Re: [TICTOC] Alissa Cooper's No Objection on draft-ietf-tictoc-ptp-mib-08: (with COMMENT)
Alissa Cooper <alissa@cooperw.in> Wed, 20 April 2016 22:57 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1C7012E7AA for <tictoc@ietfa.amsl.com>; Wed, 20 Apr 2016 15:57:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cooperw.in header.b=nqjmWaaI; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=ILLCxXuQ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NdeYDuhpgycs for <tictoc@ietfa.amsl.com>; Wed, 20 Apr 2016 15:57:27 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93AF412E796 for <tictoc@ietf.org>; Wed, 20 Apr 2016 15:57:27 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 292D021004 for <tictoc@ietf.org>; Wed, 20 Apr 2016 18:50:47 -0400 (EDT)
Received: from frontend2 ([10.202.2.161]) by compute1.internal (MEProxy); Wed, 20 Apr 2016 18:50:47 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=d1X/I n376IZz3wXAQRpXTIfRymY=; b=nqjmWaaIjatcWMtf+OXCb1G1FD4h8Sv5KLUY9 Itsd1LeguakQVZUKJJ/HJLHfROyaZCarTRbgJdkzPxdBOlToaG2xL1PXDvbdfajc u3pipVWKltiaKjvvIR/SP/S+x7Ub3TR3pKvvVXq8CrnESspt6m7odXkpicUZBazj 8q+t5w=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=smtpout; bh=d1X/In376IZz3wXAQRpXTIfRymY=; b=ILLCx XuQqQR0xjdzaeK2nN2N6CLGYQQcVKB9iriZmwNhm9CG/VYtFFBlCkwPjmqkmmYua gsjAHYfSZmX0RKnDRI/2rTi9I0meclie8JukwH+AednPlwwovQHwrRSQ2dh4Kj3o SjA54tjoM6U0uO24iF8kDjj0lylJl5gxlSarK0=
X-Sasl-enc: 3aPOUST7iULI28PgGGakMCCEIL2LAc+//FfC9CKID6+D 1461192646
Received: from dhcp-171-68-20-83.cisco.com (dhcp-171-68-20-83.cisco.com [171.68.20.83]) by mail.messagingengine.com (Postfix) with ESMTPA id 52B336801D1; Wed, 20 Apr 2016 18:50:46 -0400 (EDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_6CADB2B8-72C0-4B72-BE56-753D908ECB8A"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <60449605-8547-4b73-e3aa-0c17c2c0a25e@bogus.com>
Date: Wed, 20 Apr 2016 15:50:46 -0700
Message-Id: <0A8B7D71-8F40-420F-81B0-C1E109DD2D55@cooperw.in>
References: <20160419171216.31521.25135.idtracker@ietfa.amsl.com> <60449605-8547-4b73-e3aa-0c17c2c0a25e@bogus.com>
To: joel jaeggli <joelja@bogus.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tictoc/rzxFv6L7fgUZZsnS8E_7FdAxEfk>
Cc: draft-ietf-tictoc-ptp-mib@ietf.org, tictoc-chairs@ietf.org, kodonog@pobox.com, IESG <iesg@ietf.org>, tictoc@ietf.org
Subject: Re: [TICTOC] Alissa Cooper's No Objection on draft-ietf-tictoc-ptp-mib-08: (with COMMENT)
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tictoc/>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Apr 2016 22:57:29 -0000
> On Apr 19, 2016, at 1:23 PM, joel jaeggli <joelja@bogus.com> wrote: > > On 4/19/16 10:12 AM, Alissa Cooper wrote: >> Alissa Cooper has entered the following ballot position for >> draft-ietf-tictoc-ptp-mib-08: No Objection >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-tictoc-ptp-mib/ >> >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> (1) The ClockIdentity is described as being generated based on an EUI-64 >> address as described in IEEE 1588-2008 Section 7.5.2.2.2. But in IEEE >> 1588-2008, there are two different ways the clock identifier can be >> generated, the other being a non-EUI-64 address defined in 7.5.2.2.3. Why >> is that option left out of the ClockIdentity description? >> >> In general I was dismayed to see the re-use of EUI-64 for clock identity >> for the security and privacy drawbacks, since it's not particularly clear >> that re-using those identifiers is necessary here. But if such a fix is >> warranted this MIB is not the place to do it in any event. > > I don't see a whole lot wrong with using a mac address as an identifier > in a management system. 1588 speakers are frequently adjecent to each > other and almost always within the same management domain, Are you saying you don’t see a problem with not reflecting the mechanisms from 7.5.2.2.3 here? Or just generally that you don’t see a problem with using a MAC address as an identifier in this case? Alissa > >> (2) Looking at >> https://trac.tools.ietf.org/area/ops/trac/wiki/mib-security I recall that >> other MIB documents we've reviewed recently have listed out the specific >> tables/objects that may be considered vulnerable or sensitive, even if >> those objects are read-only. Why doesn't this document do that? I would >> think all of the clock identity objects would belong in that bucket at a >> minimum.
- [TICTOC] Alissa Cooper's No Objection on draft-ie… Alissa Cooper
- Re: [TICTOC] Alissa Cooper's No Objection on draf… Stephen Farrell
- Re: [TICTOC] Alissa Cooper's No Objection on draf… joel jaeggli
- Re: [TICTOC] Alissa Cooper's No Objection on draf… Alissa Cooper
- Re: [TICTOC] Alissa Cooper's No Objection on draf… joel jaeggli
- Re: [TICTOC] Alissa Cooper's No Objection on draf… Rodney Cummings
- Re: [TICTOC] Alissa Cooper's No Objection on draf… Tim Frost