[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Security Considerations for writeable objects (was: RE: Pls review documents on IESG Agenda for December 1, 200)5
- To: "C. M. Heard" <heard@pobox.com>, "Mreview \(E-mail\)" <mreview@ops.ietf.org>
- Subject: Security Considerations for writeable objects (was: RE: Pls review documents on IESG Agenda for December 1, 200)5
- From: "Romascanu, Dan \(Dan\)" <dromasca@avaya.com>
- Date: Sun, 27 Nov 2005 11:35:05 +0200
> -----Original Message-----
> From: owner-mreview@ops.ietf.org
> [mailto:owner-mreview@ops.ietf.org] On Behalf Of C. M. Heard
> > o draft-ietf-isis-wg-mib-24.txt
> > Management Information Base for IS-IS (Proposed
> Standard) - 20 of 22
> > Token: Alex Zinin
>
> I did the MIB Doctor review for this doc and I am satisfied
> with it. I see come comments from a GenArt in the tracker.
> I agree with those on Section 2 and disagree with those on
> Section 7. The reason I disagree is that complying with the
> comment would require listing all writeable objects in the
> MIB module, and it should be sufficient to say "all writeable
> attributes have the potential to disrupt network operations
> if improperly modified" as the doc now does.
>
I am a little surprised by this comment from Mike, and I think that I
would disagree.
We are telling explicitly MIB writers at
http://www.ops.ietf.org/mib-security.html:
-- if you have any read-write and/or read-create objects, please
-- describe their specific sensitivity or vulnerability.
-- RFC 2669 has a very good example.
I am opposed to replace this by another blanket generic text. Different
objects bear different threats in disrupting network operations if
improperly modified, and I believe that it is important for the MIB
documents to specifically and explicitly list those.
Regards,
Dan