Re: [manet] Stephen Farrell's No Objection on draft-ietf-manet-rfc6779bis-06: (with COMMENT)
Ulrich Herberg <ulrich@herberg.name> Thu, 02 June 2016 05:17 UTC
Return-Path: <ulrich@herberg.name>
X-Original-To: manet@ietfa.amsl.com
Delivered-To: manet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A2EE12D0DE for <manet@ietfa.amsl.com>; Wed, 1 Jun 2016 22:17:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=herberg.name
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DoembDdzOfBQ for <manet@ietfa.amsl.com>; Wed, 1 Jun 2016 22:17:33 -0700 (PDT)
Received: from mail-io0-x231.google.com (mail-io0-x231.google.com [IPv6:2607:f8b0:4001:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A9ED12B020 for <manet@ietf.org>; Wed, 1 Jun 2016 22:17:30 -0700 (PDT)
Received: by mail-io0-x231.google.com with SMTP id k19so23427528ioi.3 for <manet@ietf.org>; Wed, 01 Jun 2016 22:17:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herberg.name; s=dkim; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=n5DBQwz2wWsVjHYGaM1CMZBzdu5+werlxuEvbTmQz6g=; b=EZHWcAeM+RJFINBhQSw3xBM14tOXidKcLtwwqRtYMtG0EXBWRbqlKfg4Okra0FKEm6 TC5N5mu1/0jhFssL8XPZwNOu3MAXuc1jF0/rt87gCcloBIQ43MsVe+jfyknKhKmf1enU 5/VEGZnmujio88v+D3J1W7agQ6rzglUnTjCGc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=n5DBQwz2wWsVjHYGaM1CMZBzdu5+werlxuEvbTmQz6g=; b=gWE2RXKnZrhOQml65ozjuRTljcXiCJ0kFMcxGhnXten9+/quaVAMZTk4rh21aSDQZL mD3mSKucrGc75Sn9DkUMrEO2cQ1mb4QG5fdAyfJy8+gmxHoeeUWU5Cl+/e+4DrM/USp3 7tGzKEVLTf/tpgKn69r61D98mV2xamT+B5hf1SEtga5s/zqamYuZz09ggX0hrjYVptfi K9lif6rSLQuywi/itULPceyuLVzHXrI/GiuBhMvi5dKOHu9rGcetOK8+1c5vxuLUPmde F6kA+HVyEb6ul/62d9lpmDTC1JJuk9L9M6TE3jtNfJysNJLe4GxrdNIKj7w7Fl3ONiDP T89g==
X-Gm-Message-State: ALyK8tI7shnzkho0zo9S5yrXxlQknFhbVv8wIPZ79zkPRqsNMywY6YlWkaVKz0y/fRKEgVYihfD/gmhx5MKB6g==
MIME-Version: 1.0
X-Received: by 10.107.180.11 with SMTP id d11mr1137834iof.151.1464844650126; Wed, 01 Jun 2016 22:17:30 -0700 (PDT)
Received: by 10.36.86.146 with HTTP; Wed, 1 Jun 2016 22:17:30 -0700 (PDT)
In-Reply-To: <574F3446.5010803@cs.tcd.ie>
References: <20160601182154.16139.60497.idtracker@ietfa.amsl.com> <D374A7B9.12A3A1%aretana@cisco.com> <574F3446.5010803@cs.tcd.ie>
Date: Wed, 01 Jun 2016 22:17:30 -0700
Message-ID: <CAK=bVC8rkRObZnYzVqZuyJGpsXZJK-oXWP=rvy+6PLSx0RjOsQ@mail.gmail.com>
From: Ulrich Herberg <ulrich@herberg.name>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/manet/AdloT0Qi_YB-g-Bu6HTZgBh9Gxw>
Cc: "manet-chairs@ietf.org" <manet-chairs@ietf.org>, "chris.dearlove@baesystems.com" <chris.dearlove@baesystems.com>, "manet@ietf.org" <manet@ietf.org>, "draft-ietf-manet-rfc6779bis@ietf.org" <draft-ietf-manet-rfc6779bis@ietf.org>, The IESG <iesg@ietf.org>
Subject: Re: [manet] Stephen Farrell's No Objection on draft-ietf-manet-rfc6779bis-06: (with COMMENT)
X-BeenThere: manet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mobile Ad-hoc Networks <manet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet>, <mailto:manet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/manet/>
List-Post: <mailto:manet@ietf.org>
List-Help: <mailto:manet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet>, <mailto:manet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jun 2016 05:17:35 -0000
Stephen, I have no concerns with matching the text to the boilerplate. There is one extra paragraph in addition to the minimal differences that Alvaro pointed out: "MANET technology is often deployed to support communications of emergency services or military tactical applications. In these applications, it is imperative to maintain the proper operation of the communications network and to protect sensitive information related to its operation. Therefore, it is RECOMMENDED to provide support for the Transport Security Model (TSM) [RFC5591] in combination with TLS/DTLS [RFC6353]." I am fine with removing this also to match the boiler plate 100%. Best regards Ulrich On Wed, Jun 1, 2016 at 12:15 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > On 01/06/16 20:04, Alvaro Retana (aretana) wrote: >> On 6/1/16, 2:21 PM, "iesg on behalf of Stephen Farrell" >> <iesg-bounces@ietf.org on behalf of >> stephen.farrell@cs.tcd.ie> wrote: >> >> Stephen: >> >> Hi! >> >>> - The security considerations section doesn't seem to >>> reflect the latest boilerplate. [2] Should it? I'm not >>> making this a discuss as it's a minor change to a MIB and >>> I accept that it's arguable that folks might not update >>> their SNMP security code whilst doing this. But I don't >>> think I've seen this case before (minor update to MIB >>> without changed security boilerplate) so maybe the IESG >>> should chat about it to decide if there's anything to be >>> done here. >> >> The variations from the boilerplate are minimal: > > (But represent some arm-wrestling effort between SEC > and OPS ads:-) > >> >> Boilerplate> >> ...The support for SET operations in a non-secure >> environment without proper protection opens devices to attack. >> >> ... >> Implementations SHOULD provide the security features described by the >> SNMPv3 framework (see [RFC3410]), and implementations claiming >> compliance >> to the SNMPv3 standard MUST include full support for authentication and >> privacy via the User-based Security Model (USM) [RFC3414] with the AES >> cipher algorithm [RFC3826]. >> >> >> >> rfc6779bis> >> ...The support for SET operations in a non-secure >> environment without proper protection can have a negative effect on >> network operations. >> >> ... >> Implementations MUST provide the security features described by the >> SNMPv3 framework (see [RFC3410]), including full support for >> authentication and privacy via the User-based Security Model (USM) >> [RFC3414] with the AES cipher algorithm [RFC3826]. >> >> >> I don't have any issues with making the text match. > > Great. Like I said I don't think this is discuss-worthy, > but OTOH, if someone's updating their code then that is > a good time to update the security stuff too. > > Cheers, > S. > >> >> Alvaro. >> >> >> >>> [2] https://trac.tools.ietf.org/area/ops/trac/wiki/mib-security >> >
- [manet] Stephen Farrell's No Objection on draft-i… Stephen Farrell
- Re: [manet] Stephen Farrell's No Objection on dra… Alvaro Retana (aretana)
- Re: [manet] Stephen Farrell's No Objection on dra… Stephen Farrell
- Re: [manet] Stephen Farrell's No Objection on dra… Ulrich Herberg