Re: [secdir] SECDIR review of draft-ietf-eman-energy-aware-mib-15

Stephen Kent <> Thu, 26 June 2014 16:58 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 15EC11B2C13 for <>; Thu, 26 Jun 2014 09:58:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.852
X-Spam-Status: No, score=-4.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id b7lAoXkPpCZn for <>; Thu, 26 Jun 2014 09:58:26 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B66491B2EF6 for <>; Thu, 26 Jun 2014 09:44:09 -0700 (PDT)
Received: from ([]:55436 helo=COMSEC.local) by with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <>) id 1X0CmK-0006vf-K7; Thu, 26 Jun 2014 12:44:05 -0400
Message-ID: <>
Date: Thu, 26 Jun 2014 12:44:00 -0400
From: Stephen Kent <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: secdir <>,,,,,, joel jaeggli <>
References: <> <20140624204718.GB19710@elstar.local>
In-Reply-To: <20140624204718.GB19710@elstar.local>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [secdir] SECDIR review of draft-ietf-eman-energy-aware-mib-15
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 26 Jun 2014 16:58:28 -0000


I read the boilerplate you cited.

The comment re IPsec is misleading, for the reasons I noted in my review.
This is the first MIB I-D I've reviewed. I would have pointed out the 
with that text earlier had I reviewed a MIB earlier :-).

With the publication of RFC 7258 as a BCP its seems appropriate to revisit
the boilerplate when discussing confidentiality and use of encryption. 
my suggestion that use of encryption be RECOMMENDED.

Since the subject of this MIB is energy management, I think that my 
comments about
the potential adverse impacts of security lapses for these MIBs are 
relevant. This
is outside the generic context for which the boilerplate was developed.

Finally, the boilerplate does not seem to use the same language as the 
text at the end
of the SC, e.g., I don't see the word "consider" in the boilerplate. The 
mix of advice dealing
with implementation vs. deployment still strikes me as confusing, as 
written. I think the
boilerplate text is better in this respect, and should be used as a 
starting point for
the last part of the SC in this I-D (tailored as needed).