[secdir] Secdir last call review of draft-ietf-ipsecme-mib-iptfs-05
Ivaylo Petrov <ivaylo@ackl.io> Wed, 12 October 2022 20:34 UTC
Return-Path: <ivaylo@ackl.io>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E906C14F743 for <secdir@ietfa.amsl.com>; Wed, 12 Oct 2022 13:34:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ackl-io.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3RgAoU1MWB7Z for <secdir@ietfa.amsl.com>; Wed, 12 Oct 2022 13:34:51 -0700 (PDT)
Received: from mail-il1-x12d.google.com (mail-il1-x12d.google.com [IPv6:2607:f8b0:4864:20::12d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5507BC14F73E for <secdir@ietf.org>; Wed, 12 Oct 2022 13:34:51 -0700 (PDT)
Received: by mail-il1-x12d.google.com with SMTP id y17so9367097ilq.8 for <secdir@ietf.org>; Wed, 12 Oct 2022 13:34:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ackl-io.20210112.gappssmtp.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=8Vh9V2GdXL1lrh6aaBu2dQb2Om9rd3MjD7351e6nCys=; b=teuDZz588OqygX4sL+tyURWvv87l6BYLQDz9PwxYyMJ5FjC8z0hNJTbysPl2e78+7w MgYH4yZu4hCoymBZ8Nj6wTQ2R3LMTOXS60wP6KrFHfJHQySaAoQ/XkdL57Aq6W1swyWS gclUSTU2jf//Wu0eL30b81sFcc/oV3AqYyS3RF8+HNT4HdgdxpeJVdTIzfz87A4CvowQ yaPb8UB1oN1mTKctJ4ZgGIB8HBKYq2RraMZYMz5gy4g3jkFwfc6GJjCFyEqfNEd96ykw 06/OeZ9phkZUg7hfkO3Xc58L95yBJl7ZPFeeGmWNFiVhxX5252WXwfMeb3E8gPiaUQsb AePA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=8Vh9V2GdXL1lrh6aaBu2dQb2Om9rd3MjD7351e6nCys=; b=NgbaWk6I3pcEl69bKEM7IwFGZMjBD47ija8yKJqgaVGoFUqkfAX46D8y5z69/Vt7AP DvUSyo8006fb79aTQybIeaOENTBU7sbl5h1B8DUBeY9APLBm/zjAEmx1UnMOMDAbvXEz CnHub8uX7m8xtUbkXYbsVlwtxL5qQ49zCRM18tIGCrc9ezNti4y9afv2lW9ikIeInEsM QQ4Po6Srjdvc9hQhZUAuHcmswdtPCNWGli5qQISsfZ65i2n8aT1+d5gOrZcEXLLL0pj+ ttiQ59q3e/IWCcxMsuuqWfTH50Mp39fdLx4FLqw/+UKaLrMcouRrD1PZVNh8oYycoGQR mMFQ==
X-Gm-Message-State: ACrzQf20hUTi/5ls3iA3P8icsAFLCHCtZGwa9PBZXI7c7D97aDQQICDS DDXKL4ZX3W/oX8h9cPG9gK7GJiDlhIba/PggdWGBVg==
X-Google-Smtp-Source: AMsMyM4WorhEszYzm/yr0OtpjtIWcLFkxXGS14nYfyq0BCHwgtVpaDJZnJUa6tgBd/QJlWFAAKa8lZZfvliv3nNJbr8=
X-Received: by 2002:a05:6e02:144f:b0:2fa:7ede:ece9 with SMTP id p15-20020a056e02144f00b002fa7edeece9mr15248731ilo.106.1665606889963; Wed, 12 Oct 2022 13:34:49 -0700 (PDT)
MIME-Version: 1.0
From: Ivaylo Petrov <ivaylo@ackl.io>
Date: Wed, 12 Oct 2022 22:34:23 +0200
Message-ID: <CAJFkdRy4rG3Xody0FSU_KXtN4+oi1yexQj54p=7CHP8VihnPNQ@mail.gmail.com>
To: draft-ietf-ipsecme-mib-iptfs.all@ietf.org, secdir@ietf.org, The IESG <iesg@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/UeiaBWoeDeyu-we1YdD2sceSne4>
Subject: [secdir] Secdir last call review of draft-ietf-ipsecme-mib-iptfs-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2022 20:34:52 -0000
Reviewer: Ivaylo Petrov Review result: Has Nits Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. When seeing SHOULD, RECOMMEND or MAY in the security considerations, I would always like to see some information about what are possible issues if I don't follow the recommendations or what do I gain by implementing them. My reading of the security considerations section left me wanting more such details specifically in the following paragrams: Implementations SHOULD provide the security features described by the SNMPv3 framework (see [RFC3410]), and implementations claiming compliance to the SNMPv3 standard MUST include full support for authentication and privacy via the User-based Security Model (USM) [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations MAY also provide support for the Transport Security Model (TSM) [RFC5591] in combination with a secure transport such as SSH [RFC5592] or TLS/DTLS [RFC6353]. Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. Regards, Ivaylo
- [secdir] Secdir last call review of draft-ietf-ip… Ivaylo Petrov
- Re: [secdir] Secdir last call review of draft-iet… Don Fedyk
- Re: [secdir] Secdir last call review of draft-iet… Ivaylo Petrov
- Re: [secdir] Secdir last call review of draft-iet… Don Fedyk