Re: [secdir] SECDIR review: draft-ietf-ipfix-mib-08

"Thomas Dietz" <Thomas.Dietz@nw.neclab.eu> Wed, 02 December 2009 15:31 UTC

Return-Path: <Thomas.Dietz@nw.neclab.eu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D574828C1F2; Wed, 2 Dec 2009 07:31:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.705
X-Spam-Level:
X-Spam-Status: No, score=-1.705 tagged_above=-999 required=5 tests=[AWL=0.594, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ticxuVW1hjWv; Wed, 2 Dec 2009 07:31:32 -0800 (PST)
Received: from smtp0.neclab.eu (smtp0.neclab.eu [195.37.70.41]) by core3.amsl.com (Postfix) with ESMTP id C2F5228C1EC; Wed, 2 Dec 2009 07:31:31 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp0.neclab.eu (Postfix) with ESMTP id C20DB2C00C525; Wed, 2 Dec 2009 16:31:23 +0100 (CET)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (atlas2.office)
Received: from smtp0.neclab.eu ([127.0.0.1]) by localhost (atlas2.office [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vcbzstNM7gb7; Wed, 2 Dec 2009 16:31:23 +0100 (CET)
Received: from VENUS.office (mx1.office [192.168.24.3]) by smtp0.neclab.eu (Postfix) with ESMTP id 886CC2C01D45F; Wed, 2 Dec 2009 16:30:48 +0100 (CET)
Content-class: urn:content-classes:message
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Wed, 2 Dec 2009 16:30:47 +0100
Content-Type: multipart/signed; boundary="----=_NextPart_000_023E_01CA736C.CD6B3D60"; protocol="application/x-pkcs7-signature"; micalg=SHA1
Message-ID: <547F018265F92642B577B986577D671CF6707E@VENUS.office>
In-Reply-To: <56A9F347-A2C5-41BA-B9AB-03647388ED02@apple.com>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: SECDIR review: draft-ietf-ipfix-mib-08
Thread-Index: AcpzHyyNuD/UrAauRHWctjo88F+DNwARLNbw
References: <56A9F347-A2C5-41BA-B9AB-03647388ED02@apple.com>
From: "Thomas Dietz" <Thomas.Dietz@nw.neclab.eu>
To: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= <lha@apple.com>, <muenz@net.in.tum.de>, <bclaise@cisco.com>, <akoba@nttv6.net>
X-Mailman-Approved-At: Thu, 03 Dec 2009 01:49:46 -0800
Cc: ipfix-chairs@tools.ietf.org, IESG - <iesg@ietf.org>, Security-Directorat Directorat <secdir@ietf.org>
Subject: Re: [secdir] SECDIR review: draft-ietf-ipfix-mib-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2009 15:31:36 -0000

Dear Love,

thank you for your review of our draft. Unfortunately I do not get your
point. The ipfixSelectionProcessTable is well defined in the IPFIX MIB. We
don't see any security implications in exposing the objects defined within
this table. They should not contain any sensitive data. Thus, we did not
explicitly mention this table in the security consideration section. Could
you please explain your concern in greater detail?

Best Regards,

Thomas

-- 
Thomas Dietz                 E-mail: Thomas.Dietz@nw.neclab.eu
NEC Europe Ltd.              Phone:  +49 6221 4342-128
NEC Laboratories Europe      Fax:    +49 6221 4342-155
Network Research Division
Kurfuersten-Anlage 36
69115 Heidelberg, Germany    http://www.nw.neclab.eu

NEC Europe Limited           Registered in England 2832014
Registered Office: NEC House, 1 Victoria Road, London W3 6BL

> -----Original Message-----
> From: Love Hörnquist Åstrand [mailto:lha@apple.com]
> Sent: Mittwoch, 2. Dezember 2009 08:07
> To: muenz@net.in.tum.de; bclaise@cisco.com; akoba@nttv6.net; Thomas
> Dietz
> Cc: IESG -; Security-Directorat Directorat; ipfix-chairs@tools.ietf.org
> Subject: SECDIR review: draft-ietf-ipfix-mib-08
> 
> Hello all,
> 
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
> 
> ipfixSelectionProcessTable is left undefined, so it could possibly
> contain parameters that should not be exposed.
> 
> Other then that I didn't find any problems.
> 
> Love
>