Re: [secdir] secdir review of draft-ietf-pce-pcep-mib-10

"Adrian Farrel" <afarrel@juniper.net> Fri, 24 October 2014 11:55 UTC

Return-Path: <afarrel@juniper.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE2B81A8A9B; Fri, 24 Oct 2014 04:55:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cfdglae5puWw; Fri, 24 Oct 2014 04:55:00 -0700 (PDT)
Received: from asmtp3.iomartmail.com (asmtp3.iomartmail.com [62.128.201.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 467891A8A6E; Fri, 24 Oct 2014 04:55:00 -0700 (PDT)
Received: from asmtp3.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp3.iomartmail.com (8.13.8/8.13.8) with ESMTP id s9OBsskA012209; Fri, 24 Oct 2014 12:54:54 +0100
Received: from 950129200 (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) (authenticated bits=0) by asmtp3.iomartmail.com (8.13.8/8.13.8) with ESMTP id s9OBsqNf012196 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 24 Oct 2014 12:54:53 +0100
From: Adrian Farrel <afarrel@juniper.net>
To: 'Carl Wallace' <carl@redhoundsoftware.com>, draft-ietf-pce-pcep-mib.all@tools.ietf.org
References: <D06FB0C8.253DE%carl@redhoundsoftware.com>
In-Reply-To: <D06FB0C8.253DE%carl@redhoundsoftware.com>
Date: Fri, 24 Oct 2014 12:54:50 +0100
Message-ID: <09a201cfef81$51aac740$f50055c0$@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHuzb1wP75OIIlE2NaAY8bHjIJyDpwBZkcQ
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1576-7.5.0.1018-21046.006
X-TM-AS-Result: No--22.279-10.0-31-10
X-imss-scan-details: No--22.279-10.0-31-10
X-TMASE-MatchedRID: 10+ctCQpgSy/ZJwMCPzoc0ZmuInDdJ3BnPecQ/hKOMCPYUYzX2Xjl56K Ya03LCO22nVuImEjI1Gnu55oSQOpMyZi6irtsqnZ6192fv1gQabOzFp3x8qWhtcjCbPZgQnFGWA N/II9wcTFJnEpmt9OE//z3yWXvu/QFXLD8NIP1b2zp3xTq+H+fZ3q6x1z/StBbMGKOuLn5FUax3 hQAS8V1Unea3aZRK8VTE7v7dBXm2v4N7q++8va7t/LCIp5LMA1PdvHfBR0jJKjrlYm3WTU7yF2L rPGWWbW0bdGZ1btFHWjxYyRBa/qJaEwgORH8p/AjaPj0W1qn0SQZS2ujCtcuA==
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/Tolk-b-Lze3FZd0CdDUsjyRwzXA
Cc: iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-pce-pcep-mib-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: afarrel@juniper.net
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2014 11:55:01 -0000

Sec and Ops ADs...

Could you please interpret this review by Carl in the context of the "best current advice" and boilerplate for MIB modules.

Thanks,
Adrian

> -----Original Message-----
> From: iesg [mailto:iesg-bounces@ietf.org] On Behalf Of Carl Wallace
> Sent: 24 October 2014 12:31
> To: draft-ietf-pce-pcep-mib.all@tools.ietf.org
> Cc: iesg@ietf.org; secdir@ietf.org
> Subject: secdir review of draft-ietf-pce-pcep-mib-10
> 
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the IESG.
> These comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments
> just like any other last call comments.
> 
> 
> This document describes a MIB that "describes managed objects for modeling
> of Path Computation Element communications Protocol (PCEP) for
> communications between a Path Computation Client (PCC) and a Path
> Computation Element (PCE), or between two PCEs”.
> 
> I am not a MIB guy and did not review the definitions.  The security
> considerations section mostly addresses SNMP related considerations in
> general via references to other specs.  This seems fine.  The only minor
> nit here is the following:
> 
> 	Implementations MUST provide the security features described by the
> SNMPv3 framework (see [RFC3410]), including full support for
> authentication and privacy via the User-based Security Model (USM)
> [RFC3414] with the AES cipher algorithm [RFC3826].
> 
> RFC3410 only defines support for use of CBC-DES.  If support for AES is
> intended instead of DES, that should be noted more strongly here.  The
> requirement for "full support" of RFC3414 could be misinterpreted.