Re: [secdir] Secdir review of draft-ietf-opsawg-vmm-mib-02
"Christian Huitema" <huitema@huitema.net> Mon, 25 May 2015 00:35 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 777841A1BEE for <secdir@ietfa.amsl.com>; Sun, 24 May 2015 17:35:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E8qYHBpZoWKr for <secdir@ietfa.amsl.com>; Sun, 24 May 2015 17:35:30 -0700 (PDT)
Received: from xsmtp03.mail2web.com (xsmtp03.mail2web.com [168.144.250.223]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 556BD1A1BE9 for <secdir@ietf.org>; Sun, 24 May 2015 17:35:30 -0700 (PDT)
Received: from [10.5.2.18] (helo=xmail08.myhosting.com) by xsmtp03.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1YwgMX-00010U-3P for secdir@ietf.org; Sun, 24 May 2015 20:35:29 -0400
Received: (qmail 20091 invoked from network); 25 May 2015 00:35:24 -0000
Received: from unknown (HELO huitema1) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail08.myhosting.com (qmail-ldap-1.03) with ESMTPA for <draft-ietf-opsawg-vmm-mib.all@tools.ietf.org>; 25 May 2015 00:35:23 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'Juergen Schoenwaelder' <j.schoenwaelder@jacobs-university.de>
References: <00bb01d08df0$8d92f3f0$a8b8dbd0$@huitema.net> <20150523061335.GA58453@elstar.local>
In-Reply-To: <20150523061335.GA58453@elstar.local>
Date: Sun, 24 May 2015 17:35:22 -0700
Message-ID: <019f01d09682$b04a7950$10df6bf0$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQIE6d1Hpq9LKtM8ftWnX5M6Ol/RpAGIZb20nRbqdEA=
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/9ikwIIFqqzP0nAA-SKC0dP21tfQ>
Cc: draft-ietf-opsawg-vmm-mib.all@tools.ietf.org, 'The IESG' <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-opsawg-vmm-mib-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 May 2015 00:35:34 -0000
Yes, your security section does mention the need to control GET as well. > -----Original Message----- > From: Juergen Schoenwaelder [mailto:j.schoenwaelder@jacobs-university.de] > Sent: Friday, May 22, 2015 11:14 PM > To: Christian Huitema > Cc: 'The IESG'; secdir@ietf.org; draft-ietf-opsawg-vmm-mib.all@tools.ietf.org > Subject: Re: Secdir review of draft-ietf-opsawg-vmm-mib-02 > > Christian, > > thanks for the review. I am not sure if anything needs changes. The > draft largely follows the security considerations template for MIB > modules. And there is explicit text about GET access: > > [...] Moreover, the objects in the vmTable, > vmCpuTable, vmCpuAffinityTable, vmStorageTable and vmNetworkTable > list information about the virtual machines and their virtual > resource allocation. Some may wish not to disclose to others how > many and what virtual machines they are operating. > > It is thus important to control even GET access to these objects and > possibly to even encrypt the values of these object when sending them > over the network via SNMP. Not all versions of SNMP provide features > for such a secure environment. > > Is this text not already covering your concerns? Below the quoted > text, there is the general boilerplate recommendation to avoid SNMPv1 > and to use SNMPv3 instead. The "GET" paragraph feels a bit generic. I would personally be a bit stronger. Something like, "It is NOT RECOMMENDED" to provide access to these variables without using the strong security features of SNMPv3. Of course, this is a generic problem with SNMP, and I understand your desire to use the generic text. But is there a good reason to not recommend v3? I would also mention the specific problem of software running in a virtual machine and accessing the hypervisor's variables. This is an attack vector that is somewhat specific to this MIB. It cannot be mitigated by network firewalls. -- Christian Huitema
- [secdir] Secdir review of draft-ietf-opsawg-vmm-m… Christian Huitema
- Re: [secdir] Secdir review of draft-ietf-opsawg-v… Juergen Schoenwaelder
- Re: [secdir] Secdir review of draft-ietf-opsawg-v… Christian Huitema
- Re: [secdir] Secdir review of draft-ietf-opsawg-v… Juergen Schoenwaelder
- Re: [secdir] Secdir review of draft-ietf-opsawg-v… Michael MacFaden