Last Call Review of draft-ietf-lisp-mib-08
review-ietf-lisp-mib-08-secdir-lc-kumari-2013-06-27-00
| Request | Review of | draft-ietf-lisp-mib |
|---|---|---|
| Requested revision | No specific revision (document currently at 13) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2013-07-09 | |
| Requested | 2013-01-10 | |
| Authors | Gregg Schudel , Amit Jain , Victor Moreno | |
| I-D last updated | 2013-06-27 | |
| Completed reviews |
Genart Last Call review of -08
by Miguel Angel García
(diff)
Genart Telechat review of -11 by Suresh Krishnan (diff) Secdir Last Call review of -08 by Warren "Ace" Kumari (diff) |
|
| Assignment | Reviewer | Warren "Ace" Kumari |
| State | Completed | |
| Request | Last Call review on draft-ietf-lisp-mib by Security Area Directorate Assigned | |
| Reviewed revision | 08 (document currently at 13) | |
| Result | Has nits | |
| Completed | 2013-06-27 |
review-ietf-lisp-mib-08-secdir-lc-kumari-2013-06-27-00
Be ye not afraid…. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft defines a MIB for monitoring LISP devices. This set off the standard "Nooooo… SNMP Write… Noooo…." alarm bells, but then I skipped down to the Security Considerations section and saw that authors had anticipated my shrieks of despair and that the draft says that there are no read-write / read-create objects. The Security Considerations section seems well written and complete. It makes a suggestion that SNMPv3, with crypto goodness, be used to access this MIB. It also claims that there is no exposed objects in the MIB that are considered sensitive. I don't LISP, and so don't know what all might be considered sensitive, but from reading most of the descriptions, and applying some common-sense the claim seems reasonable. ----------- Two questions / nits: 1: The DESCRIPTION for 'lispMIBTuningParametersGroup' says: "A collection of writeable objects used to…" but these seem Read-only. It is possible I misunderstand the description. 2: The Security Considerations section points out that SNMP prior to V3 doesn't have adequate security, and that there is no control who can GET/**SET** things (emphasis mine). I suspect that this was lifted verbatim from e.g http://tools.ietf.org/html/rfc5834 . As there is no set / write in this MIB I think that removing the mention of setting things would be clearer. s/to access and GET/SET (read/change/create/delete) the objects/to access the objects/ Apologies for how late this review is. I was filtering the SecDir assignments into an incorrect folder and so missed it completely. W -- Some people are like Slinkies......Not really good for anything but they still bring a smile to your face when you push them down the stairs.