IETF Logo Mail Archive

Re: [MIB-DOCTORS] Change the boilerplate

Benoit Claise <bclaise@cisco.com> Thu, 10 July 2014 07:26 UTC

Return-Path: <bclaise@cisco.com>
X-Original-To: mib-doctors@ietfa.amsl.com
Delivered-To: mib-doctors@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F268E1A02E7 for <mib-doctors@ietfa.amsl.com>; Thu, 10 Jul 2014 00:26:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.152
X-Spam-Level:
X-Spam-Status: No, score=-15.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DH5xvXcE_w5N for <mib-doctors@ietfa.amsl.com>; Thu, 10 Jul 2014 00:26:20 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AD9D1A0114 for <mib-doctors@ietf.org>; Thu, 10 Jul 2014 00:26:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9160; q=dns/txt; s=iport; t=1404977187; x=1406186787; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=epW7l0vvv6rZas7MjzlNU7bXNT9pVavdo3JnLlHQbL4=; b=D65pRyf9PqPVLiD+iFrBCvKvy9Lh2APvTez3Zw0MnJWIPkMDQtfT0aPe YO7BOn8ocShX60t7AWgwt/5ZACiB9rVYdtTb7rVBLdAWD2rikyV0tGjiT K93mLJFE5d/HGcxRlFaPuyz9PbxwV88Cqy8ereMWYEGXpaB5Wq99XMk1B s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjkJAKU/vlOtJssW/2dsb2JhbABZg2C/dwoJhzYBgR11hAMBAQEDAQEBAS8BBTYKAQUHBAsRAwECAQkWCAcJAwIBAgEVHwkIBgEMAQUCAQEFiDEIDcdWF45aBhEBAiwiBwaEPQEEmniBSIVHjH+DRTsvgQs
X-IronPort-AV: E=Sophos;i="5.01,636,1400025600"; d="scan'208";a="103017424"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP; 10 Jul 2014 07:26:24 +0000
Received: from [10.60.67.84] (ams-bclaise-8913.cisco.com [10.60.67.84]) by aer-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id s6A7QGsV007823; Thu, 10 Jul 2014 07:26:17 GMT
Message-ID: <53BE4018.8030402@cisco.com>
Date: Thu, 10 Jul 2014 09:26:16 +0200
From: Benoit Claise <bclaise@cisco.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: "Bert Wijnen (IETF)" <bertietf@bwijnen.net>, "MIB Doctors (E-mail)" <mib-doctors@ietf.org>
References: <CFE17DDA.458C3%alissa@cooperw.in> <53BC5081.6090809@cisco.com> <53BD6690.2040102@cisco.com> <53BE3D7E.2090302@bwijnen.net>
In-Reply-To: <53BE3D7E.2090302@bwijnen.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/mib-doctors/ivf3sSx9E2mL4xgy8omgX6sTtD4
Cc: Adrian Farrel <adrian@olddog.co.uk>, 'Alissa Cooper' <alissa@cooperw.in>, sec-ads@tools.ietf.org
Subject: Re: [MIB-DOCTORS] Change the boilerplate
X-BeenThere: mib-doctors@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: MIB Doctors list <mib-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mib-doctors>, <mailto:mib-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mib-doctors/>
List-Post: <mailto:mib-doctors@ietf.org>
List-Help: <mailto:mib-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mib-doctors>, <mailto:mib-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jul 2014 07:26:22 -0000

> it is always interesting to see that when we get new ADs that we must 
> rediscuss this whole topic.
Wait, there is more, two DISCUSSes from Kathleen regarding the 
boilerplate (copied the Security ADs):
http://datatracker.ietf.org/doc/draft-ietf-eman-battery-mib/ballot/#kathleen-moriarty
http://datatracker.ietf.org/doc/draft-ietf-eman-energy-aware-mib/ballot/#kathleen-moriarty

I would like to hear first from you guys before providing my opinion.

Regards, Benoit
>
> But yes, there are/were implementations/deployments where one uses 
> dedicated (secure) networks
> for the network management systems, and so that would work under a 
> SHOULD.
>
> I do not recall if that was/is the only reason why we agreed on a 
> SHOULD instead of MUST.
>
> Bert
>
> On 09/07/14 17:58, Benoit Claise wrote:
>> MIB doctors,
>>
>> Let me focus the discussion a little bit.
>> Alissa refers to this sentence in the boilerplate at 
>> http://trac.tools.ietf.org/area/ops/trac/wiki/mib-security
>>
>>         Implementations SHOULD provide the security features 
>> described by the
>>         SNMPv3 framework (see [RFC3410]), and implementations 
>> claiming compliance
>>         to the SNMPv3 standard MUST include full support for 
>> authentication and
>>         privacy via the User-based Security Model (USM) [RFC3414] 
>> with the AES
>>         cipher algorithm [RFC3826].
>>
>>
>> Alissa's feedback is:
>>
>>     It is a little disconcerting that use of SNMPv3 is provided as a 
>> SHOULD-level requirement without discussion of deployment
>>     scenarios and regardless of the sensitivity of the data being 
>> made available by any new MIB. For example, the tradeoffs between
>>     security and utility might be reasonable if (1) I’m using an 
>> older SNMP version on my closed home network to monitor my own
>>     energy use, but not if (2) my ISP is using it to monitor the same 
>> thing. The text quoted above basically  endorses unauthorized
>>     energy monitoring if the provider does not support SNMPv3, 
>> whereas it seems like what we would want to be saying is that in
>>     cases like (2) SNMPv3 is required.
>>
>> Can one of the old timers (who was part of the discussion) explain 
>> the SHOULD rational? Personally, I can see two use cases in favor
>> off the SHOULD: an older SNMP version in a closed network,  or a 
>> private data communication network dedicated to network management
>> with special protection out of SNMP (like encrypted tunnel)
>>
>> Should we now modify this sentence to say?
>>
>>     MUST provide the security features described by the
>>     SNMPv3 framework (see [RFC3410])
>>
>> Regards, Benoit
>>
>>> MIB doctors,
>>>
>>> It seems that the "Security Guidelines for IETF MIB modules" 
>>> receives comment for each MIB module submitted to the IESG.
>>> Is it time to modify it, or are we redoing the same discussions over 
>>> and over?
>>>
>>> Regards, Benoit
>>>
>>>
>>> -------- Original Message --------
>>> Subject:     Re: Alissa Cooper's Discuss on 
>>> draft-ietf-eman-energy-monitoring-mib-12: (with DISCUSS and COMMENT)
>>> Date:     Tue, 8 Jul 2014 13:02:50 -0700
>>> From:     Alissa Cooper <alissa@cooperw.in>
>>> To:     Benoit Claise <bclaise@cisco.com>, The IESG <iesg@ietf.org>
>>> CC: <draft-ietf-eman-energy-monitoring-mib@tools.ietf.org>, 
>>> <eman-chairs@tools.ietf.org>
>>>
>>>
>>>
>>> Hi Benoit,
>>>
>>> On 7/8/14, 1:44 AM, "Benoit Claise" <bclaise@cisco.com 
>>> <mailto:bclaise@cisco.com>> wrote:
>>>
>>>     Hi Alissa,
>>>
>>>     Thanks for your review.
>>>>     Alissa Cooper has entered the following ballot position for
>>>>     draft-ietf-eman-energy-monitoring-mib-12: Discuss
>>>>
>>>>     When responding, please keep the subject line intact and reply 
>>>> to all
>>>>     email addresses included in the To and CC lines. (Feel free to 
>>>> cut this
>>>>     introductory paragraph, however.)
>>>>
>>>>
>>>>     Please refer 
>>>> tohttp://www.ietf.org/iesg/statement/discuss-criteria.html
>>>>     for more information about IESG DISCUSS and COMMENT positions.
>>>>
>>>>
>>>>     The document, along with other ballot positions, can be found 
>>>> here:
>>>> http://datatracker.ietf.org/doc/draft-ietf-eman-energy-monitoring-mib/
>>>>
>>>>
>>>>
>>>> ----------------------------------------------------------------------
>>>>     DISCUSS:
>>>> ----------------------------------------------------------------------
>>>>
>>>>     Section 11 is missing a discussion of the privacy 
>>>> considerations of
>>>>     energy and power monitoring. I would suggest something along 
>>>> the lines of
>>>>     the following:
>>>>
>>>>     "In certain situations, energy and power monitoring can reveal 
>>>> sensitive
>>>>     information about individuals' activities and habits. 
>>>> Implementors of
>>>>     this specification should use appropriate privacy protections as
>>>>     discussed in Section 9 of RFC 6988 and monitoring of 
>>>> individuals and
>>>>     homes should only occur with proper authorization."
>>>
>>>     Regarding your first sentence, I propose the following text, 
>>> which would be in line with Security Guidelines for IETF MIB
>>>     modules at 
>>> http://trac.tools.ietf.org/area/ops/trac/wiki/mib-security
>>>
>>>         Some of the readable objects in this MIB module (i.e., 
>>> objects with a
>>>         MAX-ACCESS other than not-accessible) may be considered 
>>> sensitive or
>>>         vulnerable in some network environments.  It is thus 
>>> important to
>>>         control even GET and/or NOTIFY access to these objects and 
>>> possibly
>>>         to even encrypt the values of these objects when sending 
>>> them over
>>>         the network via SNMP.  These are the tables and objects and 
>>> their
>>>         sensitivity/vulnerability:
>>>
>>>         Access to the content of the eoPowerStateTable, 
>>> eoEnergyTable, and
>>>         eoACPwrAttributesTable MIB tables can reveal sensitive
>>>         information about individuals' activities and habits
>>>
>>> Sounds good to me.
>>>
>>>
>>>     Since this document is essentially a MIB module, your last 
>>> sentence is covered by
>>>
>>>              implementations
>>>              claiming compliance to the SNMPv3 standard MUST include 
>>> full
>>>              support for authentication and privacy via the User-based
>>>              Security Model (USM) [RFC3414 
>>> <http://tools.ietf.org/html/rfc3414>] with the AES cipher algorithm
>>>              [RFC3826 <http://tools.ietf.org/html/rfc3826>].
>>>
>>> RFC 6988 notes the need for privacy protections for stored data, 
>>> which the above text does not speak to, so I still think a
>>> reference to RFC 6988 would add value here.
>>>
>>> It is a little disconcerting that use of SNMPv3 is provided as a 
>>> SHOULD-level requirement without discussion of deployment
>>> scenarios and regardless of the sensitivity of the data being made 
>>> available by any new MIB. For example, the tradeoffs between
>>> security and utility might be reasonable if (1) I’m using an older 
>>> SNMP version on my closed home network to monitor my own energy
>>> use, but not if (2) my ISP is using it to monitor the same thing. 
>>> The text quoted above basically  endorses unauthorized energy
>>> monitoring if the provider does not support SNMPv3, whereas it seems 
>>> like what we would want to be saying is that in cases like
>>> (2) SNMPv3 is required.
>>>
>>> I understand that this is basically boilerplate language for MIB 
>>> docs, so I’m not sure what can be done, but it seems unfortunate.
>>>
>>> Alissa
>>>
>>>
>>>
>>>> ----------------------------------------------------------------------
>>>>     COMMENT:
>>>> ----------------------------------------------------------------------
>>>>
>>>>     Section 12.1:
>>>>     "New Assignments (and potential deprecation) to Power State Sets
>>>>              shall be administered by IANA and the guidelines and 
>>>> procedures
>>>>              are specified in [EMAN-FMWK], and will, as a 
>>>> consequence, the
>>>>              IANAPowerStateSet Textual Convention should be updated."
>>>>
>>>>     Not sure what this sentence means.
>>>     Good catch.
>>>     NEW:
>>>
>>>              "New Assignments (and potential deprecation) to Power 
>>> State Sets
>>>              shall be administered by IANA and the guidelines and 
>>> procedures
>>>              are specified in [EMAN-FMWK], and will, as a 
>>> consequence, update the
>>>              IANAPowerStateSet Textual Convention."
>>>
>>>
>>>     Regards, Benoit (as a document author)
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> MIB-DOCTORS mailing list
>>> MIB-DOCTORS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/mib-doctors
>>
>>
>>
>> _______________________________________________
>> MIB-DOCTORS mailing list
>> MIB-DOCTORS@ietf.org
>> https://www.ietf.org/mailman/listinfo/mib-doctors
>>
> .
>

v2.23.0 | Report a Bug | By Email