Re: [secdir] SecDir review of draft-ietf-netlmm-pmipv6-mib-05
"Glenn M. Keeni" <glenn@cysols.com> Wed, 13 April 2011 06:42 UTC
Return-Path: <glenn@cysols.com>
X-Original-To: secdir@ietfc.amsl.com
Delivered-To: secdir@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id AF21CE06EC; Tue, 12 Apr 2011 23:42:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.11
X-Spam-Level: *
X-Spam-Status: No, score=1.11 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, J_CHICKENPOX_46=0.6, J_CHICKENPOX_53=0.6]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QBbo7V7FR-EI; Tue, 12 Apr 2011 23:42:24 -0700 (PDT)
Received: from niseko.cysol.co.jp (niseko.cysol.co.jp [210.233.3.236]) by ietfc.amsl.com (Postfix) with ESMTP id 99642E06D1; Tue, 12 Apr 2011 23:42:23 -0700 (PDT)
Received: from [192.168.0.193] (cookie.win2004.cysol.co.jp [192.168.0.193]) (authenticated bits=0) by aso.priv.cysol.co.jp (8.14.4/8.14.4) with ESMTP id p3D6gIaq088424 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Wed, 13 Apr 2011 15:42:20 +0900 (JST) (envelope-from glenn@cysols.com)
Message-ID: <4DA545C5.4050708@cysols.com>
Date: Wed, 13 Apr 2011 15:42:13 +0900
From: "Glenn M. Keeni" <glenn@cysols.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ja; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
MIME-Version: 1.0
To: Vincent Roca <vincent.roca@inrialpes.fr>
References: <A76FCDEF-42DA-421B-95F1-202A076682C4@inrialpes.fr>
In-Reply-To: <A76FCDEF-42DA-421B-95F1-202A076682C4@inrialpes.fr>
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Tue, 19 Apr 2011 10:19:34 -0700
Cc: draft-ietf-netlmm-pmipv6-mib.all@tools.ietf.org, IESG <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] SecDir review of draft-ietf-netlmm-pmipv6-mib-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Apr 2011 06:42:24 -0000
Hi, Thanks for the review. The response follows. > ** What about the completeness of the two lists provided in > section 6? > For instance the MIB defines the pmip6Capabilities object with > attribute MAX-ACCESS read-only (see p. 13). However this object > is not listed in the security considerations sections. Is it > a mistake? If yes, then does anything miss (I didn't check)? This is not a mistake. Since it is read only, its value cannot be changed by an attacker. And, revealing the capabilities cannot be as harmful as other objects e.g. pmip6Status. [ I will agree that a miscreant may want to physically destroy all objects that have LMA and or MAG capabilities in order to shutdown a PMIPv6 network. The pmip6Capabilities object may be misused in that manner. But that is a generic argument, and holds for ALL the PMIPv6MIB objects.] So, we have not listed this object as one which is "particularly sensitive and/or private". The generic risk aspects are covered in the last paragraph of the security considerations section [copied from the boilerplate]. The 2 lists are complete to our knowledge. Please let us know if there are any risks/vulnerabilities that are worth mentioning. The remaining comments relate to the boilerplate which we have followed to the dot. Cheers, Glenn > (2011/04/11 22:50), Vincent Roca wrote: > Hello, > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > > Globally, the "Security Considerations" section is well > written and provides details for the associated risks. > It clearly RECOMMENDs the use of SNMPv3, which should not come > as a surprise given the risks associated to previous versions. > This "Security Considerations" section is globally similar > to that of RFC4295 (MIPv6 MIB). > > A few comments: > > ** What about the completeness of the two lists provided in > section 6? > For instance the MIB defines the pmip6Capabilities object with > attribute MAX-ACCESS read-only (see p. 13). However this object > is not listed in the security considerations sections. Is it > a mistake? If yes, then does anything miss (I didn't check)? > > > ** Clarification needed: > It is said: > "Even if the network itself is secure (for example by using IPsec), > even then, there is no control as to who on the secure network is > allowed to access and GET/SET (read/change/create/delete) the objects > in this MIB module." > I'm rather surprised that no ACL (or similar) functionality > be available. If IPsec is enabled, then hosts are authenticated > (using one of several techniques) and it's no longer a big deal > to check the authorizations associated to the peer. So that's > surprising. > > BTW, you can maybe remove the redundant "even then," in above > sentence. > > > ** Wrong reference: > It is said: > "It is RECOMMENDED that implementers consider the security features as > provided by the SNMPv3 framework (see [RFC3410], section 8) [...]" > Section is not the section of interest as it only focuses > on the standardization status. More interesting sections in RFC3410 > are: > - section 6.3 "SNMPv3 security and administration", and in particular > - section 7, in particular section 7.8 "user based security model". > > NB: RFC3410 is from Dec 2002. At that time using MD5/DES was not an > issue, now it is. The last sentence of RFC3410/section 7.8 mentions > on-going work on using AES in the user-based security model. If this > work gave birth to an RFC, that's probably a good document to refer > too. > > > ** Obscur: > The last sentence of this section: > "It is then a customer/operator... them." > could easily be improved (split the sentence, please). As such it > remains rather obscure. > > > I hope this is useful. > Cheers, > > Vincent
- [secdir] SecDir review of draft-ietf-netlmm-pmipv… Vincent Roca
- Re: [secdir] SecDir review of draft-ietf-netlmm-p… Juergen Schoenwaelder
- Re: [secdir] SecDir review of draft-ietf-netlmm-p… Vincent Roca
- Re: [secdir] SecDir review of draft-ietf-netlmm-p… Jari Arkko
- Re: [secdir] SecDir review of draft-ietf-netlmm-p… Sri Gundavelli
- Re: [secdir] SecDir review of draft-ietf-netlmm-p… Vincent Roca
- Re: [secdir] SecDir review of draft-ietf-netlmm-p… Glenn M. Keeni