Protocol Action: SNMPv3 to Draft
The IESG <iesg-secretary@ietf.org> Mon, 08 March 1999 17:35 UTC
Received: by ietf.org (8.9.1a/8.9.1a) id MAA04158 for ietf-123-outbound.10@ietf.org; Mon, 8 Mar 1999 12:35:02 -0500 (EST)
Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA03610; Mon, 8 Mar 1999 12:19:44 -0500 (EST)
Message-Id: <199903081719.MAA03610@ietf.org>
To: IETF-Announce:;
Cc: RFC Editor <rfc-editor@isi.edu>
Cc: Internet Architecture Board <iab@isi.edu>
Cc: snmpv3@portal.gw.tislabs.com
From: The IESG <iesg-secretary@ietf.org>
Subject: Protocol Action: SNMPv3 to Draft
Date: Mon, 08 Mar 1999 12:19:44 -0500
Sender: scoya@ns.cnri.reston.va.us
The IESG has approved publication of the following Internet-Drafts as Draft Standards: o An Architecture for Describing SNMP Management Frameworks <draft-ietf-snmpv3-arch-05.txt>, replacing RFC2271 o Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) <draft-ietf-snmpv3-mpc-05.txt>, replacing RFC2272 o SNMPv3 Applications <draft-ietf-snmpv3-appl-v2-03.txt>, replacing RFC2273 o User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) <draft-ietf-snmpv3-usm-v2-05.txt>, replacing RFC2274 o View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP) <draft-ietf-snmpv3-vacm-04.txt>, replacing RFC2275 The IESG also approved publication Introduction to Version 3 of the Internet Standard Network Management Framework <draft-ietf-snmpv3-intro-04.txt> as an Informational RFC. These documents are the product of the SNMP Version 3 Working Group. The IESG contact persons are Bert Wijnen and Harald Alvestrand. Technical Summary The output of the SNMPv3 WG brings a number of enhancements to the Internet Standard for Network Management (STD xx) also known as SNMPv1: - Provides an architecture which defines a modular approach so that the SNMP protocol can evolve over time as needs for enhancements (e.g. new security algorithms) change. - Provides a Message Dispatching and Processing mechanism that allows for handling multiple versions of SNMP messages. - Provides a new SNMP version 3 Message format that provides for a secure exchange of SNMP messages between SNMP entities. - Provides a User-based Security Model which provides for authentication and privacy mechanisms. The model is based on the well know user-password (shared secret) paradigm. Authentication is provided using HMAC-MD5 or HMAC-SHA algorithms. Privacy is provided using DES in CBC mode. - Provides Access Control to management information using the View-based Access Control Model. This allows to grant or deny access to groups of users. - Describes a set of SNMP application types that provide the traditional SNMP agent and manager functionality. - Provides a set of MIBs that allow remote configuration of the SNMPv3 parameters for security, access control, notification fitering, notification destinations, proxy configuration. Working Group Summary Since the SNMPv3 documents were published as Proposed Standards, quite a number of implementations have emerged. As a result, many questions came up that required clarifications to the document set. There were also a number of WG members who would like to see a different Access Control mechanism, specifically the way that users are grouped together. However, rough consensus was reached that the current Access Control is good enough to go forward. The architecture allows for new Access Control models to be added if such is needed. During the WG last call period there were about 100 postings to the snmpv3 list. Of these, about 80 were related to the last call specifications and activities. There were no comments related to the intro document or the interoperability report. None of the last call related comments identified any major show stoppers with the specifications. The majority of the last call postings were related to clarification and usage interpretations. About one third of the last call related messages were related to notification filtering. This was a fairly extensive discussion but there were no fundamental flaws identified in the discussion. Rough consensus was reached that: 1) the wording of the current specifications permit more than one way to use these mechanisms 2) having multiple ways to use these 'tools' may be a good thing 3) this is not a reason to deny advancement. We believe that there is WG rough consensus for advancement of the specifications. Protocol Quality The document set has been reviewd for the IESG by Harald Alvestrand and Bert Wijnen. There are currently more than 10 implementations of this protocol and the related MIBs. Interoperability tests have been carried as well as live demonstrations at trade shows. See the implementation report at http://www.ietf.org/IESG/SNMPv3-implementation
- Protocol Action: SNMPv3 to Draft The IESG