsl.com>; Wed, 3 Aug 2011 13:45:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aNeL9isPzPs6 for <ietf@ietfa.amsl.com>; Wed, 3 Aug 2011 13:45:27 -0700 (PDT)
Received: from qmta10.emeryville.ca.mail.comcast.net (qmta10.emeryville.ca.mail.comcast.net [76.96.30.17]) by ietfa.amsl.com (Postfix) with ESMTP id 0609E11E8094 for <ietf@ietf.org>; Wed, 3 Aug 2011 13:45:27 -0700 (PDT)
Received: from omta24.emeryville.ca.mail.comcast.net ([76.96.30.92]) by qmta10.emeryville.ca.mail.comcast.net with comcast id FwgM1h0091zF43QAAwlcGV; Wed, 03 Aug 2011 20:45:36 +0000
Received: from davidPC ([67.189.235.106]) by omta24.emeryville.ca.mail.comcast.net with comcast id FwkW1h00Y2JQnJT8kwkXwY; Wed, 03 Aug 2011 20:44:35 +0000
From: David Harrington <ietfdbh@comcast.net>
To: carlberg@g11.org.uk, 'Stephen Hanna' <shanna@juniper.net>
References: <20110726104135.13472eudbij0eaqs@portland.eukhosting.net><AC6674AB7BC78549BB231821ABF7A9AEB674516F2B@EMBX01-WF.jnpr.net> <20110726112346.35893ibie0kwerqc@portland.eukhosting.net>
In-Reply-To: <20110726112346.35893ibie0kwerqc@portland.eukhosting.net>
Subject: RE: [secdir] secdir review of draft-ietf-dime-priority-avps-04
Date: Wed, 03 Aug 2011 16:45:24 -0400
Message-ID: <72EB8D918E1340B78140B407CFDF8BAE@davidPC>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MIMEOLE: Produced By Microsoft MimeOLE V6.1.7601.17609
Thread-index: AcxLhz1rdtZ6yE5iS46ImQV7TaxW6gGgZf0Q
X-Mailman-Approved-At: Thu, 04 Aug 2011 09:43:53 -0700
Cc: lionel.morand@orange-ftgroup.com, draft-ietf-dime-priority-avps.all@tools.ietf.org, ietf@ietf.org, secdir@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2011 20:45:28 -0000
Hi, Documents containing MIB modules must include a discussion of the sensitivity of the tables/objects in the MIB module. This includes the possible impact to the managed technologies that could be caused by an unauthorized or misguided change to a configuration, for example. Certainly the potential impact of using MIB objects to change the relative priority of a managed technology's sessions would need to be included in the read-write security considerations of the MIB module. See https://svn.tools.ietf.org/area/ops/trac/wiki/mib-security Using AVPs in Diameter to affect a similar change to the relative priority of a managed technology's sessions warrants a similar consideration of the sensitivity of the specific AVPs. David Harrington Director, IETF Transport Area Member of SECDIR, OPSDIR, and MIB Doctors directorates ietfdbh@comcast.net (preferred for ietf) dbharrington@huaweisymantec.com +1 603 828 1401 (cell) > -----Original Message----- > From: secdir-bounces@ietf.org > [mailto:secdir-bounces@ietf.org] On Behalf Of carlberg@g11.org.uk > Sent: Tuesday, July 26, 2011 7:24 AM > To: Stephen Hanna > Cc: lionel.morand@orange-ftgroup.com; > draft-ietf-dime-priority-avps.all@tools.ietf.org; > ietf@ietf.org; secdir@ietf.org > Subject: Re: [secdir] secdir review of > draft-ietf-dime-priority-avps-04 > > Steve, > > > Quoting Stephen Hanna <shanna@juniper.net>: > > > Thanks for your response, Ken. > > > > Removing the last sentence that you quoted would make things worse. > > Readers of this draft should definitely familiarize themselves with > > the security considerations related to priority. We should make that > > easier, not harder. The fact that those considerations also apply to > > other RFCs does not remove the fact that they apply to this > one also. > > but those considerations do not directly apply to DIAMETER. > > > You cannot publish a document whose security considerations section > > says (as this one effectively does today), "There are lots > of security > > considerations related to this document. To understand them, please > > dig through all the referenced documents and figure it out > yourself." > > Doing that digging and analysis is the job of the document editors. > > agreed, speaking in the general sense. But again, the security > considerations of these other protocols do not apply to the > operation > of Diameter. > > > In order to ease the burden on you, I think a reasonable compromise > > would be for YOU to review the documents referenced and decide which > > have the most relevant security considerations. Then you could list > > those explicitly in the last paragraph of the Security > Considerations. > > I'm concerned about the implications of your recommendation. If we > extend this position to other work in the IETF, then efforts like > defining MIBs would mean that each MIB draft would need to perform a > security considerations analysis of each protocol that an objects > refers to in the context of SNMP. And one can extend the argument > that each protocol operating on top of TCP (and/or UDP) and IP would > need to perform an analysis on how TCP/UDP and IP may affect > the upper > layer protocol. We don't do that today. > > cheers, > > -ken > > > _______________________________________________ > secdir mailing list > secdir@ietf.org > https://www.ietf.org/mailman/listinfo/secdir >
- re: secdir review of draft-ietf-dime-priority-avp… carlberg
- RE: secdir review of draft-ietf-dime-priority-avp… Stephen Hanna
- RE: secdir review of draft-ietf-dime-priority-avp… carlberg
- RE: secdir review of draft-ietf-dime-priority-avp… lionel.morand
- RE: secdir review of draft-ietf-dime-priority-avp… Stephen Hanna
- RE: secdir review of draft-ietf-dime-priority-avp… lionel.morand
- RE: [secdir] secdir review of draft-ietf-dime-pri… David Harrington