Re: [MIB-DOCTORS] Updates to the Guidelines of theSecurityConsiderations section of the MIB documents
"Romascanu, Dan (Dan)" <dromasca@avaya.com> Wed, 09 November 2011 13:21 UTC
Return-Path: <dromasca@avaya.com>
X-Original-To: mib-doctors@ietfa.amsl.com
Delivered-To: mib-doctors@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A798721F8AD1 for <mib-doctors@ietfa.amsl.com>; Wed, 9 Nov 2011 05:21:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.359
X-Spam-Level:
X-Spam-Status: No, score=-103.359 tagged_above=-999 required=5 tests=[AWL=0.240, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BkpXf1D27bst for <mib-doctors@ietfa.amsl.com>; Wed, 9 Nov 2011 05:21:41 -0800 (PST)
Received: from co300216-co-outbound.net.avaya.com (co300216-co-outbound.net.avaya.com [198.152.13.100]) by ietfa.amsl.com (Postfix) with ESMTP id E06DE21F8AA8 for <mib-doctors@ietf.org>; Wed, 9 Nov 2011 05:21:40 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AooDAOh9uk6HCzI1/2dsb2JhbABCmieKBIRLgSeBBYFyAQEBAQMBAQEPHgo0FwQCAQgNAwEEAQEBCgYMBwQBBgEmHwkIAQEEARIIGodonBWcLgSCVoZGYwSZeYwf
X-IronPort-AV: E=Sophos;i="4.69,484,1315195200"; d="scan'208";a="313616679"
Received: from unknown (HELO p-us1-erheast.us1.avaya.com) ([135.11.50.53]) by co300216-co-outbound.net.avaya.com with ESMTP; 09 Nov 2011 08:21:39 -0500
Received: from unknown (HELO 307622ANEX5.global.avaya.com) ([135.64.140.14]) by p-us1-erheast-out.us1.avaya.com with ESMTP; 09 Nov 2011 08:10:37 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 09 Nov 2011 14:21:37 +0100
Message-ID: <EDC652A26FB23C4EB6384A4584434A0404E02C22@307622ANEX5.global.avaya.com>
In-Reply-To: <4EB9A16A.3050503@ieca.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
thread-topic: [MIB-DOCTORS] Updates to the Guidelines of theSecurityConsiderations section of the MIB documents
thread-index: AcyeX4gHNccuM5j+Tj6jM7aToSMhiAAfuXEA
References: <4E8CA1F8.5040807@ieca.com> <20111005201335.GA48603@elstar.local><4E8CCCB5.9090501@ieca.com><EDC652A26FB23C4EB6384A4584434A0403BE90B0@307622ANEX5.global.avaya.com><4E8D7F85.6070106@ieca.com><EDC652A26FB23C4EB6384A4584434A04048EE355@307622ANEX5.global.avaya.com><002401cc9d7d$d97ca840$6b01a8c0@oemcomputer><EDC652A26FB23C4EB6384A4584434A0404E0274D@307622ANEX5.global.avaya.com><20111108102357.GA2559@elstar.local><001701cc9e35$bc4203c0$6b01a8c0@oemcomputer> <4EB9A16A.3050503@ieca.com>
From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
To: Sean Turner <turners@ieca.com>, mib-doctors@ietf.org
Subject: Re: [MIB-DOCTORS] Updates to the Guidelines of theSecurityConsiderations section of the MIB documents
X-BeenThere: mib-doctors@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: MIB Doctors list <mib-doctors.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mib-doctors>, <mailto:mib-doctors-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mib-doctors>
List-Post: <mailto:mib-doctors@ietf.org>
List-Help: <mailto:mib-doctors-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mib-doctors>, <mailto:mib-doctors-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2011 13:21:41 -0000
I think that we can declare consensus on the proposed change. We also need to add the following Informative References: [RFC3414] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 3414, December 2002. [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model", RFC 3826, June 2004. [RFC5591] Harrington, D., and W. Hardaker, "Transport Security Model for the Simple Network Management Protocol (SNMP)", June 2009. [RFC5592] Harrington, D., Saloway, J., and W. Hardaker, "Secure Shell Transport Model for the Simple Network Management Protocol (SNMP)", June 2009. [RFC6353] W. Hardaker, "Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)", July 2011. Dan ------------------------------------------------------------------------ -------- > -----Original Message----- > From: mib-doctors-bounces@ietf.org [mailto:mib-doctors- > bounces@ietf.org] On Behalf Of Sean Turner > Sent: Tuesday, November 08, 2011 11:39 PM > To: mib-doctors@ietf.org > Subject: Re: [MIB-DOCTORS] Updates to the Guidelines of > theSecurityConsiderations section of the MIB documents > > On 11/8/11 11:44 AM, Randy Presuhn wrote: > > Hi - > > > >> From: "Juergen Schoenwaelder"<j.schoenwaelder@jacobs-university.de> > >> To: "Romascanu, Dan (Dan)"<dromasca@avaya.com> > >> Cc: "Randy Presuhn"<randy_presuhn@mindspring.com>;<mib- > doctors@ietf.org> > >> Sent: Tuesday, November 08, 2011 2:23 AM > >> Subject: Re: [MIB-DOCTORS] Updates to the Guidelines of > theSecurityConsiderations section of the MIB documents > > ... > >> Do we also remove the 'even then,' from the previous paragraph? Can > we > >> also drop some of the 'at a minimum' phrases from the text suggested > >> by Randy? And why do we refer to section 8 of RFC 3410, which talks > >> about standardization status and movement of SNMPv1 to historic? So > >> summing up, I have: > >> > >> OLD > >> > >> SNMP versions prior to SNMPv3 did not include adequate security. > >> Even if the network itself is secure (for example by using > IPsec), > >> even then, there is no control as to who on the secure network > is > >> allowed to access and GET/SET (read/change/create/delete) the > objects > >> in this MIB module. > >> > >> It is RECOMMENDED that implementers consider the security > features as > >> provided by the SNMPv3 framework (see [RFC3410], section 8), > >> including full support for the SNMPv3 cryptographic mechanisms > (for > >> authentication and privacy). > >> > >> NEW > >> > >> SNMP versions prior to SNMPv3 did not include adequate security. > >> Even if the network itself is secure (for example by using > IPsec), > >> there is no control as to who on the secure network is > >> allowed to access and GET/SET (read/change/create/delete) the > objects > >> in this MIB module. > >> > >> Implementations MUST provide the security features described by > the > >> SNMPv3 framework (see [RFC3410]), including full support for > >> authentication and privacy via the User-based Security Model > (USM) > >> [RFC3414] with the AES cipher algorithm [RFC3826]. > Implementations > >> MAY also provide support for the Transport Security Model (TSM) > >> [RFC5591] in combination with a secure transport such as SSH > >> [RFC5592] or TLS/DTLS [RFC6353]. > >> > >> (I am not sure "described by" is the best wording but I happily > leave > >> it to native speakers to figure this out.) > > > > Juergen's proposed text looks good to me. (Definitely better than > what > > I sent out.) > > +1 > > spt > _______________________________________________ > MIB-DOCTORS mailing list > MIB-DOCTORS@ietf.org > https://www.ietf.org/mailman/listinfo/mib-doctors
- [MIB-DOCTORS] Updates to the Guidelines of the Se… Sean Turner
- Re: [MIB-DOCTORS] Updates to the Guidelines of th… Randy Presuhn
- Re: [MIB-DOCTORS] Updates to the Guidelines of th… Juergen Schoenwaelder
- Re: [MIB-DOCTORS] Updates to the Guidelines of th… Sean Turner
- Re: [MIB-DOCTORS] Updates to the Guidelines of th… Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] Updates to the Guidelines of th… Sean Turner
- Re: [MIB-DOCTORS] Updates to the Guidelines of th… Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] Updates to the Guidelines of th… Bert Wijnen (IETF)
- Re: [MIB-DOCTORS] Updates to the Guidelines of th… Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] Updates to the Guidelines of th… Bert Wijnen (IETF)
- Re: [MIB-DOCTORS] Updates to the Guidelines of th… Randy Presuhn
- Re: [MIB-DOCTORS] Updates to the Guidelines of th… Romascanu, Dan (Dan)
- Re: [MIB-DOCTORS] Updates to the Guidelines of th… Juergen Schoenwaelder
- Re: [MIB-DOCTORS] Updates to the Guidelines of th… Bert Wijnen (IETF)
- Re: [MIB-DOCTORS] Updates to the Guidelines of th… Randy Presuhn
- Re: [MIB-DOCTORS] Updates to the Guidelines of th… Sean Turner
- Re: [MIB-DOCTORS] Updates to the Guidelines of th… Romascanu, Dan (Dan)