Re: [MIB-DOCTORS] Change the boilerplate - Kathleen'DISCUSS point 2
Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 10 July 2014 13:56 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: mib-doctors@ietfa.amsl.com
Delivered-To: mib-doctors@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 269E41A03EF for <mib-doctors@ietfa.amsl.com>; Thu, 10 Jul 2014 06:56:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DIh2G1uRDDAm for <mib-doctors@ietfa.amsl.com>; Thu, 10 Jul 2014 06:55:58 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 635811A03A4 for <mib-doctors@ietf.org>; Thu, 10 Jul 2014 06:55:56 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 481B2BDFE; Thu, 10 Jul 2014 14:55:56 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 032nGNV-KSDz; Thu, 10 Jul 2014 14:55:54 +0100 (IST)
Received: from [10.87.48.9] (unknown [86.46.20.156]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 1285FBE14; Thu, 10 Jul 2014 14:55:53 +0100 (IST)
Message-ID: <53BE9B68.1010509@cs.tcd.ie>
Date: Thu, 10 Jul 2014 14:55:52 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Benoit Claise <bclaise@cisco.com>, "Thomas D. Nadeau" <tnadeau@lucidvision.com>, "Bert Wijnen (IETF)" <bertietf@bwijnen.net>
References: <CFE17DDA.458C3%alissa@cooperw.in> <53BC5081.6090809@cisco.com> <53BD6690.2040102@cisco.com> <53BE3D7E.2090302@bwijnen.net> <35D0B6EE-BEC2-44EB-869B-CBE462FE3CAB@lucidvision.com> <53BE9A98.8020805@cisco.com>
In-Reply-To: <53BE9A98.8020805@cisco.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/mib-doctors/NvvLoAmPq-9p8r9__3Iy94-yqso
Cc: "MIB Doctors (E-mail)" <mib-doctors@ietf.org>, Alissa Cooper <alissa@cooperw.in>, sec-ads@tools.ietf.org, Farrel Adrian <adrian@olddog.co.uk>
Subject: Re: [MIB-DOCTORS] Change the boilerplate - Kathleen'DISCUSS point 2
X-BeenThere: mib-doctors@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: MIB Doctors list <mib-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mib-doctors>, <mailto:mib-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mib-doctors/>
List-Post: <mailto:mib-doctors@ietf.org>
List-Help: <mailto:mib-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mib-doctors>, <mailto:mib-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jul 2014 13:56:01 -0000
On 10/07/14 14:52, Benoit Claise wrote: > Dear all, > > Let's try to address one point at a time, and get closure one by one. > https://datatracker.ietf.org/doc/draft-ietf-eman-energy-aware-mib/ballot/#kathleen-moriarty > > > Kathleen proposes: > OLD: > > "The > support for SET operations in a non-secure environment without proper > protection can have a negative effect on network operations." > > NEW: > > "The > support for SET operations in a non-secure environment without proper > protection can have a negative effect on network operations or leave > cyber physical devices used by individuals, homes, and business > vulnerable to attack." > > > I believe this new proposal makes sense. Does anybody object? s/cyber physical// or replace it with something that does not use the word cyber which is utterly laden with marketing and other BS IMO. (Apologies to those of you who partly make a living from such, which I do understand, but don't have to do:-) I think we should avoid including such non-technical terms in things like this. (Think "cloud":-) S. > > Regards, Benoit > >> On Jul 10, 2014:3:15 AM, at 3:15 AM, Bert Wijnen (IETF) >> <bertietf@bwijnen.net> wrote: >> >>> it is always interesting to see that when we get new ADs that we must >>> rediscuss this whole topic. >> This is precisely one of the things that is broken about the IETF >> these days, if you ask me: the re-re-re-discussion of topics at the >> 11:59th hour of a document's progress through the gauntlet. >> >>> But yes, there are/were implementations/deployments where one uses >>> dedicated (secure) networks >>> for the network management systems, and so that would work under a >>> SHOULD. >> I agree. Not all network operators use a secure management >> network, but many do. >> >>> I do not recall if that was/is the only reason why we agreed on a >>> SHOULD instead of MUST. >> I don't think you can do a MUST here; not everyone uses v3 - in >> fact, I think if you poll implementations you'll find VERY FEW using v3. >> >> --Tom >> >> >> >>> Bert >>> >>> On 09/07/14 17:58, Benoit Claise wrote: >>>> MIB doctors, >>>> >>>> Let me focus the discussion a little bit. >>>> Alissa refers to this sentence in the boilerplate at >>>> http://trac.tools.ietf.org/area/ops/trac/wiki/mib-security >>>> >>>> Implementations SHOULD provide the security features >>>> described by the >>>> SNMPv3 framework (see [RFC3410]), and implementations >>>> claiming compliance >>>> to the SNMPv3 standard MUST include full support for >>>> authentication and >>>> privacy via the User-based Security Model (USM) [RFC3414] >>>> with the AES >>>> cipher algorithm [RFC3826]. >>>> >>>> >>>> Alissa's feedback is: >>>> >>>> It is a little disconcerting that use of SNMPv3 is provided as a >>>> SHOULD-level requirement without discussion of deployment >>>> scenarios and regardless of the sensitivity of the data being >>>> made available by any new MIB. For example, the tradeoffs between >>>> security and utility might be reasonable if (1) I’m using an >>>> older SNMP version on my closed home network to monitor my own >>>> energy use, but not if (2) my ISP is using it to monitor the >>>> same thing. The text quoted above basically endorses unauthorized >>>> energy monitoring if the provider does not support SNMPv3, >>>> whereas it seems like what we would want to be saying is that in >>>> cases like (2) SNMPv3 is required. >>>> >>>> Can one of the old timers (who was part of the discussion) explain >>>> the SHOULD rational? Personally, I can see two use cases in favor >>>> off the SHOULD: an older SNMP version in a closed network, or a >>>> private data communication network dedicated to network management >>>> with special protection out of SNMP (like encrypted tunnel) >>>> >>>> Should we now modify this sentence to say? >>>> >>>> MUST provide the security features described by the >>>> SNMPv3 framework (see [RFC3410]) >>>> >>>> Regards, Benoit >>>> >>>>> MIB doctors, >>>>> >>>>> It seems that the "Security Guidelines for IETF MIB modules" >>>>> receives comment for each MIB module submitted to the IESG. >>>>> Is it time to modify it, or are we redoing the same discussions >>>>> over and over? >>>>> >>>>> Regards, Benoit >>>>> >>>>> >>>>> -------- Original Message -------- >>>>> Subject: Re: Alissa Cooper's Discuss on >>>>> draft-ietf-eman-energy-monitoring-mib-12: (with DISCUSS and COMMENT) >>>>> Date: Tue, 8 Jul 2014 13:02:50 -0700 >>>>> From: Alissa Cooper <alissa@cooperw.in> >>>>> To: Benoit Claise <bclaise@cisco.com>, The IESG <iesg@ietf.org> >>>>> CC: <draft-ietf-eman-energy-monitoring-mib@tools.ietf.org>, >>>>> <eman-chairs@tools.ietf.org> >>>>> >>>>> >>>>> >>>>> Hi Benoit, >>>>> >>>>> On 7/8/14, 1:44 AM, "Benoit Claise" <bclaise@cisco.com >>>>> <mailto:bclaise@cisco.com>> wrote: >>>>> >>>>> Hi Alissa, >>>>> >>>>> Thanks for your review. >>>>>> Alissa Cooper has entered the following ballot position for >>>>>> draft-ietf-eman-energy-monitoring-mib-12: Discuss >>>>>> >>>>>> When responding, please keep the subject line intact and reply >>>>>> to all >>>>>> email addresses included in the To and CC lines. (Feel free to >>>>>> cut this >>>>>> introductory paragraph, however.) >>>>>> >>>>>> >>>>>> Please refer >>>>>> tohttp://www.ietf.org/iesg/statement/discuss-criteria.html >>>>>> for more information about IESG DISCUSS and COMMENT positions. >>>>>> >>>>>> >>>>>> The document, along with other ballot positions, can be found >>>>>> here: >>>>>> >>>>>> http://datatracker.ietf.org/doc/draft-ietf-eman-energy-monitoring-mib/ >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ---------------------------------------------------------------------- >>>>>> >>>>>> DISCUSS: >>>>>> >>>>>> ---------------------------------------------------------------------- >>>>>> >>>>>> >>>>>> Section 11 is missing a discussion of the privacy >>>>>> considerations of >>>>>> energy and power monitoring. I would suggest something along >>>>>> the lines of >>>>>> the following: >>>>>> >>>>>> "In certain situations, energy and power monitoring can reveal >>>>>> sensitive >>>>>> information about individuals' activities and habits. >>>>>> Implementors of >>>>>> this specification should use appropriate privacy protections as >>>>>> discussed in Section 9 of RFC 6988 and monitoring of >>>>>> individuals and >>>>>> homes should only occur with proper authorization." >>>>> Regarding your first sentence, I propose the following text, >>>>> which would be in line with Security Guidelines for IETF MIB >>>>> modules at >>>>> http://trac.tools.ietf.org/area/ops/trac/wiki/mib-security >>>>> >>>>> Some of the readable objects in this MIB module (i.e., >>>>> objects with a >>>>> MAX-ACCESS other than not-accessible) may be considered >>>>> sensitive or >>>>> vulnerable in some network environments. It is thus >>>>> important to >>>>> control even GET and/or NOTIFY access to these objects and >>>>> possibly >>>>> to even encrypt the values of these objects when sending >>>>> them over >>>>> the network via SNMP. These are the tables and objects and >>>>> their >>>>> sensitivity/vulnerability: >>>>> >>>>> Access to the content of the eoPowerStateTable, >>>>> eoEnergyTable, and >>>>> eoACPwrAttributesTable MIB tables can reveal sensitive >>>>> information about individuals' activities and habits >>>>> >>>>> Sounds good to me. >>>>> >>>>> >>>>> Since this document is essentially a MIB module, your last >>>>> sentence is covered by >>>>> >>>>> implementations >>>>> claiming compliance to the SNMPv3 standard MUST >>>>> include full >>>>> support for authentication and privacy via the User-based >>>>> Security Model (USM) [RFC3414 >>>>> <http://tools.ietf.org/html/rfc3414>] with the AES cipher algorithm >>>>> [RFC3826 <http://tools.ietf.org/html/rfc3826>]. >>>>> >>>>> RFC 6988 notes the need for privacy protections for stored data, >>>>> which the above text does not speak to, so I still think a >>>>> reference to RFC 6988 would add value here. >>>>> >>>>> It is a little disconcerting that use of SNMPv3 is provided as a >>>>> SHOULD-level requirement without discussion of deployment >>>>> scenarios and regardless of the sensitivity of the data being made >>>>> available by any new MIB. For example, the tradeoffs between >>>>> security and utility might be reasonable if (1) I’m using an older >>>>> SNMP version on my closed home network to monitor my own energy >>>>> use, but not if (2) my ISP is using it to monitor the same thing. >>>>> The text quoted above basically endorses unauthorized energy >>>>> monitoring if the provider does not support SNMPv3, whereas it >>>>> seems like what we would want to be saying is that in cases like >>>>> (2) SNMPv3 is required. >>>>> >>>>> I understand that this is basically boilerplate language for MIB >>>>> docs, so I’m not sure what can be done, but it seems unfortunate. >>>>> >>>>> Alissa >>>>> >>>>> >>>>> >>>>>> >>>>>> ---------------------------------------------------------------------- >>>>>> >>>>>> COMMENT: >>>>>> >>>>>> ---------------------------------------------------------------------- >>>>>> >>>>>> >>>>>> Section 12.1: >>>>>> "New Assignments (and potential deprecation) to Power State Sets >>>>>> shall be administered by IANA and the guidelines and >>>>>> procedures >>>>>> are specified in [EMAN-FMWK], and will, as a >>>>>> consequence, the >>>>>> IANAPowerStateSet Textual Convention should be updated." >>>>>> >>>>>> Not sure what this sentence means. >>>>> Good catch. >>>>> NEW: >>>>> >>>>> "New Assignments (and potential deprecation) to Power >>>>> State Sets >>>>> shall be administered by IANA and the guidelines and >>>>> procedures >>>>> are specified in [EMAN-FMWK], and will, as a >>>>> consequence, update the >>>>> IANAPowerStateSet Textual Convention." >>>>> >>>>> >>>>> Regards, Benoit (as a document author) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> MIB-DOCTORS mailing list >>>>> MIB-DOCTORS@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/mib-doctors >>>> >>>> >>>> _______________________________________________ >>>> MIB-DOCTORS mailing list >>>> MIB-DOCTORS@ietf.org >>>> https://www.ietf.org/mailman/listinfo/mib-doctors >>>> >>> _______________________________________________ >>> MIB-DOCTORS mailing list >>> MIB-DOCTORS@ietf.org >>> https://www.ietf.org/mailman/listinfo/mib-doctors >>> >
- [MIB-DOCTORS] Fwd: Re: Alissa Cooper's Discuss on… Benoit Claise
- Re: [MIB-DOCTORS] Fwd: Re: Alissa Cooper's Discus… Thomas D. Nadeau
- [MIB-DOCTORS] Change the boilerplate (was: Fwd: R… Benoit Claise
- Re: [MIB-DOCTORS] Change the boilerplate Bert Wijnen (IETF)
- Re: [MIB-DOCTORS] Change the boilerplate Benoit Claise
- Re: [MIB-DOCTORS] Change the boilerplate Bert Wijnen (IETF)
- Re: [MIB-DOCTORS] Change the boilerplate Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] Change the boilerplate Stephen Farrell
- Re: [MIB-DOCTORS] Change the boilerplate Thomas D. Nadeau
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Benoit Claise
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Stephen Farrell
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Benoit Claise
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Kathleen Moriarty
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Juergen Schoenwaelder
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Juergen Schoenwaelder
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Kathleen Moriarty
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Alissa Cooper
- Re: [MIB-DOCTORS] Change the boilerplate David Harrington
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… ietfdbh
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… ietfdbh
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… ietfdbh
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Kathleen Moriarty