Skip to main content

Exporting MIB Variables Using the IP Flow Information Export (IPFIX) Protocol
draft-ietf-ipfix-mib-variable-export-10

Yes

(Joel Jaeggli)

No Objection

(Alia Atlas)
(Alissa Cooper)
(Alvaro Retana)
(Barry Leiba)
(Brian Haberman)
(Deborah Brungard)
(Jari Arkko)
(Martin Stiemerling)
(Spencer Dawkins)
(Terry Manderson)

Recuse

(Benoît Claise)

Note: This ballot was opened for revision 09 and is now closed.

Joel Jaeggli Former IESG member
Yes
Yes (for -09) Unknown

                            
Alia Atlas Former IESG member
No Objection
No Objection (for -09) Unknown

                            
Alissa Cooper Former IESG member
No Objection
No Objection (for -09) Unknown

                            
Alvaro Retana Former IESG member
No Objection
No Objection (for -09) Unknown

                            
Barry Leiba Former IESG member
No Objection
No Objection (for -09) Unknown

                            
Ben Campbell Former IESG member
No Objection
No Objection (2015-11-18 for -09) Unknown
I notice the heading says "IPFIX Working Group" even though this is an individual submission. I am agnostic as to whether that is a problem, since I know this was in ipfix at one time.
Brian Haberman Former IESG member
No Objection
No Objection (for -09) Unknown

                            
Deborah Brungard Former IESG member
No Objection
No Objection (for -09) Unknown

                            
Jari Arkko Former IESG member
No Objection
No Objection (for -09) Unknown

                            
Kathleen Moriarty Former IESG member
No Objection
No Objection (2015-11-18 for -09) Unknown
I agree with the SecDir reviewers comments 
https://mailarchive.ietf.org/arch/msg/secdir/Yeux55VEHEWOxCX5mV-qWfn7eBE
and am following that discussion to see updated text that includes a reference for "existing SNMP rules" in the security considerations section:

Current text: "However if the exporter is a client of an SNMP engine on the same
   device it MUST abide by existing SNMP security rules."

or the suggested text in a response to that review:
> >      However, if the exporter is implemented as an SNMP manager
> >      accessing an SNMP agent, it MUST authenticate itself to the SNMP
> >      agent and the SNMP agent MUST enforce SNMP access control rules
> >      as it would for any other SNMP manager.

But if the wording in the follow on email is used, is there a reference that can be added for the IPFIX exporter security options in b?

a) The exporter acts as an SNMP manager retrieving data from an SNMP
   agent. In this case, the usual SNMP procedures concerning
   authentication and authorization apply

b) The exporter is generating or capturing the field values itself.
   In this case the IPFIX approach applies that the IPFIX exporter
   defines what is exported to whom.
Martin Stiemerling Former IESG member
No Objection
No Objection (for -09) Unknown

                            
Spencer Dawkins Former IESG member
No Objection
No Objection (for -09) Unknown

                            
Stephen Farrell Former IESG member
(was Discuss) No Objection
No Objection (2015-11-23) Unknown
Thanks for the speedy discuss resolution
Terry Manderson Former IESG member
No Objection
No Objection (for -09) Unknown

                            
Benoît Claise Former IESG member
Recuse
Recuse (for -09) Unknown