Re: [secdir] SecDir review of draft-ietf-opsawg-syslog-msg-mib-04
"Romascanu, Dan (Dan)" <dromasca@avaya.com> Mon, 20 July 2009 15:39 UTC
Return-Path: <dromasca@avaya.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3B1983A6CB4; Mon, 20 Jul 2009 08:39:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.935
X-Spam-Level:
X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[AWL=-0.236, BAYES_00=-2.599, J_CHICKENPOX_51=0.6, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UGF4h5A6EiZa; Mon, 20 Jul 2009 08:39:31 -0700 (PDT)
Received: from nj300815-nj-outbound.net.avaya.com (nj300815-nj-outbound.net.avaya.com [198.152.12.100]) by core3.amsl.com (Postfix) with ESMTP id 2C1433A6D73; Mon, 20 Jul 2009 08:39:30 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.43,235,1246852800"; d="scan'208";a="167674943"
Received: from unknown (HELO nj300815-nj-erheast.avaya.com) ([198.152.6.5]) by nj300815-nj-outbound.net.avaya.com with ESMTP; 20 Jul 2009 11:39:18 -0400
Received: from unknown (HELO 307622ANEX5.global.avaya.com) ([135.64.140.12]) by nj300815-nj-erheast-out.avaya.com with ESMTP; 20 Jul 2009 11:39:17 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 20 Jul 2009 17:38:59 +0200
Message-ID: <EDC652A26FB23C4EB6384A4584434A0401892B23@307622ANEX5.global.avaya.com>
In-Reply-To: <Pine.WNT.4.64.0907200900100.6844@W-JNISBETTEST-1.tablus.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: SecDir review of draft-ietf-opsawg-syslog-msg-mib-04
thread-index: AcoJTwcx+YlkteSeTHmF8EELzA4AZwAAF71w
References: <Pine.WNT.4.64.0805121031000.2612@W-JNISBETTEST-1.tablus.com><Pine.WNT.4.64.0811051802030.7640@W-JNISBETTEST-1.tablus.com><Pine.WNT.4.64.0812101529200.3888@W-JNISBETTEST-1.tablus.com><Pine.WNT.4.64.0902161338530.5224@W-JNISBETTEST-1.tablus.com><Pine.WNT.4.64.0905032241410.5248@W-JNISBETTEST-1.tablus.com><Pine.WNT.4.64.0906142309020.632@W-JNISBETTEST-1.tablus.com> <Pine.WNT.4.64.0907200900100.6844@W-JNISBETTEST-1.tablus.com>
From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
To: Magnus Nyström <magnus@rsa.com>, iesg@ietf.org, secdir@ietf.org, secdir-secretary@mit.edu, j.schoenwalder@jacobs-university.de, alex@cisco.com, akarmaka@cisco.com, sob@harvard.edu, ted.a.seely@sprint.com
Subject: Re: [secdir] SecDir review of draft-ietf-opsawg-syslog-msg-mib-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2009 15:39:32 -0000
Hi Magnus, Thank you for the review. I will let the authors respond on the rest, but I have one comment about the following: > -----Original Message----- > From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On > Behalf Of Magnus Nystr?m > > - (Editorial) In the Security Considerations section, there > is a paragraph > recommending against deployment of earlier versions of SNMP. For > clarity and correctness ("NOT RECOMMENDED" is not a key > word) I suggest > this paragraph is rewritten to (several changes in the below): Actually RFC 2119 says: 4. SHOULD NOT This phrase, or the phrase "NOT RECOMMENDED" mean that there may exist valid reasons in particular circumstances when the particular behavior is acceptable or even useful, but the full implications should be understood and the case carefully weighed before implementing any behavior described with this label. NOT RECOMMENDED is thus accepted as a synonim to SHOULD NOT if the syntax of the phrase demands it. The current boilerplate for Security Considerations sections described at http://www.ops.ietf.org/mib-security.html was carefully crafted by the Security AD's and OPS AD's a few years ago, and is used since in all RFCs that define MIB modules. I would not recommend using a different wording, unless there is a good reason and the current AD's agree on the change. Thanks and Regards, Dan > > Further, SNMP versions prior to SNMPv3 SHOULD NOT be deployed. > Instead, SNMPv3 with enabled cryptographic security > SHOULD be deployed. > It is then a customer/operator responsibility to ensure > that the SNMP > entity giving access to an instance of this MIB module is properly > configured to give access to the objects only to those principals > (users) that indeed have legitimate rights to GET or SET > (change/create/delete) them. > > -- Magnus >
- [secdir] Review of draft-ietf-vrrp-unified-spec-02 Magnus Nyström
- Re: [secdir] Review of draft-ietf-vrrp-unified-sp… Stephen Nadas
- [secdir] Review of draft-freed-sieve-ihave-03 Magnus Nyström
- [secdir] SecDir review of draft-ietf-avt-rtp-uemc… Magnus Nyström
- [secdir] SecDir review of draft-ietf-mpls-p2mp-te… Magnus Nyström
- Re: [secdir] SecDir review of draft-ietf-mpls-p2m… Adrian Farrel
- [secdir] SecDir review of draft-ietf-sipping-cc-f… Magnus Nyström
- Re: [secdir] SecDir review of draft-ietf-sipping-… Alan Johnston
- [secdir] SecDir review of draft-ietf-opsawg-syslo… Magnus Nyström
- Re: [secdir] SecDir review of draft-ietf-opsawg-s… Romascanu, Dan (Dan)
- Re: [secdir] SecDir review of draft-ietf-opsawg-s… David Harrington