Last Call Review of draft-ietf-eman-rfc4133bis-05
review-ietf-eman-rfc4133bis-05-secdir-lc-roca-2013-02-21-00

Request Review of draft-ietf-eman-rfc4133bis
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-02-19
Requested 2013-01-17
Authors Andy Bierman, Dan Romascanu, Juergen Quittek, Mouli Chandramouli
Draft last updated 2013-02-21
Completed reviews Genart Last Call review of -05 by Brian Carpenter (diff)
Genart Telechat review of -06 by Brian Carpenter
Secdir Last Call review of -05 by Vincent Roca (diff)
Assignment Reviewer Vincent Roca
State Completed
Review review-ietf-eman-rfc4133bis-05-secdir-lc-roca-2013-02-21
Reviewed rev. 05 (document currently at 06)
Review result Ready
Review completed: 2013-02-21

Review
review-ietf-eman-rfc4133bis-05-secdir-lc-roca-2013-02-21

Hello,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

--

This document is an update of RFC4311. It therefore inherits, updates
and improves the security considerations section of that RFC.
This section seems well written and accurate. I just have a small comment.

I see there's a wide range of techniques to secure communication with MIBs.
This document specifies a Mandatory To Implement solution (USM with AES),
mentions a SHOULD  support solution (security features of RFC3410), as well
as a MAY support approach (TSM with SSH/TLS).That's a lot.
I imagine there are good reasons (I don't know the SNMP/MIB domain) to do
that...


Cheers,

   Vincent