Re: [MIB-DOCTORS] Change the boilerplate - Alissa's DISCUSS
"ietfdbh" <ietfdbh@comcast.net> Fri, 11 July 2014 03:34 UTC
Return-Path: <ietfdbh@comcast.net>
X-Original-To: mib-doctors@ietfa.amsl.com
Delivered-To: mib-doctors@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A40071A0417 for <mib-doctors@ietfa.amsl.com>; Thu, 10 Jul 2014 20:34:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.651
X-Spam-Level:
X-Spam-Status: No, score=-2.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vyImQG5YV-Fb for <mib-doctors@ietfa.amsl.com>; Thu, 10 Jul 2014 20:34:16 -0700 (PDT)
Received: from qmta03.westchester.pa.mail.comcast.net (qmta03.westchester.pa.mail.comcast.net [IPv6:2001:558:fe14:43:76:96:62:32]) by ietfa.amsl.com (Postfix) with ESMTP id 8A7461A0403 for <mib-doctors@ietf.org>; Thu, 10 Jul 2014 20:34:16 -0700 (PDT)
Received: from omta15.westchester.pa.mail.comcast.net ([76.96.62.87]) by qmta03.westchester.pa.mail.comcast.net with comcast id QrNm1o0011swQuc53raGJx; Fri, 11 Jul 2014 03:34:16 +0000
Received: from JV6RVH1 ([67.189.237.137]) by omta15.westchester.pa.mail.comcast.net with comcast id QraF1o00Q2yZEBF3braFba; Fri, 11 Jul 2014 03:34:16 +0000
From: ietfdbh <ietfdbh@comcast.net>
To: 'Alissa Cooper' <alissa@cooperw.in>, 'Juergen Schoenwaelder' <j.schoenwaelder@jacobs-university.de>, 'Benoit Claise' <bclaise@cisco.com>
References: <CFE17DDA.458C3%alissa@cooperw.in> <53BC5081.6090809@cisco.com> <53BD6690.2040102@cisco.com> <53BE3D7E.2090302@bwijnen.net> <9904FB1B0159DA42B0B887B7FA8119CA5C83CC03@AZ-FFEXMB04.global.avaya.com> <53BE9F74.9080705@cisco.com> <20140710151138.GB90581@elstar.local> <CFE3FCE9.45FFF%alissa@cooperw.in>
In-Reply-To: <CFE3FCE9.45FFF%alissa@cooperw.in>
Date: Thu, 10 Jul 2014 23:34:14 -0400
Message-ID: <03b701cf9cb8$fce056f0$f6a104d0$@comcast.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFl8rZKGe1/GoUrOyAIbnSi/UNwbgJVJfCQAeLZGl0Bnx6yJAI0KPZzAi+DyFYBjLkK6gEvfGyqnAXUgAA=
Content-Language: en-us
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1405049656; bh=AOkqHWw98ByC1jqfaUYzn4rDR0bb/JMevalBKQv4VPE=; h=Received:Received:From:To:Subject:Date:Message-ID:MIME-Version: Content-Type; b=P/sUzbFZoAt3reTyq/w8OZi7AbtMNjeX5vC21xMrMyg9DUMKrMoo9OvEwhqy3+RWj 2kMN/mnSysElHbqMZJLkBeN+K+vbB/d/9E0JMVRdK3baHlN3aHXo1WmzlkSPbISwyp Hyj/wqHL91OORxVFNPzcGTgWaCWZ3f9H6TK72XeQWwUPvYMhbiwPtnorh34nuCVbHm ooZ/sR3qyZjlNH5iLP5kTLlPaXs3sWZYSs1dDYEH6gaZGsEyxTohUwAqZWtUU5uu3b 4I8Ik5wz++ea5wpQcog+/iLQAfM2Qw9/aHXLfmDXvZR8JJmH/4mZgQss05kpWcDsiH 3rzl5TF+K/1Og==
Archived-At: http://mailarchive.ietf.org/arch/msg/mib-doctors/2NQF_XPEr_3X67uTTZ4BzgvSD7o
Cc: 'Adrian Farrel' <adrian@olddog.co.uk>, sec-ads@tools.ietf.org, "'MIB Doctors (E-mail)'" <mib-doctors@ietf.org>
Subject: Re: [MIB-DOCTORS] Change the boilerplate - Alissa's DISCUSS
X-BeenThere: mib-doctors@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: MIB Doctors list <mib-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mib-doctors>, <mailto:mib-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mib-doctors/>
List-Post: <mailto:mib-doctors@ietf.org>
List-Help: <mailto:mib-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mib-doctors>, <mailto:mib-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jul 2014 03:34:18 -0000
" adding a special section or extra text to discuss privacy concerns in the IoT-related documents is the right way to go." +1 David Harrington ietfdbh@comcast.net +1-603-828-1401 > -----Original Message----- > From: MIB-DOCTORS [mailto:mib-doctors-bounces@ietf.org] On Behalf Of > Alissa Cooper > Sent: Thursday, July 10, 2014 11:28 AM > To: Juergen Schoenwaelder; Benoit Claise > Cc: Adrian Farrel; sec-ads@tools.ietf.org; MIB Doctors (E-mail) > Subject: Re: [MIB-DOCTORS] Change the boilerplate - Alissa's DISCUSS > > Perhaps rather than re-discussing the boilerplate, we could discuss what > the purpose of the boilerplate is. > > If the purpose of the boilerplate is to provide text that authors can look > at and say, “yes, in the case of this document, the boilerplate fully > covers the security considerations of the MIB being specified,” then I > think it’s a great thing to have. If the purpose of the boilerplate is to > keep any additional security consideration not covered in the boilerplate > from being addressed in a MIB document, then it seems overly constricting. > > Security considerations change over time. I’m assuming that home/device > energy monitoring wasn’t really top of mind when SNMP was developed or > when the boilerplate was originally written. So it’s not surprising that > new security issues are arising that aren’t addressed within the > boilerplate. If the boilerplate were just a suggestion of text and not a > limitation on what can be documented, we could accommodate the changing > times fairly easily. > > In my original DISCUSS, all I suggested was text that could be provided in > addition to the boilerplate: > > "In certain situations, energy and power monitoring can reveal sensitive > information about individuals' activities and habits. Implementors of this > specification should use appropriate privacy protections as discussed in > Section 9 of RFC 6988 and monitoring of individuals and homes should only > occur > with proper authorization.” > > I have not had time to look at Stephen’s comments but I agree with him and > Bert that adding a special section or extra text to discuss privacy > concerns in the IoT-related documents is the right way to go. > > Alissa > > > On 7/10/14, 8:11 AM, "Juergen Schoenwaelder" > <j.schoenwaelder@jacobs-university.de> wrote: > > >On Thu, Jul 10, 2014 at 04:13:08PM +0200, Benoit Claise wrote: > >> Dear all, > >> > >> The email below refers to Alissa's DISCUSS > >> See > >> > >>http://datatracker.ietf.org/doc/draft-ietf-eman-energy-monitoring- > mib/bal > >>lot/#alissa-cooper > >> > >> Alissa refers to this sentence in the boilerplate at > >> http://trac.tools.ietf.org/area/ops/trac/wiki/mib-security > >> > >> Implementations SHOULD provide the security features described > >> by the > >> SNMPv3 framework (see [RFC3410]), and implementations claiming > >> compliance > >> to the SNMPv3 standard MUST include full support for > >> authentication and > >> privacy via the User-based Security Model (USM) [RFC3414] with > >> the AES > >> cipher algorithm [RFC3826]. > >> > >> From the discussion (Dan andBert's feedback, on top of mine) , it seems > >> that there are valid reasons to keep a SHOULD here in the generic > >> boilerplate. > >> > >> So what next? > >> - Should we justify the reasons in the boiler plate > >> - Should we give some freedom in the boilerplate? > >> > >> Implementations SHOULD provide the security features described > >> by the > >> SNMPv3 framework (see [RFC3410]), and implementations claiming > >> compliance > >> to the SNMPv3 standard MUST include full support for > >> authentication and > >> privacy via the User-based Security Model (USM) [RFC3414] with > >> the AES > >> cipher algorithm [RFC3826]. > >> > >> <if there are use cases where a MUST is required, described > >> them here> > >> > >> Now, I hope it will not be abused by Security ADs, requesting a MUST > >> for every single MIB module. > >> - Something else? > >> - Stop writing MIB modules :-) > >> > > > >Do nothing, re-discuss this every other year. ;-) > > > >/js > > > >-- > >Juergen Schoenwaelder Jacobs University Bremen gGmbH > >Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany > >Fax: +49 421 200 3103 <http://www.jacobs-university.de/> > > > _______________________________________________ > MIB-DOCTORS mailing list > MIB-DOCTORS@ietf.org > https://www.ietf.org/mailman/listinfo/mib-doctors
- [MIB-DOCTORS] Fwd: Re: Alissa Cooper's Discuss on… Benoit Claise
- Re: [MIB-DOCTORS] Fwd: Re: Alissa Cooper's Discus… Thomas D. Nadeau
- [MIB-DOCTORS] Change the boilerplate (was: Fwd: R… Benoit Claise
- Re: [MIB-DOCTORS] Change the boilerplate Bert Wijnen (IETF)
- Re: [MIB-DOCTORS] Change the boilerplate Benoit Claise
- Re: [MIB-DOCTORS] Change the boilerplate Bert Wijnen (IETF)
- Re: [MIB-DOCTORS] Change the boilerplate Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] Change the boilerplate Stephen Farrell
- Re: [MIB-DOCTORS] Change the boilerplate Thomas D. Nadeau
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Benoit Claise
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Stephen Farrell
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Benoit Claise
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Kathleen Moriarty
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Juergen Schoenwaelder
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Juergen Schoenwaelder
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Kathleen Moriarty
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Alissa Cooper
- Re: [MIB-DOCTORS] Change the boilerplate David Harrington
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… ietfdbh
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… ietfdbh
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… ietfdbh
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Kathleen Moriarty