Last Call Review of draft-ietf-ipfix-information-model-rfc5102bis-09
review-ietf-ipfix-information-model-rfc5102bis-09-secdir-lc-laurie-2013-01-17-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Summary: this document is part of a series of documents describing the
protocol, and only deals with data elements. As such, most security
considerations are dealt with elsewhere. However, I note that whilst a
good deal of attention is paid to integrity and authentication of the
data in those other documents, as far as I can see nothing is said
about authentication of the requester, nor about access control. Given
that flow information is potentially quite sensitive, this is
surprising. The document itself seems OK, with nits.

Nits:

"3.1.14. string

   The type "string" represents a finite-length string of valid
   characters from the Unicode character encoding set
   [ISO.10646-1.1993].  Unicode allows for ASCII [ISO.646.1991] and many
   other international character sets to be used."

RFC 5610 says this is encoded using UTF-8. UTF-8 can have security
issues, e.g. sending a string with an incomplete UTF-8 encoded
character, which then swallows part of a following string, or causes
errors in parsers. Although this document may not be the right place
for it, it is unfortunate this potential problem is not mentioned.