[secdir] Secdir review of draft-ietf-capwap-802dot11-mib-06
Alan DeKok <aland@deployingradius.com> Tue, 02 February 2010 14:36 UTC
Return-Path: <aland@deployingradius.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B357728C0D9; Tue, 2 Feb 2010 06:36:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.599
X-Spam-Level:
X-Spam-Status: No, score=-4.599 tagged_above=-999 required=5 tests=[AWL=-2.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nXyDrZixn2Xj; Tue, 2 Feb 2010 06:36:54 -0800 (PST)
Received: from liberty.deployingradius.com (liberty.deployingradius.com [88.191.76.128]) by core3.amsl.com (Postfix) with ESMTP id F05D228C1BE; Tue, 2 Feb 2010 06:25:30 -0800 (PST)
Message-ID: <4B683600.8010403@deployingradius.com>
Date: Tue, 02 Feb 2010 15:26:08 +0100
From: Alan DeKok <aland@deployingradius.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: secdir@ietf.org
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-capwap-802dot11-mib-06@tools.ietf.org, IESG IESG <iesg@ietf.org>
Subject: [secdir] Secdir review of draft-ietf-capwap-802dot11-mib-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2010 14:36:54 -0000
I reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document provides a MIB for CAPWAP. Section 3 defines terminology, but appears to have a number of statements about requirements. While not security related, it would be good to move requirement statements out of the terminology section. Section 5.1 contains suggestions for binding WLAN profiles to the access controller (AC). It also contains suggestions for how WLAN IDs can be assigned. These suggestions appear to be related to operation of the AC, and not directly affecting the MIB. Section 7 is a little unclear, but there appears to be no security issues there. Section 8 has some English issues: Suppose the WTP's base MAC address is '00:01:01:01:01:00'. Creates a WTP profile for it ... It's not clear what the second sentence means. There are a few sentences like " The operator could query ...". This should perhaps be " The operator can query ..." The Security Considerations section seems to have adequate text about SNMP security. The IANA considerations section needs a statement to update the MIB, which contains a reference to "RFC xxx" Alan DeKok.