Last Call Review of draft-ietf-ipfix-psamp-mib-
review-ietf-ipfix-psamp-mib-secdir-lc-kumari-2011-06-17-00

Request Review of draft-ietf-ipfix-psamp-mib
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2011-06-15
Requested 2011-06-01
Other Reviews
Review State Completed
Reviewer Warren Kumari
Review review-ietf-ipfix-psamp-mib-secdir-lc-kumari-2011-06-17
Posted at http://www.ietf.org/mail-archive/web/secdir/current/msg02713.html
Draft last updated 2011-06-17
Review completed: 2011-06-17

Review
review-ietf-ipfix-psamp-mib-secdir-lc-kumari-2011-06-17

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.

This document describes an extension to the IPFIX MIB module to support PSAMP (sampled) implementations.

The Security Considerations section is present and well written. There are no R/W objects and so the primary concern is disclosure of device / configuration information. The draft provides good suggestions to limit this (e.g. IPSec, SNMPv3)  -- these same concerns (and mitigations) exist for other MIBs. While the information in this MIB *could* be valuable to an attacker (to allow him try avoid having *his* packets sampled) I think that other MIBs would be a much larger target.

I did not check the MIB itself for syntax, lint, etc.

W