Kathleen Moriarty has entered the following ballot position for draft-ietf-opsawg-coman-probstate-reqs-04: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: http://datatracker.ietf.org/doc/draft-ietf-opsawg-coman-probstate-reqs/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I have not had time to read the full draft, but do see a gap in the security requirements that I'd like to see if we can address. The section on access controls for management systems and devices reads as follows: Req-ID: 6.003 Title: Access control on management system and devices Description: Systems acting in a management role must provide an access control mechanism that allows the security administrator to restrict which devices can access the managing system (e.g., using an access control white list of known devices). On the other hand managed constrained devices must provide an access control mechanism that allows the security administrator to restrict how systems in a management role can access the device (e.g., no- access, read-only access, and read-write access). Source: Basic security requirement for use cases where access control is essential. The way I read this, there is no statement about general access protections to the device outside of what is designated by a security administrator. I would think a statement on access controls on the device would be very important in consideration of safety concerns that put a strong need for security on such devices (medical, environmental monitors, etc.). Are there additional access mechanisms to the device besides what is possible by the management connection? Could there be factory defaults in place with local access work-arounds or even wireless int he even that there are issues accessing devices from management stations? Do these cause security problems? Are there ports other than those for management open that could lead to security breaches? Or are these out-of-scope because the discussion is about management connections? If it's out-of-scope, it would be good to state that it is even though that would be a concern. Text on this should be added to the security considerations section as a general discussion if it's a concern, but not in scope, similar to what was done for privacy. _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg