IETF Logo Mail Archive

Re: [IPsec] AD Review of draft-ietf-ipsecme-mib-iptfs-03

Roman Danyliw <rdd@cert.org> Tue, 20 September 2022 19:25 UTC

Return-Path: <rdd@cert.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74172C1522D3 for <ipsec@ietfa.amsl.com>; Tue, 20 Sep 2022 12:25:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BfopnlXJR9E1 for <ipsec@ietfa.amsl.com>; Tue, 20 Sep 2022 12:25:49 -0700 (PDT)
Received: from USG02-CY1-obe.outbound.protection.office365.us (mail-cy1usg02on0097.outbound.protection.office365.us [23.103.209.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58908C14CE2C for <ipsec@ietf.org>; Tue, 20 Sep 2022 12:25:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=HDIfLOA4twYV7Gf4zjY/kr3AojV6HBjEgf/o9QrNf9gy7R2HmoenKO2GHXP4+xNImWYutf1DfzGgMq0/5Om7zReXUPl4YN8/Z5Z2EljmyzxQCXEq7wcrG4ZVtWIX5DOQGIKISOLjklwtUWTPK+diLJAEsPt7ZpX3s4zfTwrfPzkbO16eoFexZ5HGkFHn6IUCYtnGh+I/82xCJcQlUv8onYCLDmznrS21nPwngRKa2x42+RKqz5pn2a8h49kQ18f7MCtzy7XP0ZwGvy2/f7moHKydgDAI5jrHk25aR2nW/3sMHBOhAPvoEBzeEf/MtYd1EpBAoB7BKRD7aW2IA0clpA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3OMOTMmGLHrKgqMppK9/kaeCVVzTRZcDSAFsgd5DhG8=; b=ORgFYeBq2/lhC9bDCATlunA/YSRywTjeCdeWcixmSVfrqjnSgCsvtx6NRnDRjrNgJVu8zvsCS4bmM4Nxkw7w3fdz9iQjV6P1SFvnsWyzna8wHCJBChdP3pcgYkZ2sp04GYgdZsk5i+a/b7db8kUZJg3OcOpd5BQKghYY9BYfQrIT/RoKHuDyJ7aW6eENZelmMwQOsqiTsmzF4l4rvOeB9MRwyTyv9inkMTOck0lOf2mUFikMar3bMzj2RTHgTj0ysqVYIaly6bSho2CQLEghL2yWC+noKUNNQHn46dj7sDDgnujwOgessI+Ss8A8WB3jGbeA0IXD7lZ9iqkVXO+RWw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3OMOTMmGLHrKgqMppK9/kaeCVVzTRZcDSAFsgd5DhG8=; b=h52oeBewBTLS1ZDRmNOOrhf72Ek45DlRhGh6ktShVJyyLuh/IGRvqK+fx1bau04dalp+mRJcac6oTjB+Vk0IdEDS5iLzJr2hsDDWYKQs0A1YV4Vj4ElaZAxQ82tO7GF4+UZ42DsigjMhRGYu5EcJIZ95QYpyQ6yKHVa3wsjwVQg=
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:168::11) by BN2P110MB1745.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:16b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5632.16; Tue, 20 Sep 2022 19:25:44 +0000
Received: from BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::1ef:ed97:32f:fb3c]) by BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM ([fe80::1ef:ed97:32f:fb3c%6]) with mapi id 15.20.5632.021; Tue, 20 Sep 2022 19:25:44 +0000
From: Roman Danyliw <rdd@cert.org>
To: Don Fedyk <dfedyk@labn.net>, "ipsec@ietf.org WG" <ipsec@ietf.org>
Thread-Topic: AD Review of draft-ietf-ipsecme-mib-iptfs-03
Thread-Index: AdidLyNulkzFbqRDQV2nL3iEUfzovgv8GpCQAAGOyzA=
Date: Tue, 20 Sep 2022 19:25:44 +0000
Message-ID: <BN2P110MB11076DB7D76D42CF6DBEA94EDC4C9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
References: <BN2P110MB1107B4A565C794F43F6297FCDC919@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <MN2PR14MB4030599E84E6167EF53FA41FBB4C9@MN2PR14MB4030.namprd14.prod.outlook.com>
In-Reply-To: <MN2PR14MB4030599E84E6167EF53FA41FBB4C9@MN2PR14MB4030.namprd14.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN2P110MB1107:EE_|BN2P110MB1745:EE_
x-ms-office365-filtering-correlation-id: 7f3d7e89-19a5-4a75-d903-08da9b3de9fb
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RjrpqZLACGGLbcIfJC1XelyftiEuFu66ppJyNVQpd0qMfj2clUp313PVtHOxDAwDGlzhgI+Jb+VNXqySZfkrI997eIePSaMnxp1Pd7e1Hp4YgS7KEaYkdiErQn7V17SL/O//AuJkqqKsblgylZYBHmra55jiTtVUGqEYbQurA3LYISkHDgkhm76xG176Gcis8u37AMZeOk6Y0FlWU4X97RjwlEXNCYlUHEbU3mot2cTSjOgXSOaiSoYyXoZJa+sGMwgtH+5afTJnP3B8qwQ2wMm08mgUQw4mrlMKtysNd/g8eAAN/92CEfiLGrRLcmiSIfhA9gxG93bdZQo+iKW4H6iohKJR9y2ZcwX9jcAzDfEsm2bmk0E7v1W3XnTld9hJgR+Gx2v4kOYRvqDIa5p6KJZKAUMVHj//EqVb2Oy5SivEmrpJ3ermfYGLE0o39aQ9CbRNc8/m9igoyX8WT4nkKL3OdCJE0La2jCtyFjqhubTifrFrbuEhTKxmlc0C0q0jB+RQgc0+FscLaSP9wSzl0FLIhzik0KyGI2Zl6KrGAt0vYSpaJ1jynioFx4AdEG1rspMhN+Lp5EA7D3YULFIpu7GwLplFAZRijdA4S5vWNTYYPWpbMTbzOdXHHSx9YNP1FvkRQ02NHW6ebcVkF5iMphgtreejLfto+7bCtp7GgchmotN3x75dXum02JFxSPXZEf4NpsTVg+I5y2hzSPHhug==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(366004)(451199015)(186003)(7696005)(6506007)(83380400001)(53546011)(9686003)(86362001)(66946007)(66476007)(66556008)(64756008)(66446008)(55016003)(52536014)(5660300002)(76116006)(8676002)(498600001)(966005)(71200400001)(122000001)(110136005)(82960400001)(38070700005)(8936002)(38100700002)(33656002)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: q69Zk1ZZftCu3BlzLT9H9nhjR1/26IAuNt54bawLcSYOWJmn9Ve9TLdJTjGdzRHWmhBdZB3BtJ1Rnqk41rt3Q4wkGCMpnm7OmLbB7INWD2HnGN20R81QekMdJPjM7SSLk+iEVLSZIX13PAEESUFc3dxiNieKnv+pFeMiG+5JkzRtkYtaxqDHxIHlHgIyDO+EOyndALJdjUlJ08xFzWr6MBU3kkdY89kpX6eF61BiPKT0bltW1+QW6NQIqAkUT9mNM+sOqJogRGh/YlZEW7Gs8CKuSQQpbMBaaOVgdQIFILfW+IJKTcd3NlQKraHFJnnqyFGiYk9qtV+qW0TZYm+52ImwRvEm2YUzsDJ9lNqFMmWK61Ktaep2ELYN7Cz6YkxQivGeoTvE9FJrx1V5aJlDJAQRng/UKj2eXk5qC3vgEusSWj/sngAkR6C5D4GKQdIvJWO0Ml8S3V53jtmGnHYxHsLqesl3YbOBfv9Z2YeMpTE=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 7f3d7e89-19a5-4a75-d903-08da9b3de9fb
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Sep 2022 19:25:44.6628 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN2P110MB1745
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/-R3Y45XoRzMlO8lQjxWcB7mM42w>
Subject: Re: [IPsec] AD Review of draft-ietf-ipsecme-mib-iptfs-03
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Sep 2022 19:25:53 -0000

Hi Don!

Thanks for all of the changes.   I snipped all of the text where the -04 addressed the issue.  A few more comments below.

I'm advancing the document to IETF LC.

> -----Original Message-----
> From: IPsec <ipsec-bounces@ietf.org> On Behalf Of Roman Danyliw
> Sent: Thursday, July 21, 2022 2:27 PM
> To: ipsec@ietf.org WG <ipsec@ietf.org>
> Subject: [IPsec] AD Review of draft-ietf-ipsecme-mib-iptfs-03
> ** Section 4.2.  Surround the MIB module with  '<CODE BEGINS>' and '<CODE
> ENDS>' lines [don] are we doing this anymore? The practice seems to have
> disappeared with YANG.  I don't see this in any MIBs I can add but I don't see an
> example.

I thought that's what we were doing but this is a minor editorial matter that that RFCEditor can help us with at the very end.

> ** Section 6.
>    Further, deployment of SNMP versions prior to SNMPv3 is NOT
>    RECOMMENDED.  Instead, it is RECOMMENDED to deploy SNMPv3 and to
>    enable cryptographic security.
> 
> Given the IPTFS is new functionality and isn't likely to be added to legacy
> codebases or devices constrained to SNMPv1 is possible, could this read that
> SNMPv3 is required?
> [don] We used the suggested text that was supplied from WG AD review.  I
> think this is kind of boiler plate.

It must have been Ben who provided this feedback during an earlier AD review?

Ah, I see what you mean by boilerplate per https://trac.ietf.org/trac/ops/wiki/mib-security.  It has been a while since I processed a MIB module.

Roman

v2.23.0 | Report a Bug | By Email