I think that what Jürgen intended was that the paragraph following the one with the trailing colon is supposed to replace the list from the boilerplate (Jürgen, correct me if I am wrong). It's not a list of concrete objects and tables, but a general description of which objects may be considered sensitive. My suggestion would be to either rephrase the last sentence of the first paragraph to make that clearer (and thereby to deviate from the boilerplate) or to change the second paragraph into an actual list of objects. Does that make sense?
Regards Ulrich On Tue, Aug 12, 2014 at 3:15 PM, Martin Thomson <[email protected]> wrote: > I was more concerned about the potential absence of content implied by the > trailing colon. I'm sure that you have it in hand. > > On Aug 12, 2014 1:04 AM, "Juergen Schoenwaelder" > <[email protected]> wrote: >> >> Martin, >> >> thanks for the review. The first paragraph in the security >> considerations is following the security boilerplate for MIB modules >> that is posted here: >> >> http://trac.tools.ietf.org/area/ops/trac/wiki/mib-security >> >> It seems I am actually missing this introductory paragraph: >> >> There are no management objects defined in this MIB module that have >> a MAX-ACCESS clause of read-write and/or read-create. So, if this >> MIB module is implemented correctly, then there is no risk that an >> intruder can alter or create any management objects of this MIB >> module via direct SNMP SET operations. >> >> In general, I prefer to not change the boilerplate. Suggestions for >> boilerplate changes should be sent to the responsible AD (Benoit >> Claise) I think. >> >> /js >> >> On Mon, Aug 11, 2014 at 03:41:36PM -0700, Martin Thomson wrote: >> > I am the assigned Gen-ART reviewer for this draft. For background on >> > Gen-ART, please see the FAQ at >> > >> > <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. >> > >> > Please resolve these comments along with any other Last Call comments >> > you may receive. >> > >> > Document:draft-ietf-6lo-lowpan-mib-03 >> > Reviewer: Martin Thomson >> > Review Date: 2014-08-11 >> > IETF LC End Date: 2014-06-22 >> > IESG Telechat date: (if known) >> > >> > Summary: Ready. >> > >> > Nits/editorial comments: >> > >> > Looks like the first paragraph of the Security Considerations was left >> > hanging. I looked and this sentence is a little confusing, since all >> > the MAX-ACCESS attributes are the same. >> > >> > I'm not sure that this is something that would concern me either. >> > Sure, SNMP provides an attacker a great feedback loop if they want to >> > learn what is going on, but that is something you trade off against >> > things like being able to do things like maintenance and all that >> > necessary stuff. >> >> -- >> Juergen Schoenwaelder Jacobs University Bremen gGmbH >> Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany >> Fax: +49 421 200 3103 <http://www.jacobs-university.de/> _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
