Definitions of Managed Objects for Network Address Translators (NATs)
draft-perrault-behave-natv2-mib-05

[Ballot comment]
In the Security Considerations section, you have the following 2 tables called out for the possibility of revealing host information (both a security and possible privacy concern):
      *  entries in the natv2AddressMapTable;
      *  entries in the natv2PortMapTable.

Why are the 3.3.3 subscriber table and the 3.3.4 Individual NAT instances included in this list?

The text should also mention that there could be privacy concerns as well if this information were accessible.  The protections already included cover both security and privacy already.

Thank you for addressing the SecDir review:
http://www.ietf.org/mail-archive/web/secdir/current/msg05651.html

[Ballot comment]
No objection to the publication of this document, but the Security Considerations boilerplate at http://trac.tools.ietf.org/area/ops/trac/wiki/mib-security has been changed a few months ago. Please update it before publication.

There is a compilation warning related to InetAddress and InetAdressType
The MIB doctors have been engaged, and the authors copied. Email subject = InetAddress and InetAdressType (draft-perrault-behave-natv2-mib-04 compilation).
Let's follow the MIB doctors advice on this one.

1. Summary

  The responsible Area Director is Spencer Dawkins, who is also
  acting as document shepherd.

  This memo defines a portion of the Management Information Base (MIB)
  for devices implementing the Network Address Translator (NAT)
  function.  The new MIB module defined in this document, NATV2-MIB, is
  intended to replace module NAT-MIB (RFC 4008).  NATV2-MIB is not
  backwards compatible with NAT-MIB, for reasons given in the text of
  this document.  A companion document deprecates all objects in NAT-
  MIB.  NATV2-MIB can be used for monitoring of NAT instances on a
  device capable of NAT function.  Compliance levels are defined for
  three application scenarios: basic NAT, pooled NAT, and carrier-grade
  NAT (CGN).

2. Review and Consensus

  For much of its life, this work existed as draft-ietf-behave-nat-mib in
  the BEHAVE working group. It became an AD-sponsored draft when BEHAVE
  was concluded. As a working group draft, it was not controversial,
  and much of the focus of discussion was between the authors of this
  draft, an IPFIX NAT management document, and a SYSLOG NAT management
  document, working to make sure each NAT management tool provided
  equivalent functionality, to the extent possible.
 
  The biggest decisions were whether to modify the v1 NAT MIB, or to
  replace it (they replaced it), and whether to replace the v1 NAT MIB
  and define the v2 NAT MIB in the same document, or in two documents
  (they chose two documents, at Dave Harrington's suggestion).
 
  While the work was still draft-ietf-behave-nat-mib, Dave Thaler did
  a detailed chair review and provided comments, most of which were
  minor ("no RFC 2119 boilerplate, and it's needed", etc.)
 
  David Harrington also provided a detailed review from a MIB-doctor
  perspective for draft-ietf-behave-nat-mib, and continued to work
  closely with the authors after the work became
  draft-perrault-behave-natv2-mib to help them resolve issues he raised.

3. Intellectual Property

  Each author has confirmed conformance with BCP 78/79. There are no IPR
  disclosures on the document.

4. Other Points

  This draft is tied to draft-perrault-behave-deprecate-nat-mib-v1.
  This draft defines nat-mib-v2, and the other deprecates nat-mib-v1.

Notification list changed to tina.tsou.zouting@huawei.com, draft-perrault-behave-natv2-mib@ietf.org, sperreault@jive.com, ssenthil@cisco.com, tom.taylor.stds@gmail.com, draft-perrault-behave-natv2-mib.ad@ietf.org, "Spencer Dawkins" <spencerdawkins.ietf@gmail.com> from tina.tsou.zouting@huawei.com, draft-perrault-behave-natv2-mib@ietf.org, sperreault@jive.com, ssenthil@cisco.com, tom.taylor.stds@gmail.com, draft-perrault-behave-natv2-mib.ad@ietf.org

IESG/Authors:

IANA has reviewed draft-perrault-behave-natv2-mib-03.  Authors should review the comments and/or questions below.  Please report any inaccuracies and respond to any questions as soon as possible.

We received the following comments/questions from the IANA's reviewer:

IANA understands that, upon approval of this document, there is a single action which IANA must complete.

In the SMI Network Management MGMT Codes Internet-standard MIBsubregistry
of the Network Management Parameters registry located at:

http://www.iana.org/assignments/smi-numbers

a new MIB will be registered as follows:

Decimal: [ TBD by IANA at time of registration ]
Name: natv2MIB
Description: NATV2-MIB
References: [ RFC-to-be ]

IANA understands this to be the only action required of IANA upon
approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed.

The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Definitions of Managed Objects for Network Address Translators (NAT)) to Proposed Standard


The IESG has received a request from an individual submitter to consider
the following document:
- 'Definitions of Managed Objects for Network Address Translators (NAT)'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2015-04-29. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This memo defines a portion of the Management Information Base (MIB)
  for devices implementing the Network Address Translator (NAT)
  function.  The new MIB module defined in this document, NATV2-MIB, is
  intended to replace module NAT-MIB (RFC 4008).  NATV2-MIB is not
  backwards compatible with NAT-MIB, for reasons given in the text of
  this document.  A companion document deprecates all objects in NAT-
  MIB.  NATV2-MIB can be used for monitoring of NAT instances on a
  device capable of NAT function.  Compliance levels are defined for
  three application scenarios: basic NAT, pooled NAT, and carrier-grade
  NAT (CGN).




The file can be obtained via
http://datatracker.ietf.org/doc/draft-perrault-behave-natv2-mib/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-perrault-behave-natv2-mib/ballot/


No IPR declarations have been submitted directly on this I-D.

Notification list changed to tina.tsou.zouting@huawei.com, draft-perrault-behave-natv2-mib@ietf.org, sperreault@jive.com, ssenthil@cisco.com, tom.taylor.stds@gmail.com, draft-perrault-behave-natv2-mib.ad@ietf.org from tina.tsou.zouting@huawei.com, draft-perrault-behave-natv2-mib@ietf.org, draft-perrault-behave-natv2-mib.shepherd@ietf.org, sperreault@jive.com, ssenthil@cisco.com, tom.taylor.stds@gmail.com, draft-perrault-behave-natv2-mib.ad@ietf.org