Last Call Review of draft-ietf-ipfix-psamp-mib-
review-ietf-ipfix-psamp-mib-secdir-lc-kumari-2011-06-17-00
| Request | Review of | draft-ietf-ipfix-psamp-mib |
|---|---|---|
| Requested revision | No specific revision (document currently at 06) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2011-06-15 | |
| Requested | 2011-06-01 | |
| Authors | Thomas Dietz , Benoît Claise , Juergen Quittek | |
| I-D last updated | 2011-06-17 | |
| Completed reviews |
Secdir Last Call review of -??
by Warren "Ace" Kumari
|
|
| Assignment | Reviewer | Warren "Ace" Kumari |
| State | Completed | |
| Request | Last Call review on draft-ietf-ipfix-psamp-mib by Security Area Directorate Assigned | |
| Completed | 2011-06-17 |
review-ietf-ipfix-psamp-mib-secdir-lc-kumari-2011-06-17-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes an extension to the IPFIX MIB module to support PSAMP (sampled) implementations. The Security Considerations section is present and well written. There are no R/W objects and so the primary concern is disclosure of device / configuration information. The draft provides good suggestions to limit this (e.g. IPSec, SNMPv3) -- these same concerns (and mitigations) exist for other MIBs. While the information in this MIB *could* be valuable to an attacker (to allow him try avoid having *his* packets sampled) I think that other MIBs would be a much larger target. I did not check the MIB itself for syntax, lint, etc. W