Re: [secdir] secdir review of draft-ietf-pce-pcep-mib-10

"Adrian Farrel" <> Fri, 24 October 2014 11:55 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id AE2B81A8A9B; Fri, 24 Oct 2014 04:55:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Cfdglae5puWw; Fri, 24 Oct 2014 04:55:00 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 467891A8A6E; Fri, 24 Oct 2014 04:55:00 -0700 (PDT)
Received: from (localhost.localdomain []) by (8.13.8/8.13.8) with ESMTP id s9OBsskA012209; Fri, 24 Oct 2014 12:54:54 +0100
Received: from 950129200 ( []) (authenticated bits=0) by (8.13.8/8.13.8) with ESMTP id s9OBsqNf012196 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 24 Oct 2014 12:54:53 +0100
From: Adrian Farrel <>
To: 'Carl Wallace' <>,
References: <>
In-Reply-To: <>
Date: Fri, 24 Oct 2014 12:54:50 +0100
Message-ID: <09a201cfef81$51aac740$f50055c0$>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHuzb1wP75OIIlE2NaAY8bHjIJyDpwBZkcQ
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-
X-TM-AS-Result: No--22.279-10.0-31-10
X-imss-scan-details: No--22.279-10.0-31-10
X-TMASE-MatchedRID: 10+ctCQpgSy/ZJwMCPzoc0ZmuInDdJ3BnPecQ/hKOMCPYUYzX2Xjl56K Ya03LCO22nVuImEjI1Gnu55oSQOpMyZi6irtsqnZ6192fv1gQabOzFp3x8qWhtcjCbPZgQnFGWA N/II9wcTFJnEpmt9OE//z3yWXvu/QFXLD8NIP1b2zp3xTq+H+fZ3q6x1z/StBbMGKOuLn5FUax3 hQAS8V1Unea3aZRK8VTE7v7dBXm2v4N7q++8va7t/LCIp5LMA1PdvHfBR0jJKjrlYm3WTU7yF2L rPGWWbW0bdGZ1btFHWjxYyRBa/qJaEwgORH8p/AjaPj0W1qn0SQZS2ujCtcuA==
Subject: Re: [secdir] secdir review of draft-ietf-pce-pcep-mib-10
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 24 Oct 2014 11:55:01 -0000

Sec and Ops ADs...

Could you please interpret this review by Carl in the context of the "best current advice" and boilerplate for MIB modules.


> -----Original Message-----
> From: iesg [] On Behalf Of Carl Wallace
> Sent: 24 October 2014 12:31
> To:
> Cc:;
> Subject: secdir review of draft-ietf-pce-pcep-mib-10
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the IESG.
> These comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments
> just like any other last call comments.
> This document describes a MIB that "describes managed objects for modeling
> of Path Computation Element communications Protocol (PCEP) for
> communications between a Path Computation Client (PCC) and a Path
> Computation Element (PCE), or between two PCEs”.
> I am not a MIB guy and did not review the definitions.  The security
> considerations section mostly addresses SNMP related considerations in
> general via references to other specs.  This seems fine.  The only minor
> nit here is the following:
> 	Implementations MUST provide the security features described by the
> SNMPv3 framework (see [RFC3410]), including full support for
> authentication and privacy via the User-based Security Model (USM)
> [RFC3414] with the AES cipher algorithm [RFC3826].
> RFC3410 only defines support for use of CBC-DES.  If support for AES is
> intended instead of DES, that should be noted more strongly here.  The
> requirement for "full support" of RFC3414 could be misinterpreted.