Re: [secdir] SECDIR review of draft-ietf-eman-energy-aware-mib-15
Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Tue, 24 June 2014 20:47 UTC
Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 699C21B2827 for <secdir@ietfa.amsl.com>; Tue, 24 Jun 2014 13:47:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.201
X-Spam-Level:
X-Spam-Status: No, score=-2.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fbkn9AEtktrl for <secdir@ietfa.amsl.com>; Tue, 24 Jun 2014 13:47:32 -0700 (PDT)
Received: from atlas3.jacobs-university.de (atlas3.jacobs-university.de [212.201.44.18]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1CBA1B27ED for <secdir@ietf.org>; Tue, 24 Jun 2014 13:47:25 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas3.jacobs-university.de (Postfix) with ESMTP id C4C97F5A; Tue, 24 Jun 2014 22:47:23 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas3.jacobs-university.de ([10.70.0.220]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10030) with ESMTP id 8Yq6WIkuBnDW; Tue, 24 Jun 2014 22:47:14 +0200 (CEST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "Jacobs University CA - G01" (verified OK)) by atlas3.jacobs-university.de (Postfix) with ESMTPS; Tue, 24 Jun 2014 22:47:22 +0200 (CEST)
Received: from localhost (demetrius4.jacobs-university.de [212.201.44.49]) by hermes.jacobs-university.de (Postfix) with ESMTP id 0974A2003A; Tue, 24 Jun 2014 22:47:22 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius4.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id tBeLXqewSQ6K; Tue, 24 Jun 2014 22:47:20 +0200 (CEST)
Received: from elstar.local (elstar.jacobs.jacobs-university.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id 2C9D720039; Tue, 24 Jun 2014 22:47:19 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id 63B4C2D9659F; Tue, 24 Jun 2014 22:47:19 +0200 (CEST)
Date: Tue, 24 Jun 2014 22:47:19 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Stephen Kent <kent@bbn.com>
Message-ID: <20140624204718.GB19710@elstar.local>
Mail-Followup-To: Stephen Kent <kent@bbn.com>, secdir <secdir@ietf.org>, bclaise@cisco.com, jparello@cisco.com, moulchan@cisco.com, n.brownlee@auckland.ac.nz, tnadeau@lucidvision.com, joel jaeggli <joelja@bogus.com>
References: <53A99DB2.5050707@bbn.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <53A99DB2.5050707@bbn.com>
User-Agent: Mutt/1.4.2.3i
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/NXsV74tNywKlVXlgQOOHIb5eObY
Cc: tnadeau@lucidvision.com, secdir <secdir@ietf.org>, joel jaeggli <joelja@bogus.com>, jparello@cisco.com, n.brownlee@auckland.ac.nz, bclaise@cisco.com, moulchan@cisco.com
Subject: Re: [secdir] SECDIR review of draft-ietf-eman-energy-aware-mib-15
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jun 2014 20:47:35 -0000
Hi, there is a security boilerplate that we are following. http://trac.tools.ietf.org/area/ops/trac/wiki/mib-security If you think this is not appropriate anymore, we need to have a discussion to update the boilerplate instead of debating specific MIB modules. Note that this topic comes up periodically - usually without much changes to the boilerplate at the end. Lets see the result this time. ;-) /js On Tue, Jun 24, 2014 at 11:48:02AM -0400, Stephen Kent wrote: > I reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG.These > comments were written primarily for the benefit of the security area > directors.Document editors and WG chairs should treat these comments > just like any other last call comments. Since I am not a MIB expert, my > comments are strictly related to the security-relevant aspects of this > document. > > This document, as its name implies, defines a MIB for energy management > devices. Given increasing concern over security in the so-called > "cyber-physical" realm, a MIB for such devices clearly merits scrutiny. > Also, to the extent that such devices (e.g., meters) might be associated > with residences, there are personal privacy issues that ought to be > addressed, in the PERPASS era. > > The document is clearly written; my compliments to the authors in that > regard. The one odd thing I noted was that Sections 11.1 and 11.2 appear > between Sections 6 and 7! I think this was a cut and paste error that is > easily remedied. > > The Security Considerations section (7) is about one-half page in > length. I have several concerns with the text here. > > First, the text says "It is thus important to control even GET and/or > NOTIFY access to these objects and possibly to even encrypt the values > of these objects when sending them over the network via SNMP." This > seems to be an understatement. I'd like to see the text here RECOMMEND > use of encryption to provide confidentiality. This would be supportive > of personal privacy, in residential contexts, and physical security in > residential and enterprise settings. I can imagine a movie in which > burglars use a lack of encryption to gain critical information about > building infrastructure from a an energy MIB J. > > The text later says "There are a number of management objects defined in > these MIB modules with a MAX-ACCESS clause of read-write and/or > read-create.Such objects MAY be considered sensitive or vulnerable in > some network environments.The support for SET operations in a non-secure > environment without proper protection can have a negative effect on > network operations. Again, this strikes me as a significant > understatement, i.e., the scope of the "negative effect" could be much > broader that just a network. (Power outlets are cited as examples of > objects, so anything plugged into an outlet could be effected, right?) > There should be more emphasis on the need for access control. > > The text later says "SNMP versions prior to SNMPv3 did not include > adequate security. Even if the network itself is secure (for example, by > using IPsec), there is still no secure control over who on the secure > network is allowed to access and GET/SET (read/change/create/delete) the > objects in these MIB modules." This is a misleading. IPsec natively > provides access control. It would be accurate to say that the access > controls offered by IPsec would only limit who could access the MIB. > What the authors seem to suggest here is finer-grained access control, > so that one can manage GET/SET privileges for the set of individuals who > are authorized to connect to the MIB via the SMTP port, right? > > The text discussing use of SNMPv3 security is a bit confusing. > > It RECOMMENDS that implementers "consider" SMNPv3 security features, but > then says deployment of SNMP versions prior to v3 is NOT RECOMMENDED. > The first paragraph discussing this topic deals with thinking about > support (vs. use) of SNMPv3, while the second paragraph makes a much > stronger statement about deployment. It would be more consistent to > mandate support (MUST or SHOULD) for SNMPv3 in entities that incorporate > this MIB. Separately the document can RECOMMEND enabling SNMPv3 security > features in deployments, for the reasons cited. > _______________________________________________ > secdir mailing list > secdir@ietf.org > https://www.ietf.org/mailman/listinfo/secdir > wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
- [secdir] SECDIR review of draft-ietf-eman-energy-… Stephen Kent
- Re: [secdir] SECDIR review of draft-ietf-eman-ene… Juergen Schoenwaelder
- Re: [secdir] SECDIR review of draft-ietf-eman-ene… Stephen Kent
- Re: [secdir] SECDIR review of draft-ietf-eman-ene… Benoit Claise
- Re: [secdir] SECDIR review of draft-ietf-eman-ene… Benoit Claise