Re: [secdir] SECDIR review: draft-ietf-ipfix-mib-08
"Thomas Dietz" <Thomas.Dietz@nw.neclab.eu> Wed, 02 December 2009 15:31 UTC
Return-Path: <Thomas.Dietz@nw.neclab.eu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D574828C1F2; Wed, 2 Dec 2009 07:31:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.705
X-Spam-Level:
X-Spam-Status: No, score=-1.705 tagged_above=-999 required=5 tests=[AWL=0.594, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ticxuVW1hjWv; Wed, 2 Dec 2009 07:31:32 -0800 (PST)
Received: from smtp0.neclab.eu (smtp0.neclab.eu [195.37.70.41]) by core3.amsl.com (Postfix) with ESMTP id C2F5228C1EC; Wed, 2 Dec 2009 07:31:31 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp0.neclab.eu (Postfix) with ESMTP id C20DB2C00C525; Wed, 2 Dec 2009 16:31:23 +0100 (CET)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (atlas2.office)
Received: from smtp0.neclab.eu ([127.0.0.1]) by localhost (atlas2.office [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vcbzstNM7gb7; Wed, 2 Dec 2009 16:31:23 +0100 (CET)
Received: from VENUS.office (mx1.office [192.168.24.3]) by smtp0.neclab.eu (Postfix) with ESMTP id 886CC2C01D45F; Wed, 2 Dec 2009 16:30:48 +0100 (CET)
Content-class: urn:content-classes:message
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Wed, 02 Dec 2009 16:30:47 +0100
Content-Type: multipart/signed; boundary="----=_NextPart_000_023E_01CA736C.CD6B3D60"; protocol="application/x-pkcs7-signature"; micalg="SHA1"
Message-ID: <547F018265F92642B577B986577D671CF6707E@VENUS.office>
In-Reply-To: <56A9F347-A2C5-41BA-B9AB-03647388ED02@apple.com>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: SECDIR review: draft-ietf-ipfix-mib-08
Thread-Index: AcpzHyyNuD/UrAauRHWctjo88F+DNwARLNbw
References: <56A9F347-A2C5-41BA-B9AB-03647388ED02@apple.com>
From: Thomas Dietz <Thomas.Dietz@nw.neclab.eu>
To: Love Hörnquist Åstrand <lha@apple.com>, muenz@net.in.tum.de, bclaise@cisco.com, akoba@nttv6.net
X-Mailman-Approved-At: Thu, 03 Dec 2009 01:49:46 -0800
Cc: ipfix-chairs@tools.ietf.org, IESG - <iesg@ietf.org>, Security-Directorat Directorat <secdir@ietf.org>
Subject: Re: [secdir] SECDIR review: draft-ietf-ipfix-mib-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2009 15:31:36 -0000
Dear Love, thank you for your review of our draft. Unfortunately I do not get your point. The ipfixSelectionProcessTable is well defined in the IPFIX MIB. We don't see any security implications in exposing the objects defined within this table. They should not contain any sensitive data. Thus, we did not explicitly mention this table in the security consideration section. Could you please explain your concern in greater detail? Best Regards, Thomas -- Thomas Dietz E-mail: Thomas.Dietz@nw.neclab.eu NEC Europe Ltd. Phone: +49 6221 4342-128 NEC Laboratories Europe Fax: +49 6221 4342-155 Network Research Division Kurfuersten-Anlage 36 69115 Heidelberg, Germany http://www.nw.neclab.eu NEC Europe Limited Registered in England 2832014 Registered Office: NEC House, 1 Victoria Road, London W3 6BL > -----Original Message----- > From: Love Hörnquist Åstrand [mailto:lha@apple.com] > Sent: Mittwoch, 2. Dezember 2009 08:07 > To: muenz@net.in.tum.de; bclaise@cisco.com; akoba@nttv6.net; Thomas > Dietz > Cc: IESG -; Security-Directorat Directorat; ipfix-chairs@tools.ietf.org > Subject: SECDIR review: draft-ietf-ipfix-mib-08 > > Hello all, > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > ipfixSelectionProcessTable is left undefined, so it could possibly > contain parameters that should not be exposed. > > Other then that I didn't find any problems. > > Love >
- [secdir] SECDIR review: draft-ietf-ipfix-mib-08 Love Hörnquist Åstrand
- Re: [secdir] SECDIR review: draft-ietf-ipfix-mib-… Thomas Dietz
- Re: [secdir] SECDIR review: draft-ietf-ipfix-mib-… Love Hörnquist Åstrand