Re: [MIB-DOCTORS] Change the boilerplate - Kathleen'DISCUSS point 2
Benoit Claise <bclaise@cisco.com> Thu, 10 July 2014 13:52 UTC
Return-Path: <bclaise@cisco.com>
X-Original-To: mib-doctors@ietfa.amsl.com
Delivered-To: mib-doctors@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 400221B28F1 for <mib-doctors@ietfa.amsl.com>; Thu, 10 Jul 2014 06:52:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.152
X-Spam-Level:
X-Spam-Status: No, score=-15.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NbqLz5diz63a for <mib-doctors@ietfa.amsl.com>; Thu, 10 Jul 2014 06:52:29 -0700 (PDT)
Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C7671A05CB for <mib-doctors@ietf.org>; Thu, 10 Jul 2014 06:52:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10045; q=dns/txt; s=iport; t=1405000348; x=1406209948; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=bdl9hLZvztwpux8tjAGpVMmPYDpmKr2zObeVSgtBDOE=; b=A3sYoauJ4N+5TqvNK+7Z+gLT7J0l+zsuO/OobnzCoyD+oJNSxAJNF1HF KAFsPdmN0iIk5RW53pcsGBo2BkDLdA/mr3Lv4GralUopOLcv8iCHVrOnL Kqz8bgQJKs5ZWxPHL8f6kh5lc2kjZjm9c/HwF4Vo0d4IR8cKQb3901WZh k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AnYLAGGZvlOtJssW/2dsb2JhbABZg2C/fAwJhzcBgSF1hAMBAQEDAQEBAS8BBTYKAQUHBAsRAwECAQkWCAcJAwIBAgEVHwkIBgEMAQUCAQEFiDEIDcd0F45iEQECTgcGhD0BBJsAgUiFR40Gg0U7L4EL
X-IronPort-AV: E=Sophos;i="5.01,638,1400025600"; d="scan'208";a="103021439"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP; 10 Jul 2014 13:52:25 +0000
Received: from [10.60.67.84] (ams-bclaise-8913.cisco.com [10.60.67.84]) by aer-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id s6ADqOol019740; Thu, 10 Jul 2014 13:52:25 GMT
Message-ID: <53BE9A98.8020805@cisco.com>
Date: Thu, 10 Jul 2014 15:52:24 +0200
From: Benoit Claise <bclaise@cisco.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: "Thomas D. Nadeau" <tnadeau@lucidvision.com>, "Bert Wijnen (IETF)" <bertietf@bwijnen.net>
References: <CFE17DDA.458C3%alissa@cooperw.in> <53BC5081.6090809@cisco.com> <53BD6690.2040102@cisco.com> <53BE3D7E.2090302@bwijnen.net> <35D0B6EE-BEC2-44EB-869B-CBE462FE3CAB@lucidvision.com>
In-Reply-To: <35D0B6EE-BEC2-44EB-869B-CBE462FE3CAB@lucidvision.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/mib-doctors/HmMuoqcbciJFFi78OqYsZ59R9Y4
Cc: "MIB Doctors (E-mail)" <mib-doctors@ietf.org>, Alissa Cooper <alissa@cooperw.in>, sec-ads@tools.ietf.org, Farrel Adrian <adrian@olddog.co.uk>
Subject: Re: [MIB-DOCTORS] Change the boilerplate - Kathleen'DISCUSS point 2
X-BeenThere: mib-doctors@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: MIB Doctors list <mib-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mib-doctors>, <mailto:mib-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mib-doctors/>
List-Post: <mailto:mib-doctors@ietf.org>
List-Help: <mailto:mib-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mib-doctors>, <mailto:mib-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jul 2014 13:52:32 -0000
Dear all, Let's try to address one point at a time, and get closure one by one. https://datatracker.ietf.org/doc/draft-ietf-eman-energy-aware-mib/ballot/#kathleen-moriarty Kathleen proposes: OLD: "The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations." NEW: "The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations or leave cyber physical devices used by individuals, homes, and business vulnerable to attack." I believe this new proposal makes sense. Does anybody object? Regards, Benoit > On Jul 10, 2014:3:15 AM, at 3:15 AM, Bert Wijnen (IETF) <bertietf@bwijnen.net> wrote: > >> it is always interesting to see that when we get new ADs that we must rediscuss this whole topic. > This is precisely one of the things that is broken about the IETF these days, if you ask me: the re-re-re-discussion of topics at the 11:59th hour of a document's progress through the gauntlet. > >> But yes, there are/were implementations/deployments where one uses dedicated (secure) networks >> for the network management systems, and so that would work under a SHOULD. > I agree. Not all network operators use a secure management network, but many do. > >> I do not recall if that was/is the only reason why we agreed on a SHOULD instead of MUST. > I don't think you can do a MUST here; not everyone uses v3 - in fact, I think if you poll implementations you'll find VERY FEW using v3. > > --Tom > > > >> Bert >> >> On 09/07/14 17:58, Benoit Claise wrote: >>> MIB doctors, >>> >>> Let me focus the discussion a little bit. >>> Alissa refers to this sentence in the boilerplate at http://trac.tools.ietf.org/area/ops/trac/wiki/mib-security >>> >>> Implementations SHOULD provide the security features described by the >>> SNMPv3 framework (see [RFC3410]), and implementations claiming compliance >>> to the SNMPv3 standard MUST include full support for authentication and >>> privacy via the User-based Security Model (USM) [RFC3414] with the AES >>> cipher algorithm [RFC3826]. >>> >>> >>> Alissa's feedback is: >>> >>> It is a little disconcerting that use of SNMPv3 is provided as a SHOULD-level requirement without discussion of deployment >>> scenarios and regardless of the sensitivity of the data being made available by any new MIB. For example, the tradeoffs between >>> security and utility might be reasonable if (1) I’m using an older SNMP version on my closed home network to monitor my own >>> energy use, but not if (2) my ISP is using it to monitor the same thing. The text quoted above basically endorses unauthorized >>> energy monitoring if the provider does not support SNMPv3, whereas it seems like what we would want to be saying is that in >>> cases like (2) SNMPv3 is required. >>> >>> Can one of the old timers (who was part of the discussion) explain the SHOULD rational? Personally, I can see two use cases in favor >>> off the SHOULD: an older SNMP version in a closed network, or a private data communication network dedicated to network management >>> with special protection out of SNMP (like encrypted tunnel) >>> >>> Should we now modify this sentence to say? >>> >>> MUST provide the security features described by the >>> SNMPv3 framework (see [RFC3410]) >>> >>> Regards, Benoit >>> >>>> MIB doctors, >>>> >>>> It seems that the "Security Guidelines for IETF MIB modules" receives comment for each MIB module submitted to the IESG. >>>> Is it time to modify it, or are we redoing the same discussions over and over? >>>> >>>> Regards, Benoit >>>> >>>> >>>> -------- Original Message -------- >>>> Subject: Re: Alissa Cooper's Discuss on draft-ietf-eman-energy-monitoring-mib-12: (with DISCUSS and COMMENT) >>>> Date: Tue, 8 Jul 2014 13:02:50 -0700 >>>> From: Alissa Cooper <alissa@cooperw.in> >>>> To: Benoit Claise <bclaise@cisco.com>, The IESG <iesg@ietf.org> >>>> CC: <draft-ietf-eman-energy-monitoring-mib@tools.ietf.org>, <eman-chairs@tools.ietf.org> >>>> >>>> >>>> >>>> Hi Benoit, >>>> >>>> On 7/8/14, 1:44 AM, "Benoit Claise" <bclaise@cisco.com <mailto:bclaise@cisco.com>> wrote: >>>> >>>> Hi Alissa, >>>> >>>> Thanks for your review. >>>>> Alissa Cooper has entered the following ballot position for >>>>> draft-ietf-eman-energy-monitoring-mib-12: Discuss >>>>> >>>>> When responding, please keep the subject line intact and reply to all >>>>> email addresses included in the To and CC lines. (Feel free to cut this >>>>> introductory paragraph, however.) >>>>> >>>>> >>>>> Please refer tohttp://www.ietf.org/iesg/statement/discuss-criteria.html >>>>> for more information about IESG DISCUSS and COMMENT positions. >>>>> >>>>> >>>>> The document, along with other ballot positions, can be found here: >>>>> http://datatracker.ietf.org/doc/draft-ietf-eman-energy-monitoring-mib/ >>>>> >>>>> >>>>> >>>>> ---------------------------------------------------------------------- >>>>> DISCUSS: >>>>> ---------------------------------------------------------------------- >>>>> >>>>> Section 11 is missing a discussion of the privacy considerations of >>>>> energy and power monitoring. I would suggest something along the lines of >>>>> the following: >>>>> >>>>> "In certain situations, energy and power monitoring can reveal sensitive >>>>> information about individuals' activities and habits. Implementors of >>>>> this specification should use appropriate privacy protections as >>>>> discussed in Section 9 of RFC 6988 and monitoring of individuals and >>>>> homes should only occur with proper authorization." >>>> Regarding your first sentence, I propose the following text, which would be in line with Security Guidelines for IETF MIB >>>> modules at http://trac.tools.ietf.org/area/ops/trac/wiki/mib-security >>>> >>>> Some of the readable objects in this MIB module (i.e., objects with a >>>> MAX-ACCESS other than not-accessible) may be considered sensitive or >>>> vulnerable in some network environments. It is thus important to >>>> control even GET and/or NOTIFY access to these objects and possibly >>>> to even encrypt the values of these objects when sending them over >>>> the network via SNMP. These are the tables and objects and their >>>> sensitivity/vulnerability: >>>> >>>> Access to the content of the eoPowerStateTable, eoEnergyTable, and >>>> eoACPwrAttributesTable MIB tables can reveal sensitive >>>> information about individuals' activities and habits >>>> >>>> Sounds good to me. >>>> >>>> >>>> Since this document is essentially a MIB module, your last sentence is covered by >>>> >>>> implementations >>>> claiming compliance to the SNMPv3 standard MUST include full >>>> support for authentication and privacy via the User-based >>>> Security Model (USM) [RFC3414 <http://tools.ietf.org/html/rfc3414>] with the AES cipher algorithm >>>> [RFC3826 <http://tools.ietf.org/html/rfc3826>]. >>>> >>>> RFC 6988 notes the need for privacy protections for stored data, which the above text does not speak to, so I still think a >>>> reference to RFC 6988 would add value here. >>>> >>>> It is a little disconcerting that use of SNMPv3 is provided as a SHOULD-level requirement without discussion of deployment >>>> scenarios and regardless of the sensitivity of the data being made available by any new MIB. For example, the tradeoffs between >>>> security and utility might be reasonable if (1) I’m using an older SNMP version on my closed home network to monitor my own energy >>>> use, but not if (2) my ISP is using it to monitor the same thing. The text quoted above basically endorses unauthorized energy >>>> monitoring if the provider does not support SNMPv3, whereas it seems like what we would want to be saying is that in cases like >>>> (2) SNMPv3 is required. >>>> >>>> I understand that this is basically boilerplate language for MIB docs, so I’m not sure what can be done, but it seems unfortunate. >>>> >>>> Alissa >>>> >>>> >>>> >>>>> ---------------------------------------------------------------------- >>>>> COMMENT: >>>>> ---------------------------------------------------------------------- >>>>> >>>>> Section 12.1: >>>>> "New Assignments (and potential deprecation) to Power State Sets >>>>> shall be administered by IANA and the guidelines and procedures >>>>> are specified in [EMAN-FMWK], and will, as a consequence, the >>>>> IANAPowerStateSet Textual Convention should be updated." >>>>> >>>>> Not sure what this sentence means. >>>> Good catch. >>>> NEW: >>>> >>>> "New Assignments (and potential deprecation) to Power State Sets >>>> shall be administered by IANA and the guidelines and procedures >>>> are specified in [EMAN-FMWK], and will, as a consequence, update the >>>> IANAPowerStateSet Textual Convention." >>>> >>>> >>>> Regards, Benoit (as a document author) >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> MIB-DOCTORS mailing list >>>> MIB-DOCTORS@ietf.org >>>> https://www.ietf.org/mailman/listinfo/mib-doctors >>> >>> >>> _______________________________________________ >>> MIB-DOCTORS mailing list >>> MIB-DOCTORS@ietf.org >>> https://www.ietf.org/mailman/listinfo/mib-doctors >>> >> _______________________________________________ >> MIB-DOCTORS mailing list >> MIB-DOCTORS@ietf.org >> https://www.ietf.org/mailman/listinfo/mib-doctors >>
- [MIB-DOCTORS] Fwd: Re: Alissa Cooper's Discuss on… Benoit Claise
- Re: [MIB-DOCTORS] Fwd: Re: Alissa Cooper's Discus… Thomas D. Nadeau
- [MIB-DOCTORS] Change the boilerplate (was: Fwd: R… Benoit Claise
- Re: [MIB-DOCTORS] Change the boilerplate Bert Wijnen (IETF)
- Re: [MIB-DOCTORS] Change the boilerplate Benoit Claise
- Re: [MIB-DOCTORS] Change the boilerplate Bert Wijnen (IETF)
- Re: [MIB-DOCTORS] Change the boilerplate Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] Change the boilerplate Stephen Farrell
- Re: [MIB-DOCTORS] Change the boilerplate Thomas D. Nadeau
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Benoit Claise
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Stephen Farrell
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Benoit Claise
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Kathleen Moriarty
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Juergen Schoenwaelder
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Juergen Schoenwaelder
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Kathleen Moriarty
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Alissa Cooper
- Re: [MIB-DOCTORS] Change the boilerplate David Harrington
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… ietfdbh
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… ietfdbh
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… ietfdbh
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Kathleen Moriarty