[secdir] secdir review of draft-ietf-eman-applicability-statement-08

Melinda Shore <melinda.shore@gmail.com> Sun, 30 November 2014 00:02 UTC

Return-Path: <melinda.shore@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 853FA1A0011; Sat, 29 Nov 2014 16:02:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id h13Foeh0V4Hd; Sat, 29 Nov 2014 16:02:28 -0800 (PST)
Received: from mail-pa0-x235.google.com (mail-pa0-x235.google.com [IPv6:2607:f8b0:400e:c03::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F5BC1A0010; Sat, 29 Nov 2014 16:02:25 -0800 (PST)
Received: by mail-pa0-f53.google.com with SMTP id kq14so8621327pab.26 for <multiple recipients>; Sat, 29 Nov 2014 16:02:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :content-type:content-transfer-encoding; bh=dh5G1NnQWKvi4Xeuq/FGWYOMQ2Hf7vv2Ey021oqPuMY=; b=qWfx7mNptS5bsslU1oPq26e/ukS9IL8qYhU0mYJc+VN6U4NTjEVj13aTeYIswxaEeF coTlFMxs9syuznZRyWxhxxIeBFAnyi7kPpza7lWgVqpFqDjsFfKb/wLFGRU9zonrsYR2 ayEhn3PsJ/8OsPjQPJrRHoGuq49M6JAS8LsM/MabOYmVxqbjDO1O7mVnH4LqzMccmXjI 1SRUdUBtz9tdy8y4c1m8Ji6pWoH8pjN3wNeSPVkoKBgWpWhX/e5ieAD0WQ7FlYMJUFBt XpOSoIEo6Xy/fRJ5ypfaJ6whSZgtRrvzTw2KC7GJKVfBiSC11SJh4LDI9LqJ2pLGvoT0 dR8Q==
X-Received: by with SMTP id y14mr84950160pbt.165.1417305744705; Sat, 29 Nov 2014 16:02:24 -0800 (PST)
Received: from spandex.local (209-193-46-232-rb1.sol.dsl.dynamic.acsalaska.net. []) by mx.google.com with ESMTPSA id pg9sm13558239pdb.71.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 29 Nov 2014 16:02:24 -0800 (PST)
Message-ID: <547A5E8E.1070002@gmail.com>
Date: Sat, 29 Nov 2014 15:02:22 -0900
From: Melinda Shore <melinda.shore@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: draft-ietf-eman-applicability-statement.all@ietf.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/_BQEy-zebZ6AjU43CKOkGJ80Zrs
Cc: IESG <iesg@ietf.org>, secdir@ietf.org
Subject: [secdir] secdir review of draft-ietf-eman-applicability-statement-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Nov 2014 00:02:31 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Summary: Security considerations section is insufficient.  Otherwise
the document is in pretty good shape (with nits).

This document is essentially a set of use cases guiding the energy
management's (eman) working group's work, as well as providing a
description of the relationship of the IETF's eman's framework to
other relevant energy monitoring standards.

Of particular interest, perhaps, is that eman is using SNMP to convey
energy device information.

The use cases are very clearly described, and we're grateful for
the "essential properties" breakout summaries ("target devices,"
"how powered," and "reporting") at the bottom of each use case.

All that said, I was extremely surprised to get to the "Security
considerations" section and find that it consisted of but two
generic sentences about SNMP.  We are all aware of issues related
to the sensitivity of the electric grid, and powered devices,
to security vulnerabilities and that this is a time of heightened
scrutiny of how the grid is secured.  This necessarily extends to
monitoring, and there is certainly a *lot* of information that
may be gleaned by an attacker from monitoring power consumption,
as well as manipulation of the grid by an attacker inserting
bogus monitoring messages.

There does not appear to have been any work done within the
group on developing a threat model for energy monitoring, which
strikes me as problematic.  However, even in the absence of an
interest in developing one, a quick summary of the sorts of
attacks that must be considered in the development and deployment
of energy monitoring mechanisms strikes me as far, far, far
more useful than a one-sentence rundown of generic security mechanisms
provided by SNMPv3.

Minor comments:

1) This is more by way of guidance, but it should be noted that
   while the information model may be portable to YANG, netconf,
   and others, the security models and technologies used to secure
   those protocols may be (and are) different, and security
   properties need to be given serious consideration before
   moving the information model to another conveyance.

2) the I-D nit checker found a number of problems in the references,
   as well as a few other problems.

Trivial nits:

1) In section 1.2, the document name/reference should be separated
   from the document description by a colon and space

2) In that same section there's a stray period at the very bottom of
   page 4

3) Section 2, first paragraph:  "This section a presents energy
   management scenarios [ ... ]".  That 'a' (third word) needs to be

4) For some reason the section header for section 2.8 does not appear
   bolded, while those for other subsections do.