Re: [secdir] SECDIR review of draft-ietf-eman-energy-aware-mib-15

Stephen Kent <kent@bbn.com> Thu, 26 June 2014 16:58 UTC

Return-Path: <kent@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15EC11B2C13 for <secdir@ietfa.amsl.com>; Thu, 26 Jun 2014 09:58:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.852
X-Spam-Level:
X-Spam-Status: No, score=-4.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b7lAoXkPpCZn for <secdir@ietfa.amsl.com>; Thu, 26 Jun 2014 09:58:26 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B66491B2EF6 for <secdir@ietf.org>; Thu, 26 Jun 2014 09:44:09 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:55436 helo=COMSEC.local) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1X0CmK-0006vf-K7; Thu, 26 Jun 2014 12:44:05 -0400
Message-ID: <53AC4DD0.8090100@bbn.com>
Date: Thu, 26 Jun 2014 12:44:00 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: secdir <secdir@ietf.org>, bclaise@cisco.com, jparello@cisco.com, moulchan@cisco.com, n.brownlee@auckland.ac.nz, tnadeau@lucidvision.com, joel jaeggli <joelja@bogus.com>
References: <53A99DB2.5050707@bbn.com> <20140624204718.GB19710@elstar.local>
In-Reply-To: <20140624204718.GB19710@elstar.local>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/2tCZxQX1Nz3NPEvju6kTLSEcC94
Subject: Re: [secdir] SECDIR review of draft-ietf-eman-energy-aware-mib-15
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jun 2014 16:58:28 -0000

Juergen,

I read the boilerplate you cited.

The comment re IPsec is misleading, for the reasons I noted in my review.
This is the first MIB I-D I've reviewed. I would have pointed out the 
problems
with that text earlier had I reviewed a MIB earlier :-).

With the publication of RFC 7258 as a BCP its seems appropriate to revisit
the boilerplate when discussing confidentiality and use of encryption. 
Hence
my suggestion that use of encryption be RECOMMENDED.

Since the subject of this MIB is energy management, I think that my 
comments about
the potential adverse impacts of security lapses for these MIBs are 
relevant. This
is outside the generic context for which the boilerplate was developed.

Finally, the boilerplate does not seem to use the same language as the 
text at the end
of the SC, e.g., I don't see the word "consider" in the boilerplate. The 
mix of advice dealing
with implementation vs. deployment still strikes me as confusing, as 
written. I think the
boilerplate text is better in this respect, and should be used as a 
starting point for
the last part of the SC in this I-D (tailored as needed).

Steve