Last Call Review of draft-ietf-capwap-802dot11-mib-
review-ietf-capwap-802dot11-mib-secdir-lc-dekok-2010-02-02-00

Request Review of draft-ietf-capwap-802dot11-mib
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2010-02-02
Requested 2009-12-03
Authors David Perkins, Chris Elliott, Yong Zhang, Yang Shi
Draft last updated 2010-02-02
Completed reviews Secdir Last Call review of -?? by Alan DeKok
Assignment Reviewer Alan DeKok 
State Completed
Review review-ietf-capwap-802dot11-mib-secdir-lc-dekok-2010-02-02
Review completed: 2010-02-02

Review
review-ietf-capwap-802dot11-mib-secdir-lc-dekok-2010-02-02

  I reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments
just like any other last call comments.

  This document provides a MIB for CAPWAP.

  Section 3 defines terminology, but appears to have a number of
statements about requirements.  While not security related, it would be
good to move requirement statements out of the terminology section.

  Section 5.1 contains suggestions for binding WLAN profiles to the
access controller (AC).  It also contains suggestions for how WLAN IDs
can be assigned.  These suggestions appear to be related to operation of
the AC, and not directly affecting the MIB.

  Section 7 is a little unclear, but there appears to be no security
issues there.

  Section 8 has some English issues:

   Suppose the WTP's base MAC address is '00:01:01:01:01:00'.  Creates a
   WTP profile for it ...

  It's not clear what the second sentence means.

  There are a few sentences like " The operator could query ...".  This
should perhaps be " The operator can query ..."

  The Security Considerations section seems to have adequate text about
SNMP security.

  The IANA considerations section needs a statement to update the MIB,
which contains a reference to "RFC xxx"

  Alan DeKok.