Re: [sidr] I-D Action: draft-ietf-sidr-rpki-rtr-protocol-mib-03.txt
Sean Turner <turners@ieca.com> Wed, 28 November 2012 15:51 UTC
Return-Path: <turners@ieca.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E99821F8869 for <sidr@ietfa.amsl.com>; Wed, 28 Nov 2012 07:51:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.239
X-Spam-Level:
X-Spam-Status: No, score=-102.239 tagged_above=-999 required=5 tests=[AWL=0.026, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I6U6OylLBsi9 for <sidr@ietfa.amsl.com>; Wed, 28 Nov 2012 07:51:14 -0800 (PST)
Received: from gateway01.websitewelcome.com (gateway01.websitewelcome.com [69.56.212.19]) by ietfa.amsl.com (Postfix) with ESMTP id 0E67221F849F for <sidr@ietf.org>; Wed, 28 Nov 2012 07:51:14 -0800 (PST)
Received: by gateway01.websitewelcome.com (Postfix, from userid 5007) id 7B73B9356F20F; Wed, 28 Nov 2012 09:51:13 -0600 (CST)
Received: from gator1743.hostgator.com (gator1743.hostgator.com [184.173.253.227]) by gateway01.websitewelcome.com (Postfix) with ESMTP id 5ED8D9356F193 for <sidr@ietf.org>; Wed, 28 Nov 2012 09:51:13 -0600 (CST)
Received: from [108.45.19.185] (port=64793 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80) (envelope-from <turners@ieca.com>) id 1Tdjur-0000JE-2X for sidr@ietf.org; Wed, 28 Nov 2012 09:51:13 -0600
Message-ID: <50B632F0.8080006@ieca.com>
Date: Wed, 28 Nov 2012 10:51:12 -0500
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:16.0) Gecko/20121026 Thunderbird/16.0.2
MIME-Version: 1.0
To: sidr@ietf.org
References: <20121128141134.29910.77561.idtracker@ietfa.amsl.com>
In-Reply-To: <20121128141134.29910.77561.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator1743.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (thunderfish.local) [108.45.19.185]:64793
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 5
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20=
Subject: Re: [sidr] I-D Action: draft-ietf-sidr-rpki-rtr-protocol-mib-03.txt
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Nov 2012 15:51:14 -0000
The MIB doctors approved a change to MIB security considerations: https://www.ietf.org/mail-archive/web/mib-doctors/current/msg01369.html change here: https://www.ietf.org/mail-archive/web/mib-doctors/current/msg01368.html Need to make the following change in the security considerations: OLD SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). NEW SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. Implementations MUST provide the security features described by the SNMPv3 framework (see [RFC3410]), including full support for authentication and privacy via the User-based Security Model (USM) [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations MAY also provide support for the Transport Security Model (TSM) [RFC5591] in combination with a secure transport such as SSH [RFC5592] or TLS/DTLS [RFC6353]. and add some new informative references: [RFC3414] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 3414, December 2002. [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model", RFC 3826, June 2004. [RFC5591] Harrington, D., and W. Hardaker, "Transport Security Model for the Simple Network Management Protocol (SNMP)", June 2009. [RFC5592] Harrington, D., Saloway, J., and W. Hardaker, "Secure Shell Transport Model for the Simple Network Management Protocol (SNMP)", June 2009. [RFC6353] W. Hardaker, "Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)", July 2011. spt
- [sidr] I-D Action: draft-ietf-sidr-rpki-rtr-proto… internet-drafts
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-rtr-p… Sean Turner
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-rtr-p… Bert Wijnen (IETF)
- Re: [sidr] I-D Action: draft-ietf-sidr-rpki-rtr-p… Randy Bush