Re: [secdir] Secdir review of draft-ietf-eman-rfc4133bis-06
Benoit Claise <bclaise@cisco.com> Tue, 19 February 2013 21:16 UTC
Return-Path: <bclaise@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49C4721F87E4; Tue, 19 Feb 2013 13:16:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.541
X-Spam-Level:
X-Spam-Status: No, score=-10.541 tagged_above=-999 required=5 tests=[AWL=0.058, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id egwi9cLSBnDA; Tue, 19 Feb 2013 13:16:47 -0800 (PST)
Received: from av-tac-bru.cisco.com (weird-brew.cisco.com [144.254.15.118]) by ietfa.amsl.com (Postfix) with ESMTP id F12B821F87E0; Tue, 19 Feb 2013 13:16:46 -0800 (PST)
X-TACSUNS: Virus Scanned
Received: from strange-brew.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-bru.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id r1JLGj5D024328; Tue, 19 Feb 2013 22:16:45 +0100 (CET)
Received: from [10.60.67.84] (ams-bclaise-8913.cisco.com [10.60.67.84]) by strange-brew.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id r1JLFssS001318; Tue, 19 Feb 2013 22:16:15 +0100 (CET)
Message-ID: <5123EB8A.6030805@cisco.com>
Date: Tue, 19 Feb 2013 22:15:54 +0100
From: Benoit Claise <bclaise@cisco.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-Version: 1.0
To: Vincent Roca <vincent.roca@inria.fr>
References: <0F853B07-BBF2-462A-9081-F67DB87BCADA@inria.fr>
In-Reply-To: <0F853B07-BBF2-462A-9081-F67DB87BCADA@inria.fr>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-eman-rfc4133bis.all@tools.ietf.org, IESG <iesg@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-eman-rfc4133bis-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Feb 2013 21:16:48 -0000
Hi Vincent, Thanks for your review. See in line > Hello, > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > -- > > This document is an update of RFC4311. It therefore inherits, updates > and improves the security considerations section of that RFC. > This section seems well written and accurate. I just have a small comment. > > I see there's a wide range of techniques to secure communication with MIBs. > This document specifies a Mandatory To Implement solution (USM with AES), > mentions a SHOULD support solution (security features of RFC3410), as well > as a MAY support approach (TSM with SSH/TLS).That's a lot. > I imagine there are good reasons (I don't know the SNMP/MIB domain) to do > that... This comes from http://www.ietf.org/iesg/directorate/mib-doctors.html -> http://trac.tools.ietf.org/area/ops/trac/wiki/mib-security Regards, Benoit > > > Cheers, > > Vincent > >
- [secdir] Secdir review of draft-ietf-eman-rfc4133… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-eman-rfc… Benoit Claise