Gen-ART review of draft-ietf-bfd-mib-17

"Black, David" <> Wed, 16 April 2014 23:31 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id D97341A0410; Wed, 16 Apr 2014 16:31:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.273
X-Spam-Status: No, score=-2.273 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DzgEx2SxbtlP; Wed, 16 Apr 2014 16:31:13 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 27E6A1A040F; Wed, 16 Apr 2014 16:31:12 -0700 (PDT)
Received: from ( []) by (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s3GNV7C1003223 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 16 Apr 2014 19:31:08 -0400
X-DKIM: OpenDKIM Filter v2.4.3 s3GNV7C1003223
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;; s=jan2013; t=1397691068; bh=v3EwX5/iElkqecTL8cKXJGphWVY=; h=From:To:CC:Date:Subject:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=pfeRnmVgmn7BlgDHfYP1Npst+unTEj122jtCF8Fu/TMZeLbg+uoUKnuTYia3agmwO EWzfwTZYp0cTEjSeXczyOxPNC6JEEw486ONQylWX15QvyIh3dsbzYuaBnZnb/gKDhQ P1TPDMXa0ezF81zdRhwGggv8nbUK4y6OVaqhkjmM=
X-DKIM: OpenDKIM Filter v2.4.3 s3GNV7C1003223
Received: from ( []) by (RSA Interceptor); Wed, 16 Apr 2014 16:30:59 -0700
Received: from ( []) by (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s3GNUv2n006543 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 16 Apr 2014 19:30:58 -0400
Received: from ([]) by ([::1]) with mapi; Wed, 16 Apr 2014 19:30:57 -0400
From: "Black, David" <>
To: "" <>, "" <>, "" <>, "General Area Review Team (" <>
Date: Wed, 16 Apr 2014 19:30:56 -0400
Subject: Gen-ART review of draft-ietf-bfd-mib-17
Thread-Topic: Gen-ART review of draft-ietf-bfd-mib-17
Thread-Index: Ac9Zy+Zk0qHspTLsTUq2+7kL82/PpA==
Message-ID: <>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "" <>, "" <>, "Black, David" <>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 16 Apr 2014 23:31:18 -0000

I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at


Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-ietf-bfd-mib-17
Reviewer: David L. Black
Review Date: April 16, 2014
IETF LC End Date: April 28, 2014

Summary: This draft is on the right track, but has open issues
		described in the review.

This draft is a MIB module for the BFD protocol, which is an important low-
level routing protocol.  The draft is reasonable for a MIB draft; one needs
to go read the protocol documents to understand how the protocol works, and
significant portions of the text are derived from the usual MIB "boilerplate"
as one would expect.  The "Brief Description of MIB Objects" is indeed
brief, but reasonable.  The shepherd writeup indicates that there are
multiple implementations.

Major issues:

This MIB contains many writable objects, so the authors should
take note of the IESG statement on writable MIB modules:

I did not see this mentioned in the shepherd writeup.  If the OPS Area
has not been consulted, I strongly suggest doing so during IETF Last
Call, e.g., starting with Benoit Claise (AD).

Minor issues:

The security considerations section includes considerations for
unauthorized modification of bfdSessAdminStatus and bfdSessOperStatus,
but omits the corresponding considerations for bfdAdminStatus and
bfdSessNotificationsEnable.  Both of the latter objects are global,
so significant damage can be inflicted via these objects with a
small number of unauthorized modifications, so they need to be
included in the first list of sensitive objects.

I suggest that the authors recheck the entire MIB to ensure that
every object or table that should be included in the security
considerations section is appropriately included.

Also, as a General Variable, would bfdSessNotificationsEnable be better
named bfdNotificationsEnable, as it's not in the BFD Session Table?

I did not see a compliance requirement for a system that only
implements BFD protocol version 0.  That absence should at least be
mentioned somewhere.  For example, if this reflects a considered and
deliberate decision by the WG, that should be mentioned in the

Nits/editorial comments:

In the security considerations for authentication-related objects:

   In order for these sensitive information
   from being improperly accessed, implementers MAY wish to disallow
   access to these objects.
   In order to prevent this sensitive information
   from being improperly accessed, implementers MAY disallow
   access to these objects.

idnits 2.13.01 found a truly minor nit that should be corrected when
the draft is next revised:

  == Outdated reference: A later version (-05) exists of

it also generated a warning that probably does not reflect an actual problem:

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at for more information.)

David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786        Mobile: +1 (978) 394-7754