Last Call Review of draft-ietf-ipfix-information-model-rfc5102bis-09
review-ietf-ipfix-information-model-rfc5102bis-09-secdir-lc-laurie-2013-01-17-00

Request Review of draft-ietf-ipfix-information-model-rfc5102bis
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-01-23
Requested 2013-01-10
Authors BenoƮt Claise, Brian Trammell
Draft last updated 2013-01-17
Completed reviews Genart Last Call review of -09 by Wassim Haddad (diff)
Secdir Last Call review of -09 by Ben Laurie (diff)
Assignment Reviewer Ben Laurie
State Completed
Review review-ietf-ipfix-information-model-rfc5102bis-09-secdir-lc-laurie-2013-01-17
Reviewed rev. 09 (document currently at 10)
Review result Has Nits
Review completed: 2013-01-17

Review
review-ietf-ipfix-information-model-rfc5102bis-09-secdir-lc-laurie-2013-01-17

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Summary: this document is part of a series of documents describing the
protocol, and only deals with data elements. As such, most security
considerations are dealt with elsewhere. However, I note that whilst a
good deal of attention is paid to integrity and authentication of the
data in those other documents, as far as I can see nothing is said
about authentication of the requester, nor about access control. Given
that flow information is potentially quite sensitive, this is
surprising. The document itself seems OK, with nits.

Nits:

"3.1.14. string

   The type "string" represents a finite-length string of valid
   characters from the Unicode character encoding set
   [ISO.10646-1.1993].  Unicode allows for ASCII [ISO.646.1991] and many
   other international character sets to be used."

RFC 5610 says this is encoded using UTF-8. UTF-8 can have security
issues, e.g. sending a string with an incomplete UTF-8 encoded
character, which then swallows part of a following string, or causes
errors in parsers. Although this document may not be the right place
for it, it is unfortunate this potential problem is not mentioned.