[secdir] Secdir review of draft-ietf-storm-ifcpmib-05.txt

Charlie Kaufman <charliek@microsoft.com> Mon, 25 October 2010 03:08 UTC

Return-Path: <charliek@microsoft.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8E7C43A6939; Sun, 24 Oct 2010 20:08:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BfK8FvXiy40E; Sun, 24 Oct 2010 20:07:59 -0700 (PDT)
Received: from smtp.microsoft.com (mailb.microsoft.com [131.107.115.215]) by core3.amsl.com (Postfix) with ESMTP id A517C3A6359; Sun, 24 Oct 2010 20:07:59 -0700 (PDT)
Received: from TK5EX14CASC131.redmond.corp.microsoft.com (157.54.52.38) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Sun, 24 Oct 2010 20:09:36 -0700
Received: from TK5EX14MBXC115.redmond.corp.microsoft.com ([169.254.4.144]) by TK5EX14CASC131.redmond.corp.microsoft.com ([157.54.52.38]) with mapi id 14.01.0255.003; Sun, 24 Oct 2010 20:09:34 -0700
From: Charlie Kaufman <charliek@microsoft.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-ietf-storm-ifcpmib.all@tools.ietf.org" <draft-ietf-storm-ifcpmib.all@tools.ietf.org>
Thread-Topic: Secdir review of draft-ietf-storm-ifcpmib-05.txt
Thread-Index: Actz8JowYxQlgwZRR/S79JDTHWqysQ==
Date: Mon, 25 Oct 2010 03:09:34 +0000
Message-ID: <D80EDFF2AD83E648BD1164257B9B0912243EEB44@TK5EX14MBXC115.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.123.12]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [secdir] Secdir review of draft-ietf-storm-ifcpmib-05.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Oct 2010 03:08:00 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

Writing, interpreting, and reviewing MIB documents is to some degree a specialized art, and I can't claim to give this a thorough technical review. The Security Considerations section of most MIB documents is usually pro forma and not very interesting. This one, however, is exceptional and perhaps should be taken as a model for the Security Considerations sections of other MIB documents. It describes how security sensitive the various values that can be accessed through the MIB are, both with respect to reading them and with respect to updating them. While what fields are going to be sensitive in what way is often going to be scenario dependent, indications of which fields might be sensitive and why (particularly in cases where the explanation is not obvious) would make a helpful commentary.

This document does not say much about the relative sensitivity of various fields (I'm assuming because in this case there isn't much to say).

I found no problems with this document.

	--Charlie