Re: [MIB-DOCTORS] Change the boilerplate - Alissa's DISCUSS
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 10 July 2014 15:44 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: mib-doctors@ietfa.amsl.com
Delivered-To: mib-doctors@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 008011A043D for <mib-doctors@ietfa.amsl.com>; Thu, 10 Jul 2014 08:44:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DUg6dWGNhiTf for <mib-doctors@ietfa.amsl.com>; Thu, 10 Jul 2014 08:44:11 -0700 (PDT)
Received: from mail-la0-x230.google.com (mail-la0-x230.google.com [IPv6:2a00:1450:4010:c03::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FB241A0385 for <mib-doctors@ietf.org>; Thu, 10 Jul 2014 08:44:09 -0700 (PDT)
Received: by mail-la0-f48.google.com with SMTP id el20so6388312lab.35 for <mib-doctors@ietf.org>; Thu, 10 Jul 2014 08:44:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=of94juMZpznbVP38Sf6URhvaeS5no/3jUyaEsDzCVVU=; b=hiMt11Rc/mSu/w7xVx7RKebIa75nSLwPEOuGKI5YZ55ZMEJMXCLA9Z03mHsMIAS2FW zHthI+YdIDEbyRidXp6Mm23SAAgKHO640F1ANGFNeNPYp5nwNyhO0ImfkEVPg1iHfppj nQa3qaPRvZJZ6OuWRtfk+unrX2WY1b74qcWYSyeTkV1H4wjga2EZgZ2YRz/iS3D70Tb0 5AD0uPP7Lxf7goB2oe7+vjBj9mQ8AFOVy44CM8UCCrKo54hws97g8MTjewp/HIhRHY+e BjrFEWskmWp+ytI398B21A8i7MZVL2sz7m/fjuMu3xlp+ZCT7ESR++IOKXsb+oZJDp0/ OL7Q==
MIME-Version: 1.0
X-Received: by 10.112.149.200 with SMTP id uc8mr4496227lbb.70.1405007047941; Thu, 10 Jul 2014 08:44:07 -0700 (PDT)
Received: by 10.112.253.198 with HTTP; Thu, 10 Jul 2014 08:44:07 -0700 (PDT)
In-Reply-To: <9904FB1B0159DA42B0B887B7FA8119CA5C83D3FD@AZ-FFEXMB04.global.avaya.com>
References: <CFE17DDA.458C3%alissa@cooperw.in> <53BC5081.6090809@cisco.com> <53BD6690.2040102@cisco.com> <53BE3D7E.2090302@bwijnen.net> <9904FB1B0159DA42B0B887B7FA8119CA5C83CC03@AZ-FFEXMB04.global.avaya.com> <53BE9F74.9080705@cisco.com> <20140710151138.GB90581@elstar.local> <CFE3FCE9.45FFF%alissa@cooperw.in> <9904FB1B0159DA42B0B887B7FA8119CA5C83D3FD@AZ-FFEXMB04.global.avaya.com>
Date: Thu, 10 Jul 2014 11:44:07 -0400
Message-ID: <CAHbuEH541FreYCR-BY1r=bjB0OrOX1aAmDOi5N_ym=t8s45JKw@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
Content-Type: multipart/alternative; boundary="047d7b342d74ffe4a104fdd8b187"
Archived-At: http://mailarchive.ietf.org/arch/msg/mib-doctors/mptfl94DDVZeAPD-lqquXBCZztY
Cc: Alissa Cooper <alissa@cooperw.in>, "sec-ads@tools.ietf.org" <sec-ads@tools.ietf.org>, "MIB Doctors (E-mail)" <mib-doctors@ietf.org>, Adrian Farrel <adrian@olddog.co.uk>
Subject: Re: [MIB-DOCTORS] Change the boilerplate - Alissa's DISCUSS
X-BeenThere: mib-doctors@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: MIB Doctors list <mib-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mib-doctors>, <mailto:mib-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mib-doctors/>
List-Post: <mailto:mib-doctors@ietf.org>
List-Help: <mailto:mib-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mib-doctors>, <mailto:mib-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jul 2014 15:44:14 -0000
On Thu, Jul 10, 2014 at 11:32 AM, Romascanu, Dan (Dan) <dromasca@avaya.com> wrote: > The way I always understood the boilerplate is that it provided a minimal > mandatory text (and thus a minimal set of advice) for the Security > Considerations sections of the MIB documents. Authors can always add > security related content according to the specific of the work, and this is > what authors have done many times. > > OK, I think the problem we ran into this time is that three drafts have additional considerations that are not covered in the template. In my discuss, I suggested an optional section to be included and was trying some other security considerations to tie it into Alissa's text for IoT, for both privacy and security. I appreciate the addition of text in the template discussed in another thread. Thanks, Kathleen > Regards, > > Dan > > > > -----Original Message----- > > From: Alissa Cooper [mailto:alissa@cooperw.in] > > Sent: Thursday, July 10, 2014 6:28 PM > > To: Juergen Schoenwaelder; Benoit Claise > > Cc: Romascanu, Dan (Dan); Bert Wijnen (IETF); MIB Doctors (E-mail); > Adrian > > Farrel; sec-ads@tools.ietf.org > > Subject: Re: [MIB-DOCTORS] Change the boilerplate - Alissa's DISCUSS > > > > Perhaps rather than re-discussing the boilerplate, we could discuss what > the > > purpose of the boilerplate is. > > > > If the purpose of the boilerplate is to provide text that authors can > look at > > and say, “yes, in the case of this document, the boilerplate fully > covers the > > security considerations of the MIB being specified,” then I think it’s a > great > > thing to have. If the purpose of the boilerplate is to keep any > additional > > security consideration not covered in the boilerplate from being > addressed in > > a MIB document, then it seems overly constricting. > > > > Security considerations change over time. I’m assuming that home/device > > energy monitoring wasn’t really top of mind when SNMP was developed or > > when the boilerplate was originally written. So it’s not surprising that > new > > security issues are arising that aren’t addressed within the > boilerplate. If the > > boilerplate were just a suggestion of text and not a limitation on what > can be > > documented, we could accommodate the changing times fairly easily. > > > > In my original DISCUSS, all I suggested was text that could be provided > in > > addition to the boilerplate: > > > > "In certain situations, energy and power monitoring can reveal sensitive > > information about individuals' activities and habits. Implementors of > this > > specification should use appropriate privacy protections as discussed in > > Section 9 of RFC 6988 and monitoring of individuals and homes should only > > occur with proper authorization.” > > > > I have not had time to look at Stephen’s comments but I agree with him > and > > Bert that adding a special section or extra text to discuss privacy > concerns in > > the IoT-related documents is the right way to go. > > > > Alissa > > > > > > On 7/10/14, 8:11 AM, "Juergen Schoenwaelder" > > <j.schoenwaelder@jacobs-university.de> wrote: > > > > >On Thu, Jul 10, 2014 at 04:13:08PM +0200, Benoit Claise wrote: > > >> Dear all, > > >> > > >> The email below refers to Alissa's DISCUSS See > > >> > > >>http://datatracker.ietf.org/doc/draft-ietf-eman-energy-monitoring-mib/ > > >>bal > > >>lot/#alissa-cooper > > >> > > >> Alissa refers to this sentence in the boilerplate at > > >> http://trac.tools.ietf.org/area/ops/trac/wiki/mib-security > > >> > > >> Implementations SHOULD provide the security features > > >> described by the > > >> SNMPv3 framework (see [RFC3410]), and implementations > > >> claiming compliance > > >> to the SNMPv3 standard MUST include full support for > > >> authentication and > > >> privacy via the User-based Security Model (USM) [RFC3414] > > >> with the AES > > >> cipher algorithm [RFC3826]. > > >> > > >> From the discussion (Dan andBert's feedback, on top of mine) , it > > >> seems that there are valid reasons to keep a SHOULD here in the > > >> generic boilerplate. > > >> > > >> So what next? > > >> - Should we justify the reasons in the boiler plate > > >> - Should we give some freedom in the boilerplate? > > >> > > >> Implementations SHOULD provide the security features > > >> described by the > > >> SNMPv3 framework (see [RFC3410]), and implementations > > >> claiming compliance > > >> to the SNMPv3 standard MUST include full support for > > >> authentication and > > >> privacy via the User-based Security Model (USM) [RFC3414] > > >> with the AES > > >> cipher algorithm [RFC3826]. > > >> > > >> <if there are use cases where a MUST is required, described > > >> them here> > > >> > > >> Now, I hope it will not be abused by Security ADs, requesting a > > >> MUST for every single MIB module. > > >> - Something else? > > >> - Stop writing MIB modules :-) > > >> > > > > > >Do nothing, re-discuss this every other year. ;-) > > > > > >/js > > > > > >-- > > >Juergen Schoenwaelder Jacobs University Bremen gGmbH > > >Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany > > >Fax: +49 421 200 3103 <http://www.jacobs-university.de/> > > > > -- Best regards, Kathleen
- [MIB-DOCTORS] Fwd: Re: Alissa Cooper's Discuss on… Benoit Claise
- Re: [MIB-DOCTORS] Fwd: Re: Alissa Cooper's Discus… Thomas D. Nadeau
- [MIB-DOCTORS] Change the boilerplate (was: Fwd: R… Benoit Claise
- Re: [MIB-DOCTORS] Change the boilerplate Bert Wijnen (IETF)
- Re: [MIB-DOCTORS] Change the boilerplate Benoit Claise
- Re: [MIB-DOCTORS] Change the boilerplate Bert Wijnen (IETF)
- Re: [MIB-DOCTORS] Change the boilerplate Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] Change the boilerplate Stephen Farrell
- Re: [MIB-DOCTORS] Change the boilerplate Thomas D. Nadeau
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Benoit Claise
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Stephen Farrell
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Benoit Claise
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Kathleen Moriarty
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Juergen Schoenwaelder
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Juergen Schoenwaelder
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Kathleen Moriarty
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… Alissa Cooper
- Re: [MIB-DOCTORS] Change the boilerplate David Harrington
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… ietfdbh
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… ietfdbh
- Re: [MIB-DOCTORS] Change the boilerplate - Alissa… ietfdbh
- Re: [MIB-DOCTORS] Change the boilerplate - Kathle… Kathleen Moriarty