IETF Logo Mail Archive

Re: [MIB-DOCTORS] Change the boilerplate

"David Harrington" <dbharrington@comcast.net> Fri, 11 July 2014 03:25 UTC

Return-Path: <dbharrington@comcast.net>
X-Original-To: mib-doctors@ietfa.amsl.com
Delivered-To: mib-doctors@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 237071A0370 for <mib-doctors@ietfa.amsl.com>; Thu, 10 Jul 2014 20:25:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.651
X-Spam-Level:
X-Spam-Status: No, score=-2.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JkWyV1vHXdOE for <mib-doctors@ietfa.amsl.com>; Thu, 10 Jul 2014 20:25:07 -0700 (PDT)
Received: from qmta13.westchester.pa.mail.comcast.net (qmta13.westchester.pa.mail.comcast.net [IPv6:2001:558:fe14:44:76:96:59:243]) by ietfa.amsl.com (Postfix) with ESMTP id 1D4021A0240 for <mib-doctors@ietf.org>; Thu, 10 Jul 2014 20:25:06 -0700 (PDT)
Received: from omta20.westchester.pa.mail.comcast.net ([76.96.62.71]) by qmta13.westchester.pa.mail.comcast.net with comcast id QrMR1o0021YDfWL5DrR6Pc; Fri, 11 Jul 2014 03:25:06 +0000
Received: from JV6RVH1 ([67.189.237.137]) by omta20.westchester.pa.mail.comcast.net with comcast id QrR51o00W2yZEBF3grR55w; Fri, 11 Jul 2014 03:25:06 +0000
From: David Harrington <dbharrington@comcast.net>
To: "'Bert Wijnen (IETF)'" <bertietf@bwijnen.net>, 'Benoit Claise' <bclaise@cisco.com>, "'MIB Doctors (E-mail)'" <mib-doctors@ietf.org>
References: <CFE17DDA.458C3%alissa@cooperw.in> <53BC5081.6090809@cisco.com> <53BD6690.2040102@cisco.com> <53BE3D7E.2090302@bwijnen.net>
In-Reply-To: <53BE3D7E.2090302@bwijnen.net>
Date: Thu, 10 Jul 2014 23:25:04 -0400
Message-ID: <03b401cf9cb7$b534ac30$1f9e0490$@comcast.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFl8rZKGe1/GoUrOyAIbnSi/UNwbgJVJfCQAeLZGl0Bnx6yJJw+zwRg
Content-Language: en-us
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1405049106; bh=Vt39HRCA9s6pJrm6PWj1YRse4pk03APUx7XySG3rh+w=; h=Received:Received:From:To:Subject:Date:Message-ID:MIME-Version: Content-Type; b=UC0l1wSxo+lfVBVsxBpQtBLhwEz742IhnUK5xnRl+BR+KPxJ5V19BRYaZcR8uvlT2 eh53L+di2RgGU69QPB36CkXSSEHc5ynX53fas+sn7YMdBHVEyIuxlzIKpStOQpohP6 TMQTcSra5YKz2pLyJHrnWWacrhKOprDQ+KXcqzXDQGrKy06sauQm+Wjry7j8P5PaZM BHYDDfLo2LBoy+SCAy9Gaw34EDPzpw2junIM/Em+jcErF1nBwIXlj2iAmLUCEh7abu szLzPCyt09SQncLML0/T258gRv72o3HMWqZexRCdQetmU0YsM2vDPCjJajMIP2+sQf h70MWm37uR84w==
Archived-At: http://mailarchive.ietf.org/arch/msg/mib-doctors/bzsPF_Ri9XH2AbeuYWW1qUdsJ7o
Cc: 'Adrian Farrel' <adrian@olddog.co.uk>, 'Alissa Cooper' <alissa@cooperw.in>
Subject: Re: [MIB-DOCTORS] Change the boilerplate
X-BeenThere: mib-doctors@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: MIB Doctors list <mib-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mib-doctors>, <mailto:mib-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mib-doctors/>
List-Post: <mailto:mib-doctors@ietf.org>
List-Help: <mailto:mib-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mib-doctors>, <mailto:mib-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jul 2014 03:25:10 -0000

The design of IETF management is that the data models are separate from the
protocols that carry the data.
This is based on the precedent set by RFC1052, where the IAB made the
deliberate decision to separate them so that the temporary simple protocol
SNMP could be replaced by the more full-featured CMIP when it was ready.

A MIB module might be used with SNMPv3 (the recommended approach), or
SNMPv1/v2 (for secure networks, or at the administrator's discretion for
other reasons).
A MIB module might be used with a newer version of SNMP, such as SNMPv4,
should we ever choose to develop a later version.
A MIB module might also be used with other protocols, such as IPFIX or
Netconf or protocols standardized by other SDOs, and so on, when
appropriate.
A MIB module might also be used with other protocols, such as a proprietary
protocol used within a closed network.
So SHOULD is appropriate. 

David Harrington
dbharrington@comcast.net
+1-603-828-1401
> -----Original Message-----
> From: MIB-DOCTORS [mailto:mib-doctors-bounces@ietf.org] On Behalf Of
> Bert Wijnen (IETF)
> Sent: Thursday, July 10, 2014 3:15 AM
> To: Benoit Claise; MIB Doctors (E-mail)
> Cc: Adrian Farrel; 'Alissa Cooper'
> Subject: Re: [MIB-DOCTORS] Change the boilerplate
> 
> it is always interesting to see that when we get new ADs that we must
> rediscuss this whole topic.
> 
> But yes, there are/were implementations/deployments where one uses
> dedicated (secure) networks
> for the network management systems, and so that would work under a
> SHOULD.
> 
> I do not recall if that was/is the only reason why we agreed on a SHOULD
> instead of MUST.
> 
> Bert
> 
> On 09/07/14 17:58, Benoit Claise wrote:
> > MIB doctors,
> >
> > Let me focus the discussion a little bit.
> > Alissa refers to this sentence in the boilerplate at
> http://trac.tools.ietf.org/area/ops/trac/wiki/mib-security
> >
> >         Implementations SHOULD provide the security features described
by
> the
> >         SNMPv3 framework (see [RFC3410]), and implementations claiming
> compliance
> >         to the SNMPv3 standard MUST include full support for
authentication
> and
> >         privacy via the User-based Security Model (USM) [RFC3414] with
the
> AES
> >         cipher algorithm [RFC3826].
> >
> >
> > Alissa's feedback is:
> >
> >     It is a little disconcerting that use of SNMPv3 is provided as a
SHOULD-
> level requirement without discussion of deployment
> >     scenarios and regardless of the sensitivity of the data being made
> available by any new MIB. For example, the tradeoffs between
> >     security and utility might be reasonable if (1) I'm using an older
SNMP
> version on my closed home network to monitor my own
> >     energy use, but not if (2) my ISP is using it to monitor the same
thing. The
> text quoted above basically  endorses unauthorized
> >     energy monitoring if the provider does not support SNMPv3, whereas
it
> seems like what we would want to be saying is that in
> >     cases like (2) SNMPv3 is required.
> >
> > Can one of the old timers (who was part of the discussion) explain the
> SHOULD rational? Personally, I can see two use cases in favor
> > off the SHOULD: an older SNMP version in a closed network,  or a private
> data communication network dedicated to network management
> > with special protection out of SNMP (like encrypted tunnel)
> >
> > Should we now modify this sentence to say?
> >
> >     MUST provide the security features described by the
> >     SNMPv3 framework (see [RFC3410])
> >
> > Regards, Benoit
> >
> >> MIB doctors,
> >>
> >> It seems that the "Security Guidelines for IETF MIB modules" receives
> comment for each MIB module submitted to the IESG.
> >> Is it time to modify it, or are we redoing the same discussions over
and
> over?
> >>
> >> Regards, Benoit
> >>
> >>
> >> -------- Original Message --------
> >> Subject: 	Re: Alissa Cooper's Discuss on draft-ietf-eman-energy-
> monitoring-mib-12: (with DISCUSS and COMMENT)
> >> Date: 	Tue, 8 Jul 2014 13:02:50 -0700
> >> From: 	Alissa Cooper <alissa@cooperw.in>
> >> To: 	Benoit Claise <bclaise@cisco.com>, The IESG <iesg@ietf.org>
> >> CC: 	<draft-ietf-eman-energy-monitoring-mib@tools.ietf.org>,
<eman-
> chairs@tools.ietf.org>
> >>
> >>
> >>
> >> Hi Benoit,
> >>
> >> On 7/8/14, 1:44 AM, "Benoit Claise" <bclaise@cisco.com
> <mailto:bclaise@cisco.com>> wrote:
> >>
> >>     Hi Alissa,
> >>
> >>     Thanks for your review.
> >>>     Alissa Cooper has entered the following ballot position for
> >>>     draft-ietf-eman-energy-monitoring-mib-12: Discuss
> >>>
> >>>     When responding, please keep the subject line intact and reply to
all
> >>>     email addresses included in the To and CC lines. (Feel free to cut
this
> >>>     introductory paragraph, however.)
> >>>
> >>>
> >>>     Please refer tohttp://www.ietf.org/iesg/statement/discuss-
> criteria.html
> >>>     for more information about IESG DISCUSS and COMMENT positions.
> >>>
> >>>
> >>>     The document, along with other ballot positions, can be found
here:
> >>>     http://datatracker.ietf.org/doc/draft-ietf-eman-energy-monitoring-
> mib/
> >>>
> >>>
> >>>
> >>>
----------------------------------------------------------------------
> >>>     DISCUSS:
> >>>
----------------------------------------------------------------------
> >>>
> >>>     Section 11 is missing a discussion of the privacy considerations
of
> >>>     energy and power monitoring. I would suggest something along the
> lines of
> >>>     the following:
> >>>
> >>>     "In certain situations, energy and power monitoring can reveal
> sensitive
> >>>     information about individuals' activities and habits. Implementors
of
> >>>     this specification should use appropriate privacy protections as
> >>>     discussed in Section 9 of RFC 6988 and monitoring of individuals
and
> >>>     homes should only occur with proper authorization."
> >>
> >>     Regarding your first sentence, I propose the following text, which
would
> be in line with Security Guidelines for IETF MIB
> >>     modules at
http://trac.tools.ietf.org/area/ops/trac/wiki/mib-security
> >>
> >>         Some of the readable objects in this MIB module (i.e., objects
with a
> >>         MAX-ACCESS other than not-accessible) may be considered
sensitive
> or
> >>         vulnerable in some network environments.  It is thus important
to
> >>         control even GET and/or NOTIFY access to these objects and
possibly
> >>         to even encrypt the values of these objects when sending them
over
> >>         the network via SNMP.  These are the tables and objects and
their
> >>         sensitivity/vulnerability:
> >>
> >>         Access to the content of the eoPowerStateTable, eoEnergyTable,
and
> >>         eoACPwrAttributesTable MIB tables can reveal sensitive
> >>         information about individuals' activities and habits
> >>
> >> Sounds good to me.
> >>
> >>
> >>     Since this document is essentially a MIB module, your last sentence
is
> covered by
> >>
> >>              implementations
> >>              claiming compliance to the SNMPv3 standard MUST include
full
> >>              support for authentication and privacy via the User-based
> >>              Security Model (USM) [RFC3414
> <http://tools.ietf.org/html/rfc3414>] with the AES cipher algorithm
> >>              [RFC3826  <http://tools.ietf.org/html/rfc3826>].
> >>
> >> RFC 6988 notes the need for privacy protections for stored data, which
> the above text does not speak to, so I still think a
> >> reference to RFC 6988 would add value here.
> >>
> >> It is a little disconcerting that use of SNMPv3 is provided as a
SHOULD-
> level requirement without discussion of deployment
> >> scenarios and regardless of the sensitivity of the data being made
> available by any new MIB. For example, the tradeoffs between
> >> security and utility might be reasonable if (1) I'm using an older SNMP
> version on my closed home network to monitor my own energy
> >> use, but not if (2) my ISP is using it to monitor the same thing. The
text
> quoted above basically  endorses unauthorized energy
> >> monitoring if the provider does not support SNMPv3, whereas it seems
> like what we would want to be saying is that in cases like
> >> (2) SNMPv3 is required.
> >>
> >> I understand that this is basically boilerplate language for MIB docs,
so I'm
> not sure what can be done, but it seems unfortunate.
> >>
> >> Alissa
> >>
> >>
> >>
> >>>
----------------------------------------------------------------------
> >>>     COMMENT:
> >>>
----------------------------------------------------------------------
> >>>
> >>>     Section 12.1:
> >>>     "New Assignments (and potential deprecation) to Power State Sets
> >>>              shall be administered by IANA and the guidelines and
procedures
> >>>              are specified in [EMAN-FMWK], and will, as a consequence,
the
> >>>              IANAPowerStateSet Textual Convention should be updated."
> >>>
> >>>     Not sure what this sentence means.
> >>     Good catch.
> >>     NEW:
> >>
> >>              "New Assignments (and potential deprecation) to Power
State Sets
> >>              shall be administered by IANA and the guidelines and
procedures
> >>              are specified in [EMAN-FMWK], and will, as a consequence,
update
> the
> >>              IANAPowerStateSet Textual Convention."
> >>
> >>
> >>     Regards, Benoit (as a document author)
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> MIB-DOCTORS mailing list
> >> MIB-DOCTORS@ietf.org
> >> https://www.ietf.org/mailman/listinfo/mib-doctors
> >
> >
> >
> > _______________________________________________
> > MIB-DOCTORS mailing list
> > MIB-DOCTORS@ietf.org
> > https://www.ietf.org/mailman/listinfo/mib-doctors
> >
> 
> _______________________________________________
> MIB-DOCTORS mailing list
> MIB-DOCTORS@ietf.org
> https://www.ietf.org/mailman/listinfo/mib-doctors

v2.23.0 | Report a Bug | By Email