Last Call Review of draft-ietf-l2vpn-vpls-mib-14

Request Review of draft-ietf-l2vpn-vpls-mib
Requested rev. no specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2014-02-14
Requested 2014-02-06
Authors Thomas Nadeau, Kiran Koushik, Rohit Mediratta
Draft last updated 2014-02-19
Completed reviews Genart Last Call review of -14 by Meral Shirazipour (diff)
Genart Telechat review of -14 by Meral Shirazipour (diff)
Secdir Last Call review of -14 by Alexey Melnikov (diff)
Opsdir Last Call review of -14 by Sarah Banks (diff)
Assignment Reviewer Alexey Melnikov
State Completed
Review review-ietf-l2vpn-vpls-mib-14-secdir-lc-melnikov-2014-02-19
Reviewed rev. 14 (document currently at 15)
Review result Has Nits
Review completed: 2014-02-19


I have reviewed this document as part of the security directorate's 

ongoing effort to review all IETF documents being processed by the IESG. 

These comments were written primarily for the benefit of the security 

area directors.  Document editors and working group chairs should treat 

these comments just like any other last call comments.

This document describes managed objects for configuring and/or 

monitoring Virtual Private LAN services, including LDP and BGP extensions.

The document says that information in 3 defined MIB modules is not 

sensitive and thus not really worth protecting from passive monitoring. 

I doubt a bit this claim, as it seems that observing  information from 

the MIB tables can help an attacker to mount other types of attacks on a 

particular VPLS.

It also looks like gaining write access can enable Denial-of-Service 

attack on the monitoring system itself and/or on the underlying 


I also agree with Benoit Claise's DISCUSS that the document should 

follow the recommended MIB-security template:

Other than that, I have no security concerns in regards to this document.